refactor: implement component-based architecture for enhanced maintainability
- Reorganize directory structure into core/, features/, and themes/ - Colocate application Nix logic, configs, scripts, and theme overrides - Implement 'Inversion of Control' for theming: apps now pull theme-specific layouts - Update flake.nix and shared library paths to match the new structure - Document the new Feature-Centric architecture in README.md
This commit is contained in:
Bernardo Magri
43
core/system/scripts/nomarchy-sudo-passwordless-toggle
Executable file
43
core/system/scripts/nomarchy-sudo-passwordless-toggle
Executable file
@@ -0,0 +1,43 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Toggle passwordless sudo for the current user.
|
||||
# First run: enables passwordless sudo for 15 minutes (after confirmation).
|
||||
# Second run: disables it early.
|
||||
|
||||
NOPASSWD_FILE="/etc/sudoers.d/99-nomarchy-nopasswd-${USER}"
|
||||
TIMER_NAME="nomarchy-nopasswd-expire-${USER}"
|
||||
|
||||
# Safety: if the file exists but the timer doesn't (e.g. after reboot), clean up
|
||||
if sudo test -f "$NOPASSWD_FILE" && ! systemctl is-active "${TIMER_NAME}.timer" &>/dev/null; then
|
||||
sudo rm "$NOPASSWD_FILE"
|
||||
fi
|
||||
|
||||
# Check for the file directly — sudo -n can stay cached or be granted by other rules
|
||||
if sudo test -f "$NOPASSWD_FILE"; then
|
||||
sudo rm "$NOPASSWD_FILE"
|
||||
sudo systemctl stop "${TIMER_NAME}.timer" 2>/dev/null
|
||||
echo "Passwordless sudo has been DISABLED. Sudo will require a password again."
|
||||
else
|
||||
echo ""
|
||||
echo "⚠️ WARNING: This will allow ANY process running as your user to"
|
||||
echo "execute ANY command as root WITHOUT a password for 15 minutes."
|
||||
echo ""
|
||||
echo "This is useful for AI agents that need to run sudo commands,"
|
||||
echo "but it significantly weakens the security of your system."
|
||||
echo "Anyone or anything with access to your user account gets full root."
|
||||
echo ""
|
||||
echo "Passwordless sudo will automatically disable after 15 minutes."
|
||||
echo "Run this command again to disable it early."
|
||||
echo ""
|
||||
|
||||
if gum confirm "Enable passwordless sudo for 15 minutes? This is a significant security risk!"; then
|
||||
echo "${USER} ALL=(ALL) NOPASSWD: ALL" | sudo tee "$NOPASSWD_FILE" > /dev/null
|
||||
sudo chmod 440 "$NOPASSWD_FILE"
|
||||
sudo systemd-run --on-active=15m --timer-property=AccuracySec=1s --unit="$TIMER_NAME" \
|
||||
rm "$NOPASSWD_FILE"
|
||||
echo "Passwordless sudo has been ENABLED. It will automatically disable in 15 minutes."
|
||||
echo "Note: if you restart before then, run nomarchy-sudo-passwordless-toggle again to disable it."
|
||||
else
|
||||
echo "Aborted. No changes made."
|
||||
fi
|
||||
fi
|
||||
Reference in New Issue
Block a user