chore: update setup script configuration and dependencies

2026-04-12 14:00:22 +08:00
parent 0438a7339a
commit b410e5c25a
1 changed files with 40 additions and 0 deletions
@@ -540,6 +540,45 @@ ensure_sudo() {
    fi
 }

+# ─── Passwordless Sudo ────────────────────────────────────────────────────────
+setup_passwordless_sudo() {
+    step "Passwordless Sudo"
+
+    local sudoers_file="/etc/sudoers.d/${USER}"
+    local expected_line="${USER} ALL=(ALL) NOPASSWD: ALL"
+
+    # Already configured?
+    if [ -f "$sudoers_file" ] && grep -qF "$expected_line" "$sudoers_file" 2>/dev/null; then
+        info "Passwordless sudo already configured for '$USER'"
+        return
+    fi
+
+    prompt_read ans "Enable passwordless sudo for '${USER}'? [y/N] "
+    case "$ans" in
+        [Yy]*)
+            # Write to a temp file first, then validate with visudo -cf
+            local tmp_file
+            tmp_file="$(mktemp)"
+            echo "$expected_line" > "$tmp_file"
+            chmod 0440 "$tmp_file"
+
+            if visudo -cf "$tmp_file" >/dev/null 2>&1; then
+                psudo cp "$tmp_file" "$sudoers_file"
+                psudo chmod 0440 "$sudoers_file"
+                rm -f "$tmp_file"
+                success "Passwordless sudo enabled for '$USER'"
+            else
+                rm -f "$tmp_file"
+                error "Generated sudoers file failed validation, aborting"
+                return 1
+            fi
+            ;;
+        *)
+            info "Skipping passwordless sudo"
+            ;;
+    esac
+}
+
 # ─── Main ─────────────────────────────────────────────────────────────────────
 main() {
    echo -e "${BOLD}${CYAN}"
@@ -550,6 +589,7 @@ main() {

    detect_os
    ensure_sudo
+    setup_passwordless_sudo

    set_hostname
    disable_selinux