From 99c0c32a49132c38cc67aa992408d82c3ceee3d1 Mon Sep 17 00:00:00 2001
From: Ameya Shenoy <shenoy.ameya@gmail.com>
Date: Wed, 20 Mar 2024 07:56:43 +0530
Subject: [PATCH] usbguard: fix policy enums

The available policies for `InsertedDevicePolicy` and
`ImplicitPolicyTarget` differ from the defined policy enum. This change
is to prevent users from configuring incorrect policies for `usbguard`

Related `usbguard` documentation
https://usbguard.github.io/documentation/configuration.html

Signed-off-by: Ameya Shenoy <shenoy.ameya@gmail.com>
---
 nixos/modules/services/security/usbguard.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix
index f167fbb2eca821..ff54176e13d3a5 100644
--- a/nixos/modules/services/security/usbguard.nix
+++ b/nixos/modules/services/security/usbguard.nix
@@ -80,7 +80,7 @@ in
       };
 
       implicitPolicyTarget = mkOption {
-        type = policy;
+        type = types.enum [ "allow" "block" "reject" ];
         default = "block";
         description = lib.mdDoc ''
           How to treat USB devices that don't match any rule in the policy.
@@ -110,7 +110,7 @@ in
       };
 
       insertedDevicePolicy = mkOption {
-        type = policy;
+        type = types.enum [ "block" "reject" "apply-policy" ];
         default = "apply-policy";
         description = lib.mdDoc ''
           How to treat USB devices that are already connected after the daemon