feat: add alternative priv escalation

thias#123
Liassica · Aug 18, 2024 · 57ba3f1 · 57ba3f1
1 parent c34f93a
commit 57ba3f1
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -4,22 +4,23 @@ A flake for [glim](https://github.com/thias/glim) with a couple of customization
 
 ## Overview
 
-I've Nixified the upstream glim script, so it should work out of the box on systems with Nix. I've also added a few customizations like enabling Secure Boot support and switching the default theme out for [Catppuccin Frappe](https://github.com/catppuccin/grub).
+I've Nixified the upstream glim script, so it should work out of the box on systems with Nix. I've also added a few customizations like enabling Secure Boot support, switching the default theme out for [Catppuccin Frappe](https://github.com/catppuccin/grub), and using doas instead of sudo.
 
 ## Installation
 
 Follow the upstream instructions for setting up your USB device.
 
-Then, install glim to your USB by running `nix run github:Liassica/glim-flake`. You can override the theme by adding this repo as a flake input and overriding the 'theme' input.
+Then, install glim to your USB by running `nix run github:Liassica/glim-flake`. You can override the theme or privilege escalation by adding this repo as a flake input and overriding the 'theme' and 'priv_esc' inputs.
 
-E.g, to use the Breeze GRUB theme:
+E.g, to use the Breeze GRUB theme and sudo:
 
 ```nix
 { pkgs, glim, ...}:
 {
   environment.systemPackages = [
     glim.packages.x86_64-linux.glim.override {
       theme = "${pkgs.kdePackages.breeze-grub}/grub/themes/breeze";
+      priv_esc = pkgs.sudo;
     };
   ];
 }

diff --git a/flake.nix b/flake.nix
@@ -11,6 +11,7 @@
       packages.${system} = {
         glim = pkgs.callPackage ./nix/package {
           theme = (pkgs.catppuccin-grub.override { flavor = "frappe"; }).outPath;
+          priv_esc = pkgs.doas;
         };
         default = self.packages.${system}.glim;
       };

diff --git a/nix/package/default.nix b/nix/package/default.nix
@@ -6,6 +6,7 @@
   rsync,
   writeShellScriptBin,
   theme,
+  priv_esc,
 }:
 let
   cfg = ../../grub2;
@@ -17,12 +18,13 @@ writeShellScriptBin "glim" ''
       coreutils-full
       grub2_efi
       rsync
+      priv_esc
     ]
   }:$PATH
 
   # Check that we are *NOT* running as root
   if [[ `id -u` -eq 0 ]]; then
-    echo "ERROR: Don't run as root, use a user with full sudo access."
+    echo "ERROR: Don't run as root, use a user with full ${priv_esc.pname} access."
     exit 1
   fi
 
@@ -71,8 +73,8 @@ writeShellScriptBin "glim" ''
 
   # Install GRUB2
   GRUB_TARGET="--target=x86_64-efi --efi-directory=''${USBMNT} --removable --modules='tpm' --disable-shim-lock"
-  echo "Running grub-install ''${GRUB_TARGET} --boot-directory=''${USBMNT}/boot (with sudo)..."
-  sudo grub-install ''${GRUB_TARGET} --boot-directory=''${USBMNT}/boot ''${USBDEV}
+  echo "Running grub-install ''${GRUB_TARGET} --boot-directory=''${USBMNT}/boot (with ${priv_esc.pname})..."
+  ${lib.getExe priv_esc} grub-install ''${GRUB_TARGET} --boot-directory=''${USBMNT}/boot ''${USBDEV}
   if [[ $? -ne 0 ]]; then
     echo "ERROR: grub-install returned with an error exit status."
     exit 1