mirror of
https://github.com/stornic56/debianito-post-install.git
synced 2026-07-16 13:59:50 +00:00
a91b0caa25
- Fixed script crashes from `whiptail` Cancel/Esc under `set -e`. Added `_menu()`, `_checklist()` and `_inputbox()` wrappers with `|| true` to prevent premature exits. - Resolved startup failures by using defaults instead of relying on unset variables with `set -u`. - Hardened sudoers management — `_validate_sudoers()` writes to temp file, validates with `visudo -cf`, only copies if successful. - Replaced `eval` in `_run_cmd` with safer `bash -c` execution. Swap Management Module (`modules/swap.sh`) - New standalone module with 9 internal functions and `manage_swap()` entry point. - Btrfs CoW detection — applies `chattr +C` before swapfile creation to prevent mkswap rejection on Btrfs. - Dynamic swappiness configuration — reads current system value instead of hardcoding 60, pre-fills inputbox with existing setting. - Uses `/run/lock/debianito-swap.lock` for early init compatibility (added as option 9 in main menu). Repository & Branch Migration (`modules/repos/migrate.sh`) - Handles branch migration from stable (11/12) to Testing or SID with 5-screen UX flow. - Persistent backup system — creates timestamped tar.gz backups of `/etc/apt/sources.list*`, auto-restores on apt update failure. - SID guardrails — installs `apt-listbugs` and `apt-listchanges` before upgrade to warn about critical bugs in unstable packages. - Dynamic menu options based on Debian version (SID shows only 1-2-3 Exit, non-SID includes backports + branch migration). - New `_components_enabled()` helper detects current contrib/non-free state. Gaming Module Overhaul - Unified gaming checklist — merged i386 toggle into single prompt with lazy evaluation instead of separate pre-check. - Lazy 32-bit architecture enablement — only enables i386 when needed (steam/lutris/i386 selected) and installs graphics drivers if `need_32bit=true`. - New `_install_nvidia_32bit()` helper with proper driver detection, version pinning, and legacy/tesla variant handling. Heroic & OpenRGB Downloads - Heroic — fetches latest release from GitHub API using `jq` to extract amd64.deb URL, validates with `dpkg-deb --info`. - OpenRGB — downloads from Codeberg Gitea API with SHA256 verification when available, fallback to `dpkg-deb` validation. - Dynamic codename detection — now detects Bookworm vs Trixie at runtime instead of hardcoded static values for .deb download URLs. |Other Improvements - Renumbered main menu: 8=ZRAM, 9=Swap Management, 10=Extras, 11=Boot Rescue, 12=Exit. - Improved `detect_storage()` — excludes loop/CD-ROM devices via `lsblk -e 7,11`, explicitly skips zram, detects USB/SD via `/sys/block/$name/removable`. - Standardized SCROLL_HINT across all files with centralized readonly variable.
155 lines
5.3 KiB
Bash
155 lines
5.3 KiB
Bash
#!/usr/bin/env bash
|
|
# sudo_config.sh — User Privileges & Feedback submenu
|
|
# License GPL v3
|
|
|
|
config_sudo() {
|
|
echo -e "${YELLOW}User Privileges & Feedback${NC}"
|
|
|
|
while true; do
|
|
local choice
|
|
choice=$(_menu "User Privileges & Feedback" \
|
|
"Select an option:" $TUI_ALTO $TUI_ANCHO 6 \
|
|
"1" "Sudo Group Membership" \
|
|
"2" "Passwordless Sudo (maintenance commands)" \
|
|
"3" "Repair Home Directory Ownership" \
|
|
"4" "Sudo Password Feedback (asterisks)" \
|
|
"5" "Back to main menu")
|
|
|
|
[ -z "$choice" ] && return
|
|
clear
|
|
|
|
case "$choice" in
|
|
1) _check_sudo_group ;;
|
|
2) _configure_nopasswd ;;
|
|
3) _repair_home_ownership ;;
|
|
4) _toggle_pwfeedback ;;
|
|
5) return ;;
|
|
esac
|
|
done
|
|
}
|
|
|
|
# ── Option 1: Sudo Group Membership ──
|
|
_check_sudo_group() {
|
|
if groups "$USER" | grep -qE '\bsudo\b'; then
|
|
_msg "Sudo Group" "User '$USER' is already in the sudo group."
|
|
else
|
|
if _confirm "Sudo Group" \
|
|
"User '$USER' is NOT in the sudo group.\n\nAdd to sudo group?"; then
|
|
if sudo usermod -aG sudo "$USER"; then
|
|
_msg "Sudo Group" \
|
|
"User added to sudo group.\n\nLog out and back in for\ngroup changes to take effect." 10 60
|
|
else
|
|
_msg "Sudo Group" "Failed to add user to sudo group." 7 60
|
|
return 1
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# ── Option 2: Passwordless Sudo (NOPASSWD) ──
|
|
_configure_nopasswd() {
|
|
local nopasswd_file="/etc/sudoers.d/${USER}-nopasswd"
|
|
|
|
if [ -f "$nopasswd_file" ]; then
|
|
if _confirm "NOPASSWD" \
|
|
"Passwordless sudo is already configured.\n\nRemove it to restore password prompts?"; then
|
|
sudo rm -f "$nopasswd_file"
|
|
echo -e "${GREEN}Passwordless sudo removed.${NC}"
|
|
fi
|
|
return
|
|
fi
|
|
|
|
if _confirm "NOPASSWD" \
|
|
"Configure passwordless sudo for maintenance commands?\n\n\
|
|
- apt / apt-get (package management)\n\
|
|
- systemctl (service management)\n\
|
|
- shutdown / reboot / halt (power commands)\n\n\
|
|
Useful for automation but reduces security." 14 70; then
|
|
local choices
|
|
choices=$(_checklist "NOPASSWD Commands" \
|
|
"Select commands to allow without password:" 12 60 3 \
|
|
"apt" "APT package management" ON \
|
|
"systemctl" "Systemd service management" ON \
|
|
"power" "Shutdown, reboot, halt" ON)
|
|
clear
|
|
|
|
[ -z "$choices" ] && { echo "No commands selected."; return; }
|
|
local cleaned; cleaned=$(echo "$choices" | tr -d '"')
|
|
|
|
local content=""
|
|
for cmd in $cleaned; do
|
|
case $cmd in
|
|
apt)
|
|
content+="${USER} ALL=(root) NOPASSWD: /usr/bin/apt, /usr/bin/apt-get, /bin/apt, /bin/apt-get\n"
|
|
;;
|
|
systemctl)
|
|
content+="${USER} ALL=(root) NOPASSWD: /usr/bin/systemctl, /bin/systemctl\n"
|
|
;;
|
|
power)
|
|
content+="${USER} ALL=(root) NOPASSWD: /usr/sbin/shutdown, /sbin/shutdown, /usr/sbin/reboot, /sbin/reboot, /usr/sbin/halt, /sbin/halt\n"
|
|
;;
|
|
esac
|
|
done
|
|
|
|
local content_str; content_str=$(echo -e "$content")
|
|
if _validate_sudoers "$content_str" "$nopasswd_file"; then
|
|
echo -e "${GREEN}Passwordless sudo configured for selected commands.${NC}"
|
|
else
|
|
return 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# ── Option 3: Repair Home Directory Ownership ──
|
|
_repair_home_ownership() {
|
|
local home
|
|
home=$(eval echo "~$USER")
|
|
|
|
if [ ! -d "$home" ]; then
|
|
_msg "Home Directory" "Home directory '$home' does not exist." 8 60
|
|
return 1
|
|
fi
|
|
|
|
local uid uid_owner
|
|
uid=$(id -u "$USER" 2>/dev/null)
|
|
uid_owner=$(stat -c '%u' "$home" 2>/dev/null || echo "0")
|
|
|
|
if [ "$uid_owner" != "$uid" ]; then
|
|
local expected_user
|
|
expected_user=$(id -nu "$uid_owner" 2>/dev/null || echo "UID $uid_owner")
|
|
if _confirm "Home Permissions" \
|
|
"Home directory '$home' is owned by\n'$expected_user' (expected: '$USER').\n\nRepair ownership?" 12 65; then
|
|
if sudo chown -R "$USER:$USER" "$home"; then
|
|
echo -e "${GREEN}Home directory ownership repaired.${NC}"
|
|
else
|
|
echo -e "${RED}Failed to repair home directory ownership.${NC}"
|
|
return 1
|
|
fi
|
|
fi
|
|
else
|
|
_msg "Home Permissions" "Home directory ownership is correct\n(owner: $USER)." 8 60
|
|
fi
|
|
}
|
|
|
|
# ── Option 4: Sudo Password Feedback (pwfeedback) ──
|
|
_toggle_pwfeedback() {
|
|
local fb_file="/etc/sudoers.d/pwfeedback"
|
|
|
|
if [ -f "$fb_file" ]; then
|
|
if _confirm "Password Feedback" \
|
|
"Asterisks are currently ENABLED when typing sudo password.\n\nDisable them?"; then
|
|
sudo rm -f "$fb_file"
|
|
echo -e "${GREEN}Password feedback disabled.${NC}"
|
|
fi
|
|
else
|
|
if _confirm "Password Feedback" \
|
|
"Show asterisks when typing the sudo password?"; then
|
|
if _validate_sudoers 'Defaults pwfeedback' "$fb_file"; then
|
|
echo -e "${GREEN}Password feedback enabled.${NC}"
|
|
else
|
|
return 1
|
|
fi
|
|
fi
|
|
fi
|
|
}
|