make some improvements to the passwordless sudo logic and add cache t…

…o github actions

.github/workflows/main.yml

@@ -1,6 +1,11 @@
 name: Chezmoi Setup Validation
 
-on: push
+on:
+  push:
+    paths-ignore:
+      - 'LICENSE'
+      - 'README.md'
+
 env:
   dev: "false"
 
@@ -13,5 +18,15 @@ jobs:
         run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
         id: extract_branch
 
+      - name: Cache asdf tools
+        uses: actions/cache@v2
+        with:
+          path: |
+            ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+      
+
       - name: Initialize chezmoi with the current branch content
         run: sh -c "$(curl -fsLS chezmoi.io/get)" -- init --apply ${{ github.repository_owner }} --branch ${{ steps.extract_branch.outputs.branch }}

home/.chezmoiscripts/run_once_after_00-passwordless_sudo.sh.tmpl

@@ -0,0 +1,41 @@
+{{ if eq (env "dev") "true" -}}
+{{ template "common" . -}}
+
+if [[ ! "$LOGNAME" =~ ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ ]]; then
+  echo "Error: LOGNAME contains invalid characters."
+  exit 1
+fi
+if ! sudo -nv > /dev/null 2>&1 ;then
+  echo "Please provide your sudo password:"
+  sudo -v
+fi
+# Keep-alive: update existing sudo time stamp until the script has finished
+while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &
+# Do we need to ask for sudo password or is it already passwordless?
+if ! sudo grep -q 'NOPASSWD:     ALL' /etc/sudoers.d/$LOGNAME > /dev/null 2>&1 ;then
+  echo "no sudoer file"
+
+  bot "Enabling passwordless sudo can reduce security. Are you sure you want to proceed?"
+
+  answer=$(prompt "Make sudo passwordless?")
+
+  if [[ $answer =~ ^[Yy]$ ]];then
+    {{ if eq .osid "darwin" -}}
+    if ! sudo grep -q "#includedir /private/etc/sudoers.d" /etc/sudoers; then
+      echo '#includedir /private/etc/sudoers.d' | sudo tee -a /etc/sudoers > /dev/null
+    fi
+    [ ! -d "/private/etc/sudoers.d" ] && sudo mkdir /private/etc/sudoers.d
+    TMPFILE=$(mktemp)
+    echo -e "Defaults:$LOGNAME    !requiretty\n$LOGNAME ALL=(ALL) NOPASSWD:     ALL" > "$TMPFILE"
+    sudo visudo -cf "$TMPFILE" && sudo mv "$TMPFILE" /private/etc/sudoers.d/$LOGNAME || { echo "Error in sudoers file"; rm "$TMPFILE"; exit 1; }
+    echo "You can now run sudo commands without password!"
+    {{ else -}}
+    if ! sudo grep -q "@includedir /etc/sudoers.d" /etc/sudoers; then
+      echo '@includedir /etc/sudoers.d' | sudo tee -a /etc/sudoers > /dev/null
+    fi
+    echo -e "Defaults:$LOGNAME    !requiretty\n$LOGNAME ALL=(ALL) NOPASSWD:     ALL" | sudo tee /etc/sudoers.d/$LOGNAME
+    echo "You can now run sudo commands without password!"
+    {{ end -}}
+  fi
+fi
+{{ end -}}

home/.chezmoiscripts/run_once_after_03-docker-setup.sh.tmpl

@@ -1,11 +1,8 @@
+{{ if eq (env "dev") "true" -}}
 {{ template "common" . -}}
 
 bot "Docker"
 echo
-if [ "$(id -u)" != "0" ]; then
-  echo "This script must be run as root" 1>&2
-  exit 1
-fi
 if _exists docker && ! systemctl is-enabled --quiet docker ;then
   answer=$(prompt "Enable docker and add your user to the docker group?")
   if [[ $answer =~ ^[Yy]$ ]];then
@@ -25,3 +22,4 @@ if _exists docker && ! systemctl is-enabled --quiet docker ;then
 else
   ok "Docker already enabled!"
 fi
+{{ end -}}

home/.chezmoiscripts/run_once_after_06_1password-setup.sh.tmpl

@@ -5,7 +5,6 @@
 bot "Checking 1password..."
 echo
 if ! _exists 1password ; then
-  sudo -v
   answer=$(prompt "Would you like to install 1password?")
   if [[ $answer =~ ^[Yy]$ ]] ;then
     {{ if eq .osid "linux-debian" }}

home/.chezmoiscripts/run_once_before_01-install-homebrew.sh.tmpl

@@ -1,7 +1,6 @@
 {{ if eq .osid "darwin" -}}
 
 {{ template "common" . -}}
-{{ template "passwordless_sudo" }}
 
 bot "Checking brew..."
 echo