diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-13 13:43:31 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-13 13:43:31 +0100 |
| commit | 3d263bdbb48e7616a12af26ef094e5a416f9a735 (patch) | |
| tree | 34cf90cef24496ecfc271055255f8a7596f84627 /dot_config/nvim/lua/config/keymaps.lua | |
| parent | 51b8af587e46d4e03b059a51253d9671e27d08e3 (diff) | |
| download | dotfiles-3d263bdbb48e7616a12af26ef094e5a416f9a735.tar.gz dotfiles-3d263bdbb48e7616a12af26ef094e5a416f9a735.tar.bz2 dotfiles-3d263bdbb48e7616a12af26ef094e5a416f9a735.zip | |
feat(privesc): migrate from opendoas to sudo-rs
doas's one-shot password and absent 'sudo -v' kept wasting hour-long
paru AUR builds. sudo-rs is a memory-safe Rust rewrite (ISRG/Ferrous
Systems), drop-in CLI compatible, and the same one Ubuntu 25.10 ships
as default. We follow the Arch wiki 'Using sudo-rs without the sudo
package' recipe verbatim — no custom shims.
- meta/base.txt: -doas-sudo-shim +sudo-rs
- etc/sudoers-rs (mode 0440): wiki minimal config + NOPASSWD reboot/poweroff
- etc/pam.d/sudo: 4-line copy of upstream sudo's PAM file
- run_onchange_after_deploy-etc.sh.tmpl: use real sudo, deploy sudoers-rs
at 0440, create /etc/pam.d/sudo-i and /usr/local/bin/{sudo,sudoedit,
su,visudo} → sudo-rs symlinks idempotently
- delete etc/doas.conf, dot_local/bin/{doasedit,sudo}
- zshrc: drop sudo=doas/sudoedit=doasedit aliases; rewrite ss/gimme/
pacdiff/ssys to call sudo
- justfile: s/doas/sudo/g (status/diff/restore helpers)
- nvim: rename :DoasWrite → :SudoWrite (uses sudo -S)
- sway config: reboot/poweroff buttons call sudo
- bootstrap.sh: update step-5 comment
- README/KEYBINDS/copilot-instructions: flip the privesc convention
No Defaults overrides: sudo's defaults (passwd_tries=3,
timestamp_timeout=5) already fix the doas pain, and paru SudoLoop
(kept) refreshes the 5-min window via real sudo -v.
Diffstat (limited to 'dot_config/nvim/lua/config/keymaps.lua')
| -rw-r--r-- | dot_config/nvim/lua/config/keymaps.lua | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/dot_config/nvim/lua/config/keymaps.lua b/dot_config/nvim/lua/config/keymaps.lua index a0dc19e..b3362a3 100644 --- a/dot_config/nvim/lua/config/keymaps.lua +++ b/dot_config/nvim/lua/config/keymaps.lua @@ -78,15 +78,15 @@ nmap("yp", function() vim.fn.setreg("+", vim.fn.expand("%")) end, "[Y]ank [P]ath") -local doas_exec = function(_cmd) +local sudo_exec = function(_cmd) vim.fn.inputsave() local password = vim.fn.inputsecret("Password: ") vim.fn.inputrestore() if not password or #password == 0 then - vim.notify("Invalid password, doas aborted", vim.log.levels.WARN) + vim.notify("Invalid password, sudo aborted", vim.log.levels.WARN) return false end - local out = vim.fn.system(string.format("doas -S %s", _cmd), password .. "\n") + local out = vim.fn.system(string.format("sudo -S %s", _cmd), password .. "\n") if vim.v.shell_error ~= 0 then print("\r\n") vim.notify(out, vim.log.levels.ERROR) @@ -95,7 +95,7 @@ local doas_exec = function(_cmd) return true end -vim.api.nvim_create_user_command("DoasWrite", function(opts) +vim.api.nvim_create_user_command("SudoWrite", function(opts) local tmpfile = vim.fn.tempname() local filepath if #opts.fargs == 1 then @@ -116,7 +116,7 @@ vim.api.nvim_create_user_command("DoasWrite", function(opts) ) -- no need to check error as this fails the entire function vim.api.nvim_exec2(string.format("write! %s", tmpfile), { output = true }) - if doas_exec(_cmd) then + if sudo_exec(_cmd) then -- refreshes the buffer and prints the "written" message vim.cmd.checktime() -- exit command mode @@ -129,5 +129,5 @@ vim.api.nvim_create_user_command("DoasWrite", function(opts) vim.fn.delete(tmpfile) end, { nargs = "?", - desc = "Write using doas permissions", + desc = "Write using sudo permissions", }) |