usbguard: fix policy enums

The available policies for `InsertedDevicePolicy` and `ImplicitPolicyTarget` differ from the defined policy enum. This change is to prevent users from configuring incorrect policies for `usbguard` Related `usbguard` documentation https://usbguard.github.io/documentation/configuration.html Signed-off-by: Ameya Shenoy <shenoy.ameya@gmail.com>
NixOS · Mar 20, 2024 · 99c0c32 · 99c0c32
1 parent 8e9fa2d
commit 99c0c32
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix
@@ -80,7 +80,7 @@ in
       };
 
       implicitPolicyTarget = mkOption {
-        type = policy;
+        type = types.enum [ "allow" "block" "reject" ];
         default = "block";
         description = lib.mdDoc ''
           How to treat USB devices that don't match any rule in the policy.
@@ -110,7 +110,7 @@ in
       };
 
       insertedDevicePolicy = mkOption {
-        type = policy;
+        type = types.enum [ "block" "reject" "apply-policy" ];
         default = "apply-policy";
         description = lib.mdDoc ''
           How to treat USB devices that are already connected after the daemon