usbguard and drop todo

modules/desktop/dunst.nix

@@ -17,6 +17,7 @@ in {
           follow = "mouse";
           width = 300;
           height = 145;
+          # TODO: make more dynamic
           frame_color = "#f5c2e7"; # catppuccin pink
 
           origin = "top-right";

modules/desktop/hyprlock.nix

@@ -57,6 +57,7 @@ in {
             position = "0, 105";
             text = "cmd[update:1000] echo \"<span font_weight='1000'>$(date +'%H')</span>\"";
             font_size = 78;
+            # TODO: make more dynamic
             color = "rgb(f5c2e7)"; # catppuccin pink
             font_family = config.modules.desktop.fonts.fonts.sansSerif.family;
             halign = "center"; valign = "center";

modules/desktop/themes/catppuccin/rofi.rasi

@@ -20,6 +20,7 @@ window {
   height: 500px;
   border: 1px;
   border-radius: 1em;
+  /* TODO: make more dynamic */
   border-color: @pink;
   background-color: @bg-col;
 }

modules/security.nix

@@ -63,7 +63,22 @@ in {
     # personal computer? no firewall ty :3
     networking.firewall.enable = false;
 
-    # TODO: usbguard
+
+    services.usbguard = {
+      IPCAllowedUsers = [ "root" "${env.mainUser}" ];
+      presentDevicePolicy = "allow";
+      rules = ''
+        allow with-interface equals { 08:*:* }
+
+        # reject devices with suspicious combination of interfaces (ex. mass storage + keyboard)
+        reject with-interface all-of { 08:*:* 03:00:* }
+        reject with-interface all-of { 08:*:* 03:01:* }
+        reject with-interface all-of { 08:*:* e0:*:* }
+        reject with-interface all-of { 08:*:* 02:*:* }
+      '';
+    };
+
+    services.fwupd.enable = true;
   } // (mkIf cfg.useDoas {
     security.sudo.enable = false;
     security.doas.enable = true;