fix nixos readonly config

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>

internal/guard/client.go

@@ -2,6 +2,7 @@ package guard
 
 import (
 	"errors"
+	"os"
 	"os/exec"
 	"strconv"
 	"strings"
@@ -86,6 +87,42 @@ func wrapExecError(err error) error {
 	return err
 }
 
+func IsRulesManaged() bool {
+	out, err := exec.Command("systemctl", "cat", "usbguard").Output()
+	if err != nil {
+		return false
+	}
+	configPath := extractConfigPath(string(out))
+	if configPath == "" {
+		return false
+	}
+	ruleFile := parseRuleFilePath(configPath)
+	return strings.HasPrefix(ruleFile, "/nix/store/")
+}
+
+func extractConfigPath(s string) string {
+	fields := strings.Fields(s)
+	for i, f := range fields {
+		if f == "-c" && i+1 < len(fields) {
+			return fields[i+1]
+		}
+	}
+	return ""
+}
+
+func parseRuleFilePath(configPath string) string {
+	data, err := os.ReadFile(configPath)
+	if err != nil {
+		return ""
+	}
+	for _, line := range strings.Split(string(data), "\n") {
+		if after, ok := strings.CutPrefix(line, "RuleFile="); ok {
+			return strings.TrimSpace(after)
+		}
+	}
+	return ""
+}
+
 func classifyError(output string) error {
 	lower := strings.ToLower(output)
 	switch {

internal/guard/errors.go

@@ -5,5 +5,5 @@ import "errors"
 var (
 	ErrNotFound   = errors.New("usbguard not found in PATH")
 	ErrPermission = errors.New("insufficient permissions to manage devices")
-	ErrReadOnly   = errors.New("rules file is read-only")
+	ErrReadOnly   = errors.New("rules file is not writable")
 )