diff --git a/docs/TODO.md b/docs/TODO.md
index 423d31f..8a226b3 100644
--- a/docs/TODO.md
+++ b/docs/TODO.md
@@ -2,7 +2,7 @@
 
 feel free to contribute <3 ([CONTRIBUTING.md](CONTRIBUTING.md))
 
-- [ ] Nixy script v2 (with flake)
+- [ ] Nixy script v2 (with nixosConfiguration's name variable)
 - [ ] Installation script
 - [ ] Themes
   - [ ] MacOS theme
@@ -18,4 +18,5 @@ feel free to contribute <3 ([CONTRIBUTING.md](CONTRIBUTING.md))
 - [ ] Automount USB Key (And notify-send when it's done)
 - [ ] Backup system for some folders ($home/dev, $home/pictures, ...)
   - [ ] Exclude file pattern (nodes modules, ...)
-- [ ] Nextcloud exclude file pattern (nodes modules, ...)
\ No newline at end of file
+- [ ] Nextcloud exclude file pattern (nodes modules, ...)
+- [ ] Usb security for laptop & server, variable in variables.nix, disable for guest
diff --git a/home/laptop.nix b/home/laptop.nix
index 152ad5e..bba3d65 100644
--- a/home/laptop.nix
+++ b/home/laptop.nix
@@ -46,6 +46,7 @@
       nodejs
       python3
       jq
+      git-ignore
 
       # Utils
       fd
@@ -64,6 +65,7 @@
       bitwarden-cli
       optipng
       pfetch
+      usbutils
 
       # Just cool
       peaclock
diff --git a/hosts/modules/nvidia.nix b/hosts/modules/nvidia.nix
index 579de2c..eeb2755 100644
--- a/hosts/modules/nvidia.nix
+++ b/hosts/modules/nvidia.nix
@@ -46,6 +46,7 @@ in {
         nvidia-vaapi-driver
         vaapiVdpau
         libvdpau-va-gl
+        mesa
       ];
     };
   };
diff --git a/hosts/modules/prime.nix b/hosts/modules/prime.nix
index f6bd772..350adcc 100644
--- a/hosts/modules/prime.nix
+++ b/hosts/modules/prime.nix
@@ -1,11 +1,11 @@
 {
   hardware.nvidia.prime = {
-    # offload = {
-    #   enable = true;
-    #   enableOffloadCmd = true;
-    # };
+    offload = {
+      enable = true;
+      enableOffloadCmd = true;
+    };
 
-    sync.enable = true;
+    # sync.enable = true;
 
     amdgpuBusId = "PCI:5:0:0";
     nvidiaBusId = "PCI:1:0:0";
diff --git a/hosts/modules/usb.nix b/hosts/modules/usb.nix
new file mode 100644
index 0000000..8de4565
--- /dev/null
+++ b/hosts/modules/usb.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+
+{
+  # USB Automounting
+  services.gvfs.enable = true;
+  # services.udisks2.enable = true;
+  # services.devmon.enable = true;
+
+  # Enable USB Guard
+  services.usbguard = {
+    enable = true;
+    dbus.enable = true;
+    implicitPolicyTarget = "block";
+    # FIXME: set yours pref USB devices (change {id} to your trusted USB device), use `lsusb` command (from usbutils package) to get list of all connected USB devices including integrated devices like camera, bluetooth, wifi, etc. with their IDs or just disable `usbguard`
+    rules = ''
+      allow id {id} # device 1
+      allow id {id} # device 2
+    '';
+  };
+
+  # Enable USB-specific packages
+  environment.systemPackages = with pkgs; [ usbutils ];
+}