patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

WIP: reenable usbguard !!! Possibly broken

Browse source
This commit is contained in:
Patrick Großmann 2023-10-17 21:51:49 +02:00
parent f24c21b787
commit 1715f33f53
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
8 changed files with 22 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/config/default.nix
View file

@ -10,7 +10,7 @@
./ssh.nix ./ssh.nix
./system.nix ./system.nix
./xdg.nix ./xdg.nix
#./usbguard ./usbguard.nix
../../users/root ../../users/root

7
modules/config/usbguard.nix Normal file
View file

@ -0,0 +1,7 @@
{config, ...}: {
agenix.secrets.usbguard.rekeyFile = ../../secrets/usbguard.rules.age;
services.usbguard = {
rules = builtins.readFile config.age.secrets.usbguard.path;
enable = true;
};
}

6
modules/config/usbguard/default.nix
View file

@ -1,6 +0,0 @@
{
services.usbguard = {
rules = builtins.readFile ./rules.rules;
enable = true;
};
}

18
modules/config/usbguard/rules.rules
View file

@ -1,18 +0,0 @@
allow id 046d:0893 serial "6DD0C605" name "Logitech StreamCam" hash "/aR2Emikr/GHtaHc064MiPF5wJN8l4GvBKkQjpkofz8=" with-interface { 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 01:02:00 ff:ff:00 03:00:00 }
allow id 19f7:0003 serial "" name "RODE NT-USB" hash "1xrmi3l5Z/NuY33kzCFehCT+3IycT8xdHCIeDw5IFeQ=" with-interface { 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 03:00:00 }
allow id 1050:0407 serial "" name "YubiKey OTP+FIDO+CCID" hash "Q+A8QQReKclmBSaDIYja0w4Bx6ld2IU6wF7HFKdtJ3Q=" with-interface { 03:01:01 03:00:00 0b:00:00 }
allow id 0fd9:0060 serial "AL31H1B01852" name "Stream Deck" hash "iEklGuteHgV0NQqrqJUtjRZP+U/TjqlpZ57qiHG4jzE=" with-interface 03:00:00
allow id 28bd:0075 serial "" name "G430S" hash "gQb86Xi+ev+qpobH93Lk9mQfXlZ6IWzYMVvwwjXMfGo=" with-interface { 03:01:02 03:01:02 03:00:00 }
allow id 0b95:6801 serial "00000002" name "AX68002" hash "bu444EGndlyLkGaXB7RotBGCdpiJzLSpi5cz3g00tsY=" with-interface { 03:01:01 03:01:02 03:01:02 }
allow id 0951:16b7 serial "" name "HyperX Alloy FPS Mechanical Gaming Keyboard" hash "K6ejqPmRbXIugkpv2/6Zxm4KwjftJBApzlDE+YELiqM=" with-interface { 03:01:01 03:01:02 03:01:00 }
allow id 046d:c534 serial "" name "USB Receiver" hash "2Tmol95c6dv//0RiOpMlUD2f72+S/vuJuIfLIZ2rNXc=" with-interface { 03:01:01 03:01:02 }
allow id 046d:c539 serial "" name "USB Receiver" hash "h5tO4bdFoMAsoal6HTa8yXCasmsW1tdRZKf1yIQFDgE=" with-interface { 03:01:01 03:01:02 03:00:00 }
allow id 28de:2400 serial "00000001" name "3D Camera" hash "9/MSYNlECtJw4EAd4mI5si/gcDJ3tWHgCEvMxl9DQQw=" with-interface { 0e:01:00 0e:02:00 }
allow id 28de:2300 serial "LHR-64CBB640" name "Index HMD" hash "E1km0vmcOdKrMZ0GttZHH9U/V1V/ynGVL7eYRXw8/Fg=" with-interface { 03:00:00 03:00:00 03:00:00 }
allow id 28de:2102 serial "0C879D3C66-RYB" name "Valve VR Radio" hash "24Uu6UvmnVtn+VtqfZdVf916jVdl7rBn0FLbtLj4VxY=" with-interface { 03:00:00 02:02:00 0a:00:00 }
allow id 28de:2102 serial "08829178E1-LYM" name "Valve VR Radio & HMD Mic" hash "7IhwRpCk0Y0wjSo2xdBTwkywfg2jcb94pdDwtsPgbQU=" with-interface { 03:00:00 01:01:00 01:02:00 01:02:00 }
llow id *:* with-interface one-of { 09:*:* }

1
pkgs/default.nix
View file

@ -1,4 +1,5 @@
[ [
(import ./scripts)
(_self: super: { (_self: super: {
zsh-histdb-skim = super.callPackage ./zsh-histdb-skim.nix {}; zsh-histdb-skim = super.callPackage ./zsh-histdb-skim.nix {};
zsh-histdb = super.callPackage ./zsh-histdb.nix {}; zsh-histdb = super.callPackage ./zsh-histdb.nix {};

5
pkgs/scripts/default.nix Normal file
View file

@ -0,0 +1,5 @@
_final: prev: {
scripts = {
usbguardw = prev.callPackage ./usbguardw.nix {};
};
}

8
pkgs/scripts/usbguardw.nix Normal file
View file

@ -0,0 +1,8 @@
{writeShellApplication}:
writeShellApplication {
name = "usguardw";
text = ''
set -euo pipefail
printenv
'';
}

BIN
secrets/usbguard.rules.age Normal file
View file

Binary file not shown.