diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-06-15 00:55:44 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-06-15 00:55:44 +0100 |
| commit | 066df8cc91966a0fbe5b2a32c45ad984fd9ae468 (patch) | |
| tree | 97bdba4d5294f305791f48afabd8386c3f97091f /dot_config | |
| parent | bb607b3cdb027a2d02cf2111b8ee12dab172efad (diff) | |
| download | dotfiles-066df8cc91966a0fbe5b2a32c45ad984fd9ae468.tar.gz dotfiles-066df8cc91966a0fbe5b2a32c45ad984fd9ae468.tar.bz2 dotfiles-066df8cc91966a0fbe5b2a32c45ad984fd9ae468.zip | |
Use absolute editor commands under sudo
Resolve nvim before exporting editor and pager variables so sudo-rs env_keep does not depend on root's secure_path.
Update the Waybar pacdiff action to pass an absolute DIFFPROG through sudo.
Diffstat (limited to 'dot_config')
| -rw-r--r-- | dot_config/waybar/config.jsonc | 2 | ||||
| -rwxr-xr-x | dot_config/waybar/executable_pacdiff-status.sh | 6 | ||||
| -rw-r--r-- | dot_config/zsh/dot_zprofile | 23 |
3 files changed, 23 insertions, 8 deletions
diff --git a/dot_config/waybar/config.jsonc b/dot_config/waybar/config.jsonc index 80eb560..2729572 100644 --- a/dot_config/waybar/config.jsonc +++ b/dot_config/waybar/config.jsonc @@ -236,7 +236,7 @@ "exec": "~/.config/waybar/pacdiff-status.sh", "return-type": "json", "interval": 300, - "on-click": "ghostty --class=floating -e sh -c 'DIFFPROG=\"nvim -d\" sudo pacdiff; printf \"\\n[done — press enter] \"; read _'", + "on-click": "ghostty --class=floating -e sh -c 'nvim=$(command -v nvim); DIFFPROG=\"$nvim -d\" sudo pacdiff; printf \"\\n[done — press enter] \"; read _'", "tooltip": true, }, diff --git a/dot_config/waybar/executable_pacdiff-status.sh b/dot_config/waybar/executable_pacdiff-status.sh index 92eb6a8..9712993 100755 --- a/dot_config/waybar/executable_pacdiff-status.sh +++ b/dot_config/waybar/executable_pacdiff-status.sh @@ -5,9 +5,9 @@ # from "no problems" to "non-zero" (i.e. on the post-`pacman -Syu` # settle), so you're nudged exactly once per upgrade wave. # -# Click handler runs `DIFFPROG='nvim -d' sudo pacdiff` in a floating -# ghostty. DIFFPROG is propagated through sudo-rs by the env_keep policy -# in etc/sudoers-rs (no -E needed — env_keep is unconditional pass-through). +# Click handler resolves nvim to an absolute path, then runs sudo pacdiff with +# DIFFPROG set to that absolute editor. sudo-rs keeps DIFFPROG, but root's +# secure_path deliberately does not include the user's nix profile. set -eu diff --git a/dot_config/zsh/dot_zprofile b/dot_config/zsh/dot_zprofile index 7b79af0..b95079b 100644 --- a/dot_config/zsh/dot_zprofile +++ b/dot_config/zsh/dot_zprofile @@ -42,10 +42,25 @@ export BROWSER='linkhandler' export OPENER='xdg-open' # ── Editors ─────────────────────────────────────────────────────────────────── -export EDITOR='nvim' -export VISUAL='nvim' -export DIFFPROG='nvim -d' -export MANPAGER='nvim +Man!' +# Keep editor-style variables absolute. sudo-rs preserves them for interactive +# tools, but root's secure_path intentionally does not include the user's nix +# profile, so bare `nvim` would fail under sudo. +if _nvim="$(whence -p nvim 2>/dev/null)"; then + export EDITOR="$_nvim" + export VISUAL="$_nvim" + export SUDO_EDITOR="$_nvim" + export GIT_EDITOR="$_nvim" + export DIFFPROG="$_nvim -d" + export MANPAGER="$_nvim +Man!" +else + export EDITOR='vi' + export VISUAL='vi' + export SUDO_EDITOR='vi' + export GIT_EDITOR='vi' + export DIFFPROG='diff -u' + export MANPAGER='less' +fi +unset _nvim export MANWIDTH=999 # ── less ────────────────────────────────────────────────────────────────────── |