{
  # USBGuard is a service that allows you to create a whitelist of the USB device you want your system to connect to.
  # Other devices will be blocked by default
  # This minimizes the impact of BadUSB attacks
  services.usbguard = {
    enable = true;

    # Regular users can interact with usbguard
    IPCAllowedGroups = ["wheel"];

    rules = ''
      # new-new-phoenix
      allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller"
      allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller"
      allow id 0bda:0129 serial "20100201396000000" name "USB2.0-CRW"
      allow id 048d:ce00 serial "" name "ITE Device(8291)"
      allow id 8087:0025 serial "" name ""

      # USB Drives

      ## ISO USB
      allow id 0951:1666 serial "D067E5161936F420A61181ED" name "DataTraveler 3.0"

      ## TAILS USB
      allow id 346d:5678 serial "FC081FF86A47A" name "Disk 20"

      # Peripherals
      allow id 046d:c08b serial "178D316C3832" name "G502 HERO Gaming Mouse"
      allow id 18d1:4ee1 serial "28051FDH200ATC" name "Pixel 7"
    '';
  };
}