nixos-config/common/services/usbguard.nix

{
  # USBGuard is a service that allows you to create a whitelist of the USB device you want your system to connect to.
  # Other devices will be blocked by default
  # This minimizes the impact of BadUSB attacks
  services.usbguard = {
    enable = true;

    # Regular users can interact with usbguard
    IPCAllowedGroups = ["wheel"];

    rules = ''
      # USB Drives
      allow id 0951:1666 serial "D067E5161936F420A61181ED" name "DataTraveler 3.0" # ISO USB
      allow id 346d:5678 serial "FC081FF86A47A" name "Disk 20" # TAILS USB
      allow id abcd:1234 # small usb
      block id 0781:5567 serial "20054963930A6791494D" name "Cruzer Blade" # ?
      block id 048d:1234 serial "9474621090551435743" name "Disk 2.0" # ?

      # Peripherals
      allow id 046d:c08b serial "178D316C3832" name "G502 HERO Gaming Mouse"
      allow id 1ea7:0907 serial "SN0000000001" name "USB-HID Gaming Keyboard"
      allow id 0bc2:231a serial "2HC015KJ" name "Expansion" # USB-SATA adapter
      allow id 1058:0704 name "External HDD    " # USB-SATA adapter
      allow id 04f9:02d3 serial "E71830G6J592482" name "" # Printer

      # Phones
      allow id 18d1:4ee1 serial "28051FDH200ATC" name "Pixel 7"
      allow id 2717:ff40 serial "52bb384f0512" name "Redmi 10 2022"

      allow id 04a9:178a serial "G04A4A" name "MG3600 series"

      # Baofeng programmer
      allow id 067b:2303 serial "" name "USB-Serial Controller D"

      allow id 1050:0407 serial "" name "YubiKey OTP+FIDO+CCID"
      allow id 0bda:2838 serial "00000001" name "Blog V4"
    '';
  };
}
a mess 2024-04-22 20:48:35 +02:00			`{`
awawa 2024-04-23 16:19:33 +02:00			`# USBGuard is a service that allows you to create a whitelist of the USB device you want your system to connect to.`
			`# Other devices will be blocked by default`
			`# This minimizes the impact of BadUSB attacks`
a mess 2024-04-22 20:48:35 +02:00			`services.usbguard = {`
			`enable = true;`

awawa 2024-04-23 16:19:33 +02:00			`# Regular users can interact with usbguard`
a mess 2024-04-22 20:48:35 +02:00			`IPCAllowedGroups = ["wheel"];`

			`rules = ''`
			`# USB Drives`
uu? rr? 2024-05-01 11:15:45 +02:00			`allow id 0951:1666 serial "D067E5161936F420A61181ED" name "DataTraveler 3.0" # ISO USB`
			`allow id 346d:5678 serial "FC081FF86A47A" name "Disk 20" # TAILS USB`
usbguard and doc format 2024-06-12 15:20:56 +02:00			`allow id abcd:1234 # small usb`
			`block id 0781:5567 serial "20054963930A6791494D" name "Cruzer Blade" # ?`
			`block id 048d:1234 serial "9474621090551435743" name "Disk 2.0" # ?`
s 2024-04-23 18:26:19 +02:00
			`# Peripherals`
			`allow id 046d:c08b serial "178D316C3832" name "G502 HERO Gaming Mouse"`
lol 2024-05-16 20:15:39 +02:00			`allow id 1ea7:0907 serial "SN0000000001" name "USB-HID Gaming Keyboard"`
usbguard and doc format 2024-06-12 15:20:56 +02:00			`allow id 0bc2:231a serial "2HC015KJ" name "Expansion" # USB-SATA adapter`
yas 2024-10-03 12:50:40 +02:00			`allow id 1058:0704 name "External HDD " # USB-SATA adapter`
usbguard and doc format 2024-06-12 15:20:56 +02:00			`allow id 04f9:02d3 serial "E71830G6J592482" name "" # Printer`
lol 2024-05-16 20:15:39 +02:00
			`# Phones`
temp ssh 2024-04-24 15:17:34 +02:00			`allow id 18d1:4ee1 serial "28051FDH200ATC" name "Pixel 7"`
30% more stuff 2024-04-27 13:56:15 +02:00			`allow id 2717:ff40 serial "52bb384f0512" name "Redmi 10 2022"`
lol 2024-05-06 13:10:44 +02:00
printing 2024-07-31 16:26:45 +02:00			`allow id 04a9:178a serial "G04A4A" name "MG3600 series"`
yas 2024-10-03 12:50:40 +02:00
			`# Baofeng programmer`
			`allow id 067b:2303 serial "" name "USB-Serial Controller D"`
youbiiii 2024-10-04 20:25:54 +02:00
			`allow id 1050:0407 serial "" name "YubiKey OTP+FIDO+CCID"`
24.11 changes and stuff 2025-01-23 20:22:39 +01:00			`allow id 0bda:2838 serial "00000001" name "Blog V4"`
a mess 2024-04-22 20:48:35 +02:00			`'';`
			`};`
			`}`