From 0e27305108a033b67da7e8c2b956a5e777237dc5 Mon Sep 17 00:00:00 2001 From: Atridad Lahiji Date: Sat, 2 Aug 2025 21:10:33 -0600 Subject: [PATCH] 1754190633 --- modules/hardware.nix | 3 +-- modules/packages.nix | 4 ++-- modules/services.nix | 31 +++++++++++++++++++++++++++++++ modules/users.nix | 7 ++++++- 4 files changed, 40 insertions(+), 5 deletions(-) diff --git a/modules/hardware.nix b/modules/hardware.nix index b546e73..4682ae0 100644 --- a/modules/hardware.nix +++ b/modules/hardware.nix @@ -14,8 +14,7 @@ powerManagement.enable = true; powerManagement.finegrained = false; gsp.enable = true; - open = true; + open = false; nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.stable; }; } diff --git a/modules/packages.nix b/modules/packages.nix index ab62a96..95acb00 100644 --- a/modules/packages.nix +++ b/modules/packages.nix @@ -37,6 +37,7 @@ in openssl ffmpeg vscodium + usbutils # Desktop applications bitwarden-desktop @@ -53,7 +54,6 @@ in duckstation dolphin-emu ryubing - gpu-screen-recorder # GNOME extensions gnomeExtensions.appindicator @@ -62,4 +62,4 @@ in ++ (with unstablePkgs; [ onlyoffice-desktopeditors ]); -} \ No newline at end of file +} diff --git a/modules/services.nix b/modules/services.nix index 01c8775..d99bb3b 100644 --- a/modules/services.nix +++ b/modules/services.nix @@ -30,4 +30,35 @@ # Fwupd services.fwupd.enable = true; + + # udev + services.udev.extraRules = '' + # --- Rules for WebHID/WebUSB Permissions for Keychron Devices --- + # These rules aim to make ALL Keychron devices accessible to users in the 'plugdev' group, + # or the 'users' group, so browsers (running as that user) can potentially interact. + + # This rule targets any Keychron device by its Vendor ID. + # It sets the group to 'plugdev' (or 'users') and grants read/write permissions. + # + # Considerations: + # 1. 'SUBSYSTEMS=="usb"': Matches devices within the USB subsystem, broad enough for WebUSB/WebHID. + # 2. 'ATTRS{idVendor}=="3434"': Specifically targets Keychron devices. + # 3. 'MODE="0660"': Grants read/write to owner (root) and group (plugdev/users). + # 4. 'GROUP="plugdev"': Assigns the 'plugdev' group. You might use 'users' or 'your-username-group' + # if 'plugdev' isn't suitable or doesn't exist on your system. + # The group used here must be one that your *browser's user process* is a member of. + # + # IMPORTANT: Do NOT use this rule for your primary system keyboard/mouse + # if you want to prevent web pages from *potentially* messing with them. + # For a general-purpose keyboard, the OS typically blacklists it from WebHID. + # This rule is most useful for custom peripherals or secondary devices. + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="3434", MODE="0660", GROUP="plugdev" + ACTION=="add", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", MODE="0660", GROUP="plugdev" + + # You might also include specific product IDs if you only want to grant access to certain Keychron models: + # ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="d030", MODE="0660", GROUP="plugdev" + # ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0e20", MODE="0660", GROUP="plugdev" + # ACTION=="add", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="d030", MODE="0660", GROUP="plugdev" + # ACTION=="add", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0e20", MODE="0660", GROUP="plugdev" + ''; } diff --git a/modules/users.nix b/modules/users.nix index 163d86d..4c78072 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -1,11 +1,16 @@ { config, pkgs, ... }: { + # Define groups + users.groups.plugdev = { + gid = 69420; + }; + # Define a user account. Don't forget to set a password with 'passwd'. users.users.atridad = { isNormalUser = true; description = "Atridad"; - extraGroups = [ "networkmanager" "wheel" "docker" ]; + extraGroups = [ "networkmanager" "wheel" "docker" "plugdev" ]; packages = with pkgs; [ # thunderbird ];