Files
stornic56 a91b0caa25 critical-fixes, swap module & gaming overhaul
- Fixed script crashes from `whiptail` Cancel/Esc under `set -e`. Added `_menu()`, `_checklist()` and `_inputbox()` wrappers with `|| true` to prevent premature exits.
- Resolved startup failures by using defaults instead of relying on unset variables with `set -u`.
- Hardened sudoers management — `_validate_sudoers()` writes to temp file, validates with `visudo -cf`, only copies if successful.
- Replaced `eval` in `_run_cmd` with safer `bash -c` execution.

Swap Management Module (`modules/swap.sh`)
- New standalone module with 9 internal functions and `manage_swap()` entry point.
- Btrfs CoW detection — applies `chattr +C` before swapfile creation to prevent mkswap rejection on Btrfs.
- Dynamic swappiness configuration — reads current system value instead of hardcoding 60, pre-fills inputbox with existing setting.
- Uses `/run/lock/debianito-swap.lock` for early init compatibility (added as option 9 in main menu).

Repository & Branch Migration (`modules/repos/migrate.sh`)
- Handles branch migration from stable (11/12) to Testing or SID with 5-screen UX flow.
- Persistent backup system — creates timestamped tar.gz backups of `/etc/apt/sources.list*`, auto-restores on apt update failure.
- SID guardrails — installs `apt-listbugs` and `apt-listchanges` before upgrade to warn about critical bugs in unstable packages.
- Dynamic menu options based on Debian version (SID shows only 1-2-3 Exit, non-SID includes backports + branch migration).
- New `_components_enabled()` helper detects current contrib/non-free state.

Gaming Module Overhaul
- Unified gaming checklist — merged i386 toggle into single prompt with lazy evaluation instead of separate pre-check.
- Lazy 32-bit architecture enablement — only enables i386 when needed (steam/lutris/i386 selected) and installs graphics drivers if `need_32bit=true`.
- New `_install_nvidia_32bit()` helper with proper driver detection, version pinning, and legacy/tesla variant handling.

Heroic & OpenRGB Downloads
- Heroic — fetches latest release from GitHub API using `jq` to extract amd64.deb URL, validates with `dpkg-deb --info`.
- OpenRGB — downloads from Codeberg Gitea API with SHA256 verification when available, fallback to `dpkg-deb` validation.
- Dynamic codename detection — now detects Bookworm vs Trixie at runtime instead of hardcoded static values for .deb download URLs.

|Other Improvements
- Renumbered main menu: 8=ZRAM, 9=Swap Management, 10=Extras, 11=Boot Rescue, 12=Exit.
- Improved `detect_storage()` — excludes loop/CD-ROM devices via `lsblk -e 7,11`, explicitly skips zram, detects USB/SD via `/sys/block/$name/removable`.
- Standardized SCROLL_HINT across all files with centralized readonly variable.
2026-07-10 01:42:57 -05:00

155 lines
5.3 KiB
Bash

#!/usr/bin/env bash
# sudo_config.sh — User Privileges & Feedback submenu
# License GPL v3
config_sudo() {
echo -e "${YELLOW}User Privileges & Feedback${NC}"
while true; do
local choice
choice=$(_menu "User Privileges & Feedback" \
"Select an option:" $TUI_ALTO $TUI_ANCHO 6 \
"1" "Sudo Group Membership" \
"2" "Passwordless Sudo (maintenance commands)" \
"3" "Repair Home Directory Ownership" \
"4" "Sudo Password Feedback (asterisks)" \
"5" "Back to main menu")
[ -z "$choice" ] && return
clear
case "$choice" in
1) _check_sudo_group ;;
2) _configure_nopasswd ;;
3) _repair_home_ownership ;;
4) _toggle_pwfeedback ;;
5) return ;;
esac
done
}
# ── Option 1: Sudo Group Membership ──
_check_sudo_group() {
if groups "$USER" | grep -qE '\bsudo\b'; then
_msg "Sudo Group" "User '$USER' is already in the sudo group."
else
if _confirm "Sudo Group" \
"User '$USER' is NOT in the sudo group.\n\nAdd to sudo group?"; then
if sudo usermod -aG sudo "$USER"; then
_msg "Sudo Group" \
"User added to sudo group.\n\nLog out and back in for\ngroup changes to take effect." 10 60
else
_msg "Sudo Group" "Failed to add user to sudo group." 7 60
return 1
fi
fi
fi
}
# ── Option 2: Passwordless Sudo (NOPASSWD) ──
_configure_nopasswd() {
local nopasswd_file="/etc/sudoers.d/${USER}-nopasswd"
if [ -f "$nopasswd_file" ]; then
if _confirm "NOPASSWD" \
"Passwordless sudo is already configured.\n\nRemove it to restore password prompts?"; then
sudo rm -f "$nopasswd_file"
echo -e "${GREEN}Passwordless sudo removed.${NC}"
fi
return
fi
if _confirm "NOPASSWD" \
"Configure passwordless sudo for maintenance commands?\n\n\
- apt / apt-get (package management)\n\
- systemctl (service management)\n\
- shutdown / reboot / halt (power commands)\n\n\
Useful for automation but reduces security." 14 70; then
local choices
choices=$(_checklist "NOPASSWD Commands" \
"Select commands to allow without password:" 12 60 3 \
"apt" "APT package management" ON \
"systemctl" "Systemd service management" ON \
"power" "Shutdown, reboot, halt" ON)
clear
[ -z "$choices" ] && { echo "No commands selected."; return; }
local cleaned; cleaned=$(echo "$choices" | tr -d '"')
local content=""
for cmd in $cleaned; do
case $cmd in
apt)
content+="${USER} ALL=(root) NOPASSWD: /usr/bin/apt, /usr/bin/apt-get, /bin/apt, /bin/apt-get\n"
;;
systemctl)
content+="${USER} ALL=(root) NOPASSWD: /usr/bin/systemctl, /bin/systemctl\n"
;;
power)
content+="${USER} ALL=(root) NOPASSWD: /usr/sbin/shutdown, /sbin/shutdown, /usr/sbin/reboot, /sbin/reboot, /usr/sbin/halt, /sbin/halt\n"
;;
esac
done
local content_str; content_str=$(echo -e "$content")
if _validate_sudoers "$content_str" "$nopasswd_file"; then
echo -e "${GREEN}Passwordless sudo configured for selected commands.${NC}"
else
return 1
fi
fi
}
# ── Option 3: Repair Home Directory Ownership ──
_repair_home_ownership() {
local home
home=$(eval echo "~$USER")
if [ ! -d "$home" ]; then
_msg "Home Directory" "Home directory '$home' does not exist." 8 60
return 1
fi
local uid uid_owner
uid=$(id -u "$USER" 2>/dev/null)
uid_owner=$(stat -c '%u' "$home" 2>/dev/null || echo "0")
if [ "$uid_owner" != "$uid" ]; then
local expected_user
expected_user=$(id -nu "$uid_owner" 2>/dev/null || echo "UID $uid_owner")
if _confirm "Home Permissions" \
"Home directory '$home' is owned by\n'$expected_user' (expected: '$USER').\n\nRepair ownership?" 12 65; then
if sudo chown -R "$USER:$USER" "$home"; then
echo -e "${GREEN}Home directory ownership repaired.${NC}"
else
echo -e "${RED}Failed to repair home directory ownership.${NC}"
return 1
fi
fi
else
_msg "Home Permissions" "Home directory ownership is correct\n(owner: $USER)." 8 60
fi
}
# ── Option 4: Sudo Password Feedback (pwfeedback) ──
_toggle_pwfeedback() {
local fb_file="/etc/sudoers.d/pwfeedback"
if [ -f "$fb_file" ]; then
if _confirm "Password Feedback" \
"Asterisks are currently ENABLED when typing sudo password.\n\nDisable them?"; then
sudo rm -f "$fb_file"
echo -e "${GREEN}Password feedback disabled.${NC}"
fi
else
if _confirm "Password Feedback" \
"Show asterisks when typing the sudo password?"; then
if _validate_sudoers 'Defaults pwfeedback' "$fb_file"; then
echo -e "${GREEN}Password feedback enabled.${NC}"
else
return 1
fi
fi
fi
}