More restrictive sudoless setup for first-run

2026-02-17 15:25:37 +00:00 · 2025-08-25 07:49:16 +02:00
parent 925a2906e5
commit 2d848338e6
3 changed files with 10 additions and 1 deletions
--- a/install/preflight/first-run-mode.sh
+++ b/install/preflight/first-run-mode.sh
@@ -3,3 +3,11 @@
 # Set first-run mode marker so we can install stuff post-installation
 mkdir -p ~/.local/state/omarchy
 touch ~/.local/state/omarchy/first-run.mode
+
+# Setup sudo-less access for first-run
+sudo tee /etc/sudoers.d/first-run >/dev/null <<EOF
+$USER ALL=(ALL) NOPASSWD: /usr/bin/ufw
+$USER ALL=(ALL) NOPASSWD: /usr/bin/ufw-docker
+$USER ALL=(ALL) NOPASSWD: /bin/rm -f /etc/sudoers.d/first-run
+EOF
+sudo chmod 440 /etc/sudoers.d/first-run