feat: tried usbguard

2023-10-17 00:04:36 +02:00 · 2023-10-17 00:04:36 +02:00 · e43113dfbe
parent 17594ae15e
commit e43113dfbe
6 changed files with 28 additions and 2 deletions
--- a/modules/config/default.nix
+++ b/modules/config/default.nix
@ -10,13 +10,14 @@
    ./ssh.nix
    ./system.nix
    ./xdg.nix
+    #./usbguard

    ../../users/root

    ../secrets.nix
    ../meta.nix
    ../smb-mounts.nix
-    ../impermanence
+    ./impermanence

    inputs.home-manager.nixosModules.default
    inputs.impermanence.nixosModules.impermanence
--- a/modules/config/impermanence/default.nix
+++ b/modules/config/impermanence/default.nix
--- a/modules/config/impermanence/users.nix
+++ b/modules/config/impermanence/users.nix
--- a/modules/config/usbguard/default.nix
+++ b/modules/config/usbguard/default.nix
@ -0,0 +1,6 @@
+{
+  services.usbguard = {
+    rules = builtins.readFile ./rules.rules;
+    enable = true;
+  };
+}
--- a/modules/config/usbguard/rules.rules
+++ b/modules/config/usbguard/rules.rules
@ -0,0 +1,18 @@
+allow id 046d:0893 serial "6DD0C605" name "Logitech StreamCam" hash "/aR2Emikr/GHtaHc064MiPF5wJN8l4GvBKkQjpkofz8=" with-interface { 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 01:02:00 ff:ff:00 03:00:00 }
+allow id 19f7:0003 serial "" name "RODE NT-USB" hash "1xrmi3l5Z/NuY33kzCFehCT+3IycT8xdHCIeDw5IFeQ=" with-interface { 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 03:00:00 }
+allow id 1050:0407 serial "" name "YubiKey OTP+FIDO+CCID" hash "Q+A8QQReKclmBSaDIYja0w4Bx6ld2IU6wF7HFKdtJ3Q=" with-interface { 03:01:01 03:00:00 0b:00:00 }
+allow id 0fd9:0060 serial "AL31H1B01852" name "Stream Deck" hash "iEklGuteHgV0NQqrqJUtjRZP+U/TjqlpZ57qiHG4jzE=" with-interface 03:00:00
+allow id 28bd:0075 serial "" name "G430S" hash "gQb86Xi+ev+qpobH93Lk9mQfXlZ6IWzYMVvwwjXMfGo=" with-interface { 03:01:02 03:01:02 03:00:00 }
+
+allow id 0b95:6801 serial "00000002" name "AX68002" hash "bu444EGndlyLkGaXB7RotBGCdpiJzLSpi5cz3g00tsY=" with-interface { 03:01:01 03:01:02 03:01:02 }
+
+allow id 0951:16b7 serial "" name "HyperX Alloy FPS Mechanical Gaming Keyboard" hash "K6ejqPmRbXIugkpv2/6Zxm4KwjftJBApzlDE+YELiqM=" with-interface { 03:01:01 03:01:02 03:01:00 }
+allow id 046d:c534 serial "" name "USB Receiver" hash "2Tmol95c6dv//0RiOpMlUD2f72+S/vuJuIfLIZ2rNXc=" with-interface { 03:01:01 03:01:02 }
+allow id 046d:c539 serial "" name "USB Receiver" hash "h5tO4bdFoMAsoal6HTa8yXCasmsW1tdRZKf1yIQFDgE=" with-interface { 03:01:01 03:01:02 03:00:00 }
+
+allow id 28de:2400 serial "00000001" name "3D Camera" hash "9/MSYNlECtJw4EAd4mI5si/gcDJ3tWHgCEvMxl9DQQw=" with-interface { 0e:01:00 0e:02:00 }
+allow id 28de:2300 serial "LHR-64CBB640" name "Index HMD" hash "E1km0vmcOdKrMZ0GttZHH9U/V1V/ynGVL7eYRXw8/Fg=" with-interface { 03:00:00 03:00:00 03:00:00 }
+allow id 28de:2102 serial "0C879D3C66-RYB" name "Valve VR Radio" hash "24Uu6UvmnVtn+VtqfZdVf916jVdl7rBn0FLbtLj4VxY=" with-interface { 03:00:00 02:02:00 0a:00:00 }
+allow id 28de:2102 serial "08829178E1-LYM" name "Valve VR Radio & HMD Mic" hash "7IhwRpCk0Y0wjSo2xdBTwkywfg2jcb94pdDwtsPgbQU=" with-interface { 03:00:00 01:01:00 01:02:00 01:02:00 }
+
+llow id *:* with-interface one-of { 09:*:* }
--- a/users/common/graphical/Xorg/wallpapers.nix
+++ b/users/common/graphical/Xorg/wallpapers.nix
@ -7,7 +7,8 @@
  exe =
    pkgs.writeShellScript "set-wallpaper"
    ''
-      ${pkgs.feh}/bin/feh --no-fehbg --bg-fill --randomize $( ${pkgs.findutils}/bin/find ${wallpaper-folder} | ${pkgs.ripgrep}/bin/rg ".*(\.png|\.jpg)$")
+         ${pkgs.feh}/bin/feh --no-fehbg --bg-fill --randomize \
+      $( ${pkgs.findutils}/bin/find ${wallpaper-folder} | ${pkgs.ripgrep}/bin/rg ".*(\.png|\.jpg)$")
    '';
 in {
  systemd.user = {