blob: 5f97c700e4fd1fce51d017c73c61f5912cad0091 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
#!/usr/bin/env dash
# Deploy system-level configs from etc/ to /etc/.
# chezmoi re-runs this script whenever any file under etc/ changes.
# etc/ content hash: {{ output "sh" "-c" (printf "cd %q && find etc -type f ! -name .ignore -exec sha256sum {} + | LC_ALL=C sort" .chezmoi.sourceDir) | sha256sum }}
# luks root uuid: {{ output "lsblk" "-dno" "UUID" (printf "/dev/%s" .luksRootPartition) | trim }}
set -eu
cd "$CHEZMOI_SOURCE_DIR"
find etc -type f ! -name .ignore | while IFS= read -r src; do
case "$src" in
*.tmpl)
dest="/${src%.tmpl}"
tmp=$(mktemp)
chezmoi execute-template <"$src" >"$tmp"
sudo install -D -m 0644 -o root -g root "$tmp" "$dest"
rm -f "$tmp"
;;
etc/sudoers-rs)
sudo install -D -m 0440 -o root -g root "$src" "/${src}"
;;
etc/systemd/system-sleep/*)
sudo install -D -m 0755 -o root -g root "$src" "/${src}"
;;
*)
sudo install -D -m 0644 -o root -g root "$src" "/${src}"
;;
esac
done
if [ -d etc/udev/rules.d ]; then
sudo udevadm control --reload
sudo udevadm trigger --subsystem-match=usb
sudo udevadm trigger --subsystem-match=hidraw
fi
# sudo-rs: /etc/pam.d/sudo-i is a symlink to /etc/pam.d/sudo
sudo ln -sfT sudo /etc/pam.d/sudo-i
# Clean up sleep-target masks from the earlier hardened-suspend
# workaround. Now that mem_sleep_default=s2idle resolves the wake hang,
# suspend is enabled again. Remove any leftover /dev/null symlinks.
for target in sleep.target suspend.target hibernate.target \
hybrid-sleep.target suspend-then-hibernate.target; do
link="/etc/systemd/system/$target"
if [ -L "$link" ] && [ "$(readlink "$link")" = "/dev/null" ]; then
sudo rm -f "$link"
fi
done
sudo systemctl daemon-reload
# Reload systemd-logind so changes under /etc/systemd/logind.conf.d/
# (e.g. HandlePowerKey overrides) take effect without dropping sessions.
sudo systemctl kill -s HUP systemd-logind
# Old sudo-rs migration used /usr/local/bin to shadow classic sudo globally.
# Current policy keeps those shims user-scoped via ~/.local/bin/symlink_*.
for link in /usr/local/bin/sudoedit /usr/local/bin/su /usr/local/bin/visudo; do
target=$(readlink "$link" 2>/dev/null || true)
case "$target" in
/usr/bin/sudo-rs|/usr/bin/su-rs|/usr/bin/visudo-rs) sudo rm -f "$link" ;;
esac
done
target=$(readlink /usr/local/bin/sudo 2>/dev/null || true)
if [ "$target" = /usr/bin/sudo-rs ]; then
sudo rm -f /usr/local/bin/sudo
fi
|
