usbguard: fix policy enums

The available policies for `InsertedDevicePolicy` and
`ImplicitPolicyTarget` differ from the defined policy enum. This change
is to prevent users from configuring incorrect policies for `usbguard`

Related `usbguard` documentation
https://usbguard.github.io/documentation/configuration.html

Signed-off-by: Ameya Shenoy <shenoy.ameya@gmail.com>
This commit is contained in:
Ameya Shenoy 2024-03-20 07:56:43 +05:30
parent 8e9fa2ddca
commit 99c0c32a49
No known key found for this signature in database
GPG Key ID: 584ACAA669E1F8AF

View File

@ -80,7 +80,7 @@ in
}; };
implicitPolicyTarget = mkOption { implicitPolicyTarget = mkOption {
type = policy; type = types.enum [ "allow" "block" "reject" ];
default = "block"; default = "block";
description = lib.mdDoc '' description = lib.mdDoc ''
How to treat USB devices that don't match any rule in the policy. How to treat USB devices that don't match any rule in the policy.
@ -110,7 +110,7 @@ in
}; };
insertedDevicePolicy = mkOption { insertedDevicePolicy = mkOption {
type = policy; type = types.enum [ "block" "reject" "apply-policy" ];
default = "apply-policy"; default = "apply-policy";
description = lib.mdDoc '' description = lib.mdDoc ''
How to treat USB devices that are already connected after the daemon How to treat USB devices that are already connected after the daemon