nixbld: enable apparmor

This doesn't do much for now and apparmor support needs some work, but this enables the
kernel boot options so we can fix apparmor later without having to reboot the server.

nixbld-etc-nixos/configuration.nix

@@ -23,6 +23,8 @@ in
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  security.apparmor.enable = true;
+
   networking = {
     hostName = "nixbld";
     firewall = {