itsscb/omarchy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More restrictive sudoless setup for first-run

Browse Source
This commit is contained in:
David Heinemeier Hansson 2025-08-25 07:49:16 +02:00
parent 925a2906e5
commit 2d848338e6
3 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/omarchy-cmd-first-run
View File

@ -8,5 +8,5 @@ if [[ -f FIRST_RUN_MODE ]]; then
$OMARCHY_PATH/install/first-run/battery-monitor.sh $OMARCHY_PATH/install/first-run/battery-monitor.sh
$OMARCHY_PATH/install/first-run/firewall.sh $OMARCHY_PATH/install/first-run/firewall.sh
rm FIRST_RUN_MODE rm FIRST_RUN_MODE
sudo rm -f /etc/sudoers.d/99-omarchy-installer &>/dev/null sudo rm -f /etc/sudoers.d/first-run &>/dev/null
fi fi

1
install.sh
View File

@ -71,6 +71,7 @@ omarchy-show-logo
echo -e "\n\e[32mYou're done! So we're ready to reboot now...\e[0m" echo -e "\n\e[32mYou're done! So we're ready to reboot now...\e[0m"
if sudo test -f /etc/sudoers.d/99-omarchy-installer; then if sudo test -f /etc/sudoers.d/99-omarchy-installer; then
sudo rm -f /etc/sudoers.d/99-omarchy-installer &>/dev/null
echo -e "\nRemember to remove USB installer!" echo -e "\nRemember to remove USB installer!"
fi fi

8
install/preflight/first-run-mode.sh
View File

@ -3,3 +3,11 @@
# Set first-run mode marker so we can install stuff post-installation # Set first-run mode marker so we can install stuff post-installation
mkdir -p ~/.local/state/omarchy mkdir -p ~/.local/state/omarchy
touch ~/.local/state/omarchy/first-run.mode touch ~/.local/state/omarchy/first-run.mode
# Setup sudo-less access for first-run
sudo tee /etc/sudoers.d/first-run >/dev/null <<EOF
$USER ALL=(ALL) NOPASSWD: /usr/bin/ufw
$USER ALL=(ALL) NOPASSWD: /usr/bin/ufw-docker
$USER ALL=(ALL) NOPASSWD: /bin/rm -f /etc/sudoers.d/first-run
EOF
sudo chmod 440 /etc/sudoers.d/first-run