usbguard and doc format

README.md

@@ -32,18 +32,13 @@ Build enry and upload a generation: `nixos-rebuild switch --use-remote-sudo --fl
 ### To do on a new machine
 
 - Install NixOS
-
 - Clone this repo `git clone https://gitea.com/tasiaiso/nixos-config.git && cd nixos-onfig`
-
 - `export HOSTNAME=<your-hostname> && mkdir hosts/$HOSTNAME && cd hosts/$HOSTNAME && touch configuration.nix`
-
 - Fill out `configuration.nix`
-
 - add your key in `common/programs/ssh.nix`
-
 - `sudo nixos-generate-config --show-hardware-config > hosts/$HOSTNAME/hardare-configuration.nix`
-
-- `sudo nixos-rebuild switch --flake .#$HOSTNAME`
+- `sudo nixos-rebuild switch --flake .#$HOSTNAME"
+- If `usbguard` is enabled, check allowed devices.
 
 #### git
 

common/services/usbguard.nix

@@ -19,17 +19,20 @@
       # USB Drives
       allow id 0951:1666 serial "D067E5161936F420A61181ED" name "DataTraveler 3.0" # ISO USB
       allow id 346d:5678 serial "FC081FF86A47A" name "Disk 20" # TAILS USB
+      allow id abcd:1234 # small usb
+      block id 0781:5567 serial "20054963930A6791494D" name "Cruzer Blade" # ?
+      block id 048d:1234 serial "9474621090551435743" name "Disk 2.0" # ?
 
       # Peripherals
       allow id 046d:c08b serial "178D316C3832" name "G502 HERO Gaming Mouse"
       allow id 1ea7:0907 serial "SN0000000001" name "USB-HID Gaming Keyboard"
+      allow id 0bc2:231a serial "2HC015KJ" name "Expansion" # USB-SATA adapter
+      allow id 04f9:02d3 serial "E71830G6J592482" name "" # Printer
 
       # Phones
       allow id 18d1:4ee1 serial "28051FDH200ATC" name "Pixel 7"
       allow id 2717:ff40 serial "52bb384f0512" name "Redmi 10 2022"
 
-      allow id 04f9:02d3 serial "E71830G6J592482" name "" # Printer
-      allow id abcd:1234 # small usb
     '';
   };
 }