anotherhadi/nixy
1
Fork 0
mirror of https://github.com/anotherhadi/nixy.git synced 2026-05-20 13:22:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
5e9b5ad63330a55e1bf505f7bf0c51e07ca361e6
nixy/hosts/laptop/configuration.nix
T
Hadi e805c868a7 Add usbguard service 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
2026-05-04 19:51:01 +02:00

52 lines
4.6 KiB
Nix
Raw Blame History

{config, ...}: {
imports = [
# Mostly system related configuration
../../nixos/nvidia.nix # CHANGEME: Remove this line if you don't have an Nvidia GPU
../../nixos/audio.nix
../../nixos/bluetooth.nix
../../nixos/fonts.nix
../../nixos/home-manager.nix
../../nixos/nix.nix
../../nixos/systemd-boot.nix
../../nixos/sddm.nix
../../nixos/users.nix
../../nixos/utils.nix
../../nixos/hyprland.nix
../../nixos/usbguard.nix
../../nixos/omen.nix # CHANGEME: For my laptop only, remove this (OMEN 16)
# You should let those lines as is
./hardware-configuration.nix
./variables.nix
];
# USBGuard:
# Allow all USB devices until a proper policy is configured.
# Run `sudo usbguard generate-policy` with your devices plugged in,
# then set rules = "<output>" and switch implicitPolicyTarget to "block".
# services.usbguard.implicitPolicyTarget = lib.mkForce "allow";
services.usbguard.rules = ''
allow id 1532:02a1 serial "" name "Razer Ornata V3" hash "wfuIjBhhGuge8gflyA526SKqKoy8rHJZQZ+2o6usMiE=" parent-hash "MSXcPAlZqkpTyZQylOhSIB8eMfST2AzVHV9EbrBGTWc=" with-interface { 03:01:01 03:00:01 03:00:02 } with-connect-type "unknown"
allow id 1d6b:0002 serial "0000:05:00.3" name "xHCI Host Controller" hash "4a4NgfdUaJO43rkCzmWRSeHHR/uUh5+SNsXnhosm9qs=" parent-hash "ldMchY4Tt4GPUYo30eNGvai+Fs/EdnVY3vMyxJUq4Nk=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:05:00.3" name "xHCI Host Controller" hash "d+DNGWARDtv9nEK2ZvnNOCtFernuMu5/e/oZ7kCppqQ=" parent-hash "ldMchY4Tt4GPUYo30eNGvai+Fs/EdnVY3vMyxJUq4Nk=" with-interface 09:00:00 with-connect-type ""
allow id 0bda:c85c serial "00e04c000001" name "Bluetooth Radio" hash "Q/wlToV8WQgEYHBW/UIhnSwCCusCGqAR2D5gspSCImQ=" parent-hash "4a4NgfdUaJO43rkCzmWRSeHHR/uUh5+SNsXnhosm9qs=" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "hardwired"
allow id 30c9:009f serial "01.00.00" name "HP True Vision FHD Camera" hash "eYW5fqReJd29tfHXkEktKC63dGfDpmlRMo5uMGUWwME=" parent-hash "icotY3rI59mWiKsGxc59BGZZeBjfbuH0b4NUByj3cbQ=" with-interface { 0e:01:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 0e:02:01 fe:01:01 } with-connect-type "hardwired"
allow id 03f0:036b serial "" name "HP USB-C Dock G5" hash "iPFGrgGz0sWgKQjWD/F8eNOhkeR728dTG8JJtkUSvuM=" parent-hash "Hp8B0Enf+ACRT2tyy0EqXj7eNsFDAnTRZadzuh/Iqd4=" with-interface { 09:00:01 09:00:02 } with-connect-type "hotplug"
allow id 03f0:066b serial "" name "HP USB-C Dock G5" hash "JHDjLFApQNqijjmuKdJSWH5+1oLL7S6LQ9QHTAk5fTk=" parent-hash "rJ3LKdvkCK3SUrCU3lV8qVbmPjA+r9Fe5106x2HlgK4=" with-interface 09:00:00 with-connect-type "hotplug"
allow id 03f0:056b serial "201604140001" name "USB Audio" hash "OxQ8HQenW3/4HSGEBOSYFS15rXDTOaNDnjMbICweHgw=" parent-hash "iPFGrgGz0sWgKQjWD/F8eNOhkeR728dTG8JJtkUSvuM=" with-interface { 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 03:00:00 } with-connect-type "unknown"
allow id 03f0:086b serial "" name "USB2734" hash "MSXcPAlZqkpTyZQylOhSIB8eMfST2AzVHV9EbrBGTWc=" parent-hash "iPFGrgGz0sWgKQjWD/F8eNOhkeR728dTG8JJtkUSvuM=" with-interface { 09:00:01 09:00:02 } with-connect-type "unknown"
allow id 03f0:046b serial "11AD1D0A89EA2D08310E0B00" name "HP USB-C Dock G5" hash "DEGeuj1u4lwqrzp0UksFX7mSEY9JnGLxg7yxGbglAKE=" parent-hash "iPFGrgGz0sWgKQjWD/F8eNOhkeR728dTG8JJtkUSvuM=" with-interface { 11:00:00 ff:03:00 03:00:00 } with-connect-type "unknown"
allow id 03f0:076b serial "" name "USB5734" hash "BshoqybYo0IKgoDORYPRtbhhlmQrYAxPQb2EAm1JsWA=" parent-hash "JHDjLFApQNqijjmuKdJSWH5+1oLL7S6LQ9QHTAk5fTk=" with-interface 09:00:00 with-connect-type "unknown"
allow id 0bda:8153 serial "000001000000" name "USB 10/100/1000 LAN" hash "utEnXKJ57kRUbPcGUaNWhEyoOEbLOYAFxvlsyC0PZkk=" parent-hash "JHDjLFApQNqijjmuKdJSWH5+1oLL7S6LQ9QHTAk5fTk=" with-interface { ff:ff:00 02:06:00 0a:00:00 0a:00:00 } with-connect-type "unknown"
allow id 046d:0ab7 serial "2046BAB04T68" name "Blue Microphones" hash "cC6AQ2e1Q/BeFeostpbf1mH2WpoUmt6bhau4NlA3niU=" parent-hash "MSXcPAlZqkpTyZQylOhSIB8eMfST2AzVHV9EbrBGTWc=" with-interface { 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 01:02:00 01:02:00 03:00:00 } with-connect-type "unknown"
allow id 13fd:5900 serial "50026B76861EE752 " name "External" hash "Xebp3uQRrhCKBHdGRVKXH0I5Vdawi4mSpuu0ttKgDyE=" parent-hash "BshoqybYo0IKgoDORYPRtbhhlmQrYAxPQb2EAm1JsWA=" with-interface { 08:06:50 08:06:62 } with-connect-type "unknown"
'';
home-manager.users."${config.var.username}" = import ./home.nix;
# Don't touch this
system.stateVersion = "24.05";
}
Reference in New Issue View Git Blame Copy Permalink