1. 21
  1.  

  2. 6

    Really cool. On NixOS:

    Prepare the whitelist. Nowadays laptops have a lot of internal USB devices and without this the machine keyboard might get blacklisted!

    sudo su -
    mkdir -p /var/lib/usbguard
    nix run nixpkgs.usbguard -c usbguard generate-policy > /var/lib/usbguard/rules.conf
    

    Then add the NixOS config:

    { ... }: {
      services.usbguard = {
        enable = true;
        IPCAllowedGroups = [ "wheel" ];
      };
    }
    

    Finally run nixos-rebuild switch. Done :)

    1. 1
      1. 1

        If you’re on MacOS, a good, but quite coarse—as it doesn’t allow whitelist rules, just blunt allow/allow read-only/block settings—alternative is Disk Arbitrator