dom0 sudo script

fedora-40.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (C) 2022-2024 Thien Tran
+# Copyright (C) 2022-2024 mustard
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may not
 # use this file except in compliance with the License. You may obtain a copy of
@@ -132,9 +132,6 @@ sudo dnf remove -y abrt* cheese evince file-roller* libreoffice* mediawriter rhy
 # We deviate from the script in TommyTran732/Linux-Setup-Scripts here, as removing yajl will break qubes integration.
 sudo dnf remove -y lvm2 rng-tools thermald '*perl*'
 
-# Disable openh264 repo
-sudo dnf config-manager --set-disabled fedora-cisco-openh264
-
 # Install custom packages
 # gnome-shell is needed for theming to work
 sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme ncurses gnome-console gnome-shell
@@ -154,4 +151,4 @@ set -eu
 sudo dnf config-manager --enable fedora-cisco-openh264 rpmfusion-free rpmfusion-free-updates rpmfusion-nonfree rpmfusion-nonfree-updates
 sudo dnf upgrade -y
 sudo dnf install -y ffmpeg yt-dlp
-sudo dnf install -y android-tools mediawriter gnome-disk-utility
+sudo dnf install -y android-tools mediawriter gnome-disk-utility

sudo-dom0.sh

@@ -0,0 +1,11 @@
+sudo nano authselect create-profile sudo-dom0-prompt --base-on=sssd --symlink-meta --symlink-pam
+sudo mv /etc/authselect/custom/sudo-dom0-prompt/system-auth /etc/authselect/custom/sudo-dom0-prompt/system-auth.original_aside
+sudo cp /etc/authselect/system-auth /etc/authselect/custom/sudo-dom0-prompt
+
+sudo sed -i '/^auth/d' /etc/authselect/system-auth
+sudo sed -i '/^account/a\auth  [success=1 default=ignore]  pam_exec.so seteuid /usr/lib/qubes/qrexec-client-vm dom0 qubes.VMAuth /bin/grep -q ^1$\nauth  requisite  pam_deny.so\nauth  required   pam_permit.so' /etc/authselect/system-auth
+sudo authselect select custom/sudo-dom0-prompt
+
+sudo sed -i '/^%qubes/s/.*/user ALL=(ALL) ALL/' /etc/sudoers.d/qubes
+
+sudo rm /etc/polkit-1/rules.d/00-qubes-allow-all.rules