From e43113dfbe9b2afa635d9ddf8f25b794b3f9fd65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= <patrickdgro@gmail.com>
Date: Tue, 17 Oct 2023 00:04:36 +0200
Subject: [PATCH] feat: tried usbguard

---
 modules/config/default.nix                    |  3 ++-
 modules/{ => config}/impermanence/default.nix |  0
 modules/{ => config}/impermanence/users.nix   |  0
 modules/config/usbguard/default.nix           |  6 ++++++
 modules/config/usbguard/rules.rules           | 18 ++++++++++++++++++
 users/common/graphical/Xorg/wallpapers.nix    |  3 ++-
 6 files changed, 28 insertions(+), 2 deletions(-)
 rename modules/{ => config}/impermanence/default.nix (100%)
 rename modules/{ => config}/impermanence/users.nix (100%)
 create mode 100644 modules/config/usbguard/default.nix
 create mode 100644 modules/config/usbguard/rules.rules

diff --git a/modules/config/default.nix b/modules/config/default.nix
index 9727604..f7e1bd4 100644
--- a/modules/config/default.nix
+++ b/modules/config/default.nix
@@ -10,13 +10,14 @@
     ./ssh.nix
     ./system.nix
     ./xdg.nix
+    #./usbguard
 
     ../../users/root
 
     ../secrets.nix
     ../meta.nix
     ../smb-mounts.nix
-    ../impermanence
+    ./impermanence
 
     inputs.home-manager.nixosModules.default
     inputs.impermanence.nixosModules.impermanence
diff --git a/modules/impermanence/default.nix b/modules/config/impermanence/default.nix
similarity index 100%
rename from modules/impermanence/default.nix
rename to modules/config/impermanence/default.nix
diff --git a/modules/impermanence/users.nix b/modules/config/impermanence/users.nix
similarity index 100%
rename from modules/impermanence/users.nix
rename to modules/config/impermanence/users.nix
diff --git a/modules/config/usbguard/default.nix b/modules/config/usbguard/default.nix
new file mode 100644
index 0000000..8944829
--- /dev/null
+++ b/modules/config/usbguard/default.nix
@@ -0,0 +1,6 @@
+{
+  services.usbguard = {
+    rules = builtins.readFile ./rules.rules;
+    enable = true;
+  };
+}
diff --git a/modules/config/usbguard/rules.rules b/modules/config/usbguard/rules.rules
new file mode 100644
index 0000000..78bf109
--- /dev/null
+++ b/modules/config/usbguard/rules.rules
@@ -0,0 +1,18 @@
+allow id 046d:0893 serial "6DD0C605" name "Logitech StreamCam" hash "/aR2Emikr/GHtaHc064MiPF5wJN8l4GvBKkQjpkofz8=" with-interface { 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 01:02:00 ff:ff:00 03:00:00 }
+allow id 19f7:0003 serial "" name "RODE NT-USB" hash "1xrmi3l5Z/NuY33kzCFehCT+3IycT8xdHCIeDw5IFeQ=" with-interface { 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 03:00:00 }
+allow id 1050:0407 serial "" name "YubiKey OTP+FIDO+CCID" hash "Q+A8QQReKclmBSaDIYja0w4Bx6ld2IU6wF7HFKdtJ3Q=" with-interface { 03:01:01 03:00:00 0b:00:00 }
+allow id 0fd9:0060 serial "AL31H1B01852" name "Stream Deck" hash "iEklGuteHgV0NQqrqJUtjRZP+U/TjqlpZ57qiHG4jzE=" with-interface 03:00:00
+allow id 28bd:0075 serial "" name "G430S" hash "gQb86Xi+ev+qpobH93Lk9mQfXlZ6IWzYMVvwwjXMfGo=" with-interface { 03:01:02 03:01:02 03:00:00 }
+
+allow id 0b95:6801 serial "00000002" name "AX68002" hash "bu444EGndlyLkGaXB7RotBGCdpiJzLSpi5cz3g00tsY=" with-interface { 03:01:01 03:01:02 03:01:02 }
+
+allow id 0951:16b7 serial "" name "HyperX Alloy FPS Mechanical Gaming Keyboard" hash "K6ejqPmRbXIugkpv2/6Zxm4KwjftJBApzlDE+YELiqM=" with-interface { 03:01:01 03:01:02 03:01:00 }
+allow id 046d:c534 serial "" name "USB Receiver" hash "2Tmol95c6dv//0RiOpMlUD2f72+S/vuJuIfLIZ2rNXc=" with-interface { 03:01:01 03:01:02 }
+allow id 046d:c539 serial "" name "USB Receiver" hash "h5tO4bdFoMAsoal6HTa8yXCasmsW1tdRZKf1yIQFDgE=" with-interface { 03:01:01 03:01:02 03:00:00 }
+
+allow id 28de:2400 serial "00000001" name "3D Camera" hash "9/MSYNlECtJw4EAd4mI5si/gcDJ3tWHgCEvMxl9DQQw=" with-interface { 0e:01:00 0e:02:00 }
+allow id 28de:2300 serial "LHR-64CBB640" name "Index HMD" hash "E1km0vmcOdKrMZ0GttZHH9U/V1V/ynGVL7eYRXw8/Fg=" with-interface { 03:00:00 03:00:00 03:00:00 }
+allow id 28de:2102 serial "0C879D3C66-RYB" name "Valve VR Radio" hash "24Uu6UvmnVtn+VtqfZdVf916jVdl7rBn0FLbtLj4VxY=" with-interface { 03:00:00 02:02:00 0a:00:00 }
+allow id 28de:2102 serial "08829178E1-LYM" name "Valve VR Radio & HMD Mic" hash "7IhwRpCk0Y0wjSo2xdBTwkywfg2jcb94pdDwtsPgbQU=" with-interface { 03:00:00 01:01:00 01:02:00 01:02:00 }
+
+llow id *:* with-interface one-of { 09:*:* }
diff --git a/users/common/graphical/Xorg/wallpapers.nix b/users/common/graphical/Xorg/wallpapers.nix
index c207d9d..5465fd5 100644
--- a/users/common/graphical/Xorg/wallpapers.nix
+++ b/users/common/graphical/Xorg/wallpapers.nix
@@ -7,7 +7,8 @@
   exe =
     pkgs.writeShellScript "set-wallpaper"
     ''
-      ${pkgs.feh}/bin/feh --no-fehbg --bg-fill --randomize $( ${pkgs.findutils}/bin/find ${wallpaper-folder} | ${pkgs.ripgrep}/bin/rg ".*(\.png|\.jpg)$")
+         ${pkgs.feh}/bin/feh --no-fehbg --bg-fill --randomize \
+      $( ${pkgs.findutils}/bin/find ${wallpaper-folder} | ${pkgs.ripgrep}/bin/rg ".*(\.png|\.jpg)$")
     '';
 in {
   systemd.user = {