2024-04-22 20:48:35 +02:00
|
|
|
{
|
2024-04-23 16:19:33 +02:00
|
|
|
# USBGuard is a service that allows you to create a whitelist of the USB device you want your system to connect to.
|
|
|
|
|
# Other devices will be blocked by default
|
|
|
|
|
# This minimizes the impact of BadUSB attacks
|
2024-04-22 20:48:35 +02:00
|
|
|
services.usbguard = {
|
|
|
|
|
enable = true;
|
|
|
|
|
|
2024-04-23 16:19:33 +02:00
|
|
|
# Regular users can interact with usbguard
|
2024-04-22 20:48:35 +02:00
|
|
|
IPCAllowedGroups = ["wheel"];
|
|
|
|
|
|
|
|
|
|
rules = ''
|
2024-04-29 14:31:33 +02:00
|
|
|
# yaseen
|
2024-04-23 16:19:33 +02:00
|
|
|
allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller"
|
|
|
|
|
allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller"
|
|
|
|
|
allow id 0bda:0129 serial "20100201396000000" name "USB2.0-CRW"
|
|
|
|
|
allow id 048d:ce00 serial "" name "ITE Device(8291)"
|
|
|
|
|
allow id 8087:0025 serial "" name ""
|
2024-04-22 20:48:35 +02:00
|
|
|
|
|
|
|
|
# USB Drives
|
|
|
|
|
|
|
|
|
|
## ISO USB
|
|
|
|
|
allow id 0951:1666 serial "D067E5161936F420A61181ED" name "DataTraveler 3.0"
|
|
|
|
|
|
|
|
|
|
## TAILS USB
|
|
|
|
|
allow id 346d:5678 serial "FC081FF86A47A" name "Disk 20"
|
2024-04-23 18:26:19 +02:00
|
|
|
|
|
|
|
|
# Peripherals
|
|
|
|
|
allow id 046d:c08b serial "178D316C3832" name "G502 HERO Gaming Mouse"
|
2024-04-24 15:17:34 +02:00
|
|
|
allow id 18d1:4ee1 serial "28051FDH200ATC" name "Pixel 7"
|
2024-04-27 13:56:15 +02:00
|
|
|
allow id 2717:ff40 serial "52bb384f0512" name "Redmi 10 2022"
|
2024-04-22 20:48:35 +02:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
}
|
