Foundation for a scoped sudoers: route every genuine system-admin command (systemctl/ufw/ufw-docker/nft/apt/apt-get/pacman/sysctl/useradd/usermod/ service/wg/wg-quick/cscli/loginctl) through runSystem instead of raw sudo across 28 active scripts. runSystem is 'sudo "$@"' so this is byte-identical in every mode (safe on live installs) — it just collects all real-root use at one chokepoint that will define the eventual /etc/sudoers.d allowlist. Also: revert a crowdsec advice message the sweep wrongly rewrote (the admin types sudo, not runSystem), and give crontab_check_processor.sh the same startup bootstrap as the task processor — it runs standalone via cron and already used runFileOp/runFileWrite (undefined there), so it was silently broken; now it sources the helpers + docker-type config. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
25 lines
788 B
Bash
25 lines
788 B
Bash
#!/bin/bash
|
|
|
|
borgInstall()
|
|
{
|
|
if command -v borg >/dev/null 2>&1; then
|
|
local v
|
|
v=$(borg --version 2>/dev/null | head -1)
|
|
isNotice "BorgBackup already installed ($v)"
|
|
return 0
|
|
fi
|
|
|
|
isHeader "Installing BorgBackup"
|
|
if command -v apt-get >/dev/null 2>&1; then
|
|
runSystem apt-get install -y borgbackup && return 0
|
|
elif command -v dnf >/dev/null 2>&1; then
|
|
sudo dnf install -y borgbackup && return 0
|
|
elif command -v pacman >/dev/null 2>&1; then
|
|
runSystem pacman -S --noconfirm borg && return 0
|
|
fi
|
|
|
|
isError "Could not install BorgBackup — no supported package manager found."
|
|
isNotice "Install manually (https://borgbackup.readthedocs.io/) and re-run 'libreportal backup location init'."
|
|
return 1
|
|
}
|