From 3466f112fac59c6a8cdf0d89501bf1a3858c1d77 Mon Sep 17 00:00:00 2001 From: librelad Date: Sun, 24 May 2026 17:14:31 +0100 Subject: [PATCH] refactor(de-sudo): app_generate + local-dns off raw sudo app_generate operates on the manager-owned install template -> runInstallOp (cp/mv/sed); drop sudo on the interactive editor. localDnsApplyPihole edits containers/pihole/.../custom.list (docker-install-owned) -> read via runFileOp, build in a manager /tmp scratch, write back via runFileWrite. Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- scripts/app/app_generate.sh | 30 +++++++++++++------------- scripts/network/dns/setup_local_dns.sh | 14 +++++++----- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/scripts/app/app_generate.sh b/scripts/app/app_generate.sh index 91518a7..2a008b2 100755 --- a/scripts/app/app_generate.sh +++ b/scripts/app/app_generate.sh @@ -80,33 +80,33 @@ appGenerate() local result=$(createFolders "loud" $docker_install_user $install_containers_dir$app_name) checkSuccess "Creating new folder named $app_name" - local result=$(sudo cp -r $install_containers_dir/template/* $install_containers_dir$app_name) + local result=$(runInstallOp cp -r $install_containers_dir/template/* $install_containers_dir$app_name) checkSuccess "Copying template files to the $app_name folder" - local result=$(sudo mv $install_containers_dir$app_name/template.sh "$app_script_file") + local result=$(runInstallOp mv $install_containers_dir$app_name/template.sh "$app_script_file") checkSuccess "Renaming script file for $app_name" - local result=$(sudo mv $install_containers_dir$app_name/template.config "$app_config_file") + local result=$(runInstallOp mv $install_containers_dir$app_name/template.config "$app_config_file") checkSuccess "Renaming config file for $app_name" # Script updates - local result=$(sudo sed -i '' -e 's/Template/'"$cap_first_app_name"'/g' "$app_script_file" > /dev/null 2>&1) + local result=$(runInstallOp sed -i '' -e 's/Template/'"$cap_first_app_name"'/g' "$app_script_file" > /dev/null 2>&1) checkSuccess "Update $app_name.sh - all cases of Template to $cap_first_app_name" - local result=$(sudo sed -i '' -e 's/template/'"$app_name"'/g' "$app_script_file" > /dev/null 2>&1) + local result=$(runInstallOp sed -i '' -e 's/template/'"$app_name"'/g' "$app_script_file" > /dev/null 2>&1) checkSuccess "Update $app_name.sh - all cases of template to $app_name" - local result=$(sudo sed -i '' -e 's/TEMPLATE/'"$full_caps_app_name"'/g' "$app_script_file" > /dev/null 2>&1) + local result=$(runInstallOp sed -i '' -e 's/TEMPLATE/'"$full_caps_app_name"'/g' "$app_script_file" > /dev/null 2>&1) checkSuccess "Update $app_name.sh - all cases of TEMPLATE to $full_caps_app_name" - local result=$(sudo sed -i '' -e 's/old/'"$app_category"'/g' "$app_script_file" > /dev/null 2>&1) + local result=$(runInstallOp sed -i '' -e 's/old/'"$app_category"'/g' "$app_script_file" > /dev/null 2>&1) checkSuccess "Updating $app_name.sh - category to $app_category" - local result=$(sudo sed -i '' -e 's/Placeholder!/'"$app_description"'/g' "$app_script_file" > /dev/null 2>&1) + local result=$(runInstallOp sed -i '' -e 's/Placeholder!/'"$app_description"'/g' "$app_script_file" > /dev/null 2>&1) checkSuccess "Updating $app_name.sh - description to $app_description" # Config updates - local result=$(sudo sed -i '' -e 's/Template/'"$cap_first_app_name"'/g' "$app_config_file" > /dev/null 2>&1) + local result=$(runInstallOp sed -i '' -e 's/Template/'"$cap_first_app_name"'/g' "$app_config_file" > /dev/null 2>&1) checkSuccess "Update $app_name.config - all cases of Template to $cap_first_app_name" - local result=$(sudo sed -i '' -e 's/template/'"$app_name"'/g' "$app_config_file" > /dev/null 2>&1) + local result=$(runInstallOp sed -i '' -e 's/template/'"$app_name"'/g' "$app_config_file" > /dev/null 2>&1) checkSuccess "Update $app_name.config - all cases of template to $app_name" - local result=$(sudo sed -i '' -e 's/TEMPLATE/'"$full_caps_app_name"'/g' "$app_config_file" > /dev/null 2>&1) + local result=$(runInstallOp sed -i '' -e 's/TEMPLATE/'"$full_caps_app_name"'/g' "$app_config_file" > /dev/null 2>&1) checkSuccess "Update $app_name.config - all cases of TEMPLATE to $full_caps_app_name" - local result=$(sudo sed -i '' -e 's/HOST_NAME=test/HOST_NAME='"$host_name"'/g' "$app_config_file" > /dev/null 2>&1) + local result=$(runInstallOp sed -i '' -e 's/HOST_NAME=test/HOST_NAME='"$host_name"'/g' "$app_config_file" > /dev/null 2>&1) checkSuccess "Updating Config - HOST_NAME to $app_name" while true; do @@ -119,7 +119,7 @@ appGenerate() isNotice "Please provide a valid input." done if [[ "$app_docker_compose" == [yY] ]]; then - sudo $CFG_TEXT_EDITOR "$install_containers_dir$app_name/docker-compose.yml" + $CFG_TEXT_EDITOR "$install_containers_dir$app_name/docker-compose.yml" fi while true; do @@ -132,7 +132,7 @@ appGenerate() isNotice "Please provide a valid input." done if [[ "$app_config" == [yY] ]]; then - sudo $CFG_TEXT_EDITOR "$install_containers_dir$app_name/$app_name.config" + $CFG_TEXT_EDITOR "$install_containers_dir$app_name/$app_name.config" fi while true; do @@ -145,7 +145,7 @@ appGenerate() isNotice "Please provide a valid input." done if [[ "$app_script" == [yY] ]]; then - sudo $CFG_TEXT_EDITOR "$install_containers_dir$app_name/$app_name.sh" + $CFG_TEXT_EDITOR "$install_containers_dir$app_name/$app_name.sh" fi while true; do diff --git a/scripts/network/dns/setup_local_dns.sh b/scripts/network/dns/setup_local_dns.sh index 4da40bf..91dd358 100644 --- a/scripts/network/dns/setup_local_dns.sh +++ b/scripts/network/dns/setup_local_dns.sh @@ -104,16 +104,20 @@ localDnsApplyPihole() { local hosts tmp h n hosts=$(localDnsAppHosts) if [[ -z "$hosts" ]]; then isNotice "No app hosts for Pi-hole — skipping."; return 0; fi - tmp=$(sudo mktemp) - if [[ -f "$list" ]]; then # preserve anything outside our block - sudo awk -v b="$b" -v e="$e" '$0==b{skip=1} !skip{print} $0==e{skip=0}' "$list" | sudo tee "$tmp" >/dev/null + # $list lives under containers/pihole (docker-install-owned): read/write it + # via the container-owner helpers; build the new content in a manager /tmp + # scratch in between. + tmp=$(mktemp) + if runFileOp test -f "$list"; then # preserve anything outside our block + runFileOp cat "$list" | awk -v b="$b" -v e="$e" '$0==b{skip=1} !skip{print} $0==e{skip=0}' > "$tmp" fi { echo "$b" while IFS= read -r h; do [[ -n "$h" ]] && echo "${ip} ${h}"; done <<< "$hosts" echo "$e" - } | sudo tee -a "$tmp" >/dev/null - sudo cp "$tmp" "$list"; sudo rm -f "$tmp" + } >> "$tmp" + runFileWrite "$list" < "$tmp" + rm -f "$tmp" n=$(printf '%s\n' "$hosts" | grep -c .) dockerCommandRun "docker exec pihole-service pihole restartdns" >/dev/null 2>&1 || dockerComposeRestart pihole isSuccessful "Pi-hole custom.list updated: ${n} hosts -> ${ip}"