Make run_once scripts sudo-prompt-free when packages already present
Several run_once scripts unconditionally called sudo pacman/apt to install packages — even on boxes where every package was already present. That triggered a sudo password prompt on every fresh chezmoi apply for nothing. Two changes: 1. .chezmoi.yaml.tmpl: fall back to ~/.local/bin/age if /usr/bin/age isn't installed (matters during initial bootstrap before age is installed system-wide). 2. run_once_*.sh.tmpl: detect missing packages first; only call sudo if there's actually something to install. For the LAN hosts script, detect the existing block and skip if it's already correct. These changes are transparent on boxes that already had everything installed (the existing 5): no behavior change. They reduce sudo prompts on bit (the new box, where most packages are pre-installed) from ~5 prompts to 1 (just for /etc/hosts).
This commit is contained in:
parent
a2cc669b22
commit
b40d724f6c
5 changed files with 109 additions and 33 deletions
|
|
@ -20,9 +20,9 @@ ZSH_CUSTOM="${ZSH_CUSTOM:-$USER_HOME/.oh-my-zsh/custom}"
|
|||
|
||||
{{ if eq .os_family "arch" -}}
|
||||
# ----------------------------- ARCH ---------------------------------------
|
||||
log "pacman -Syu"
|
||||
sudo pacman -Syu --noconfirm
|
||||
|
||||
# Only run pacman if anything is actually missing. Avoids a no-op sudo
|
||||
# (which would still prompt for a password even when there's nothing to
|
||||
# install) on boxes where all the user packages are already present.
|
||||
PACMAN_PKGS=(
|
||||
zsh tmux neovim git base-devel
|
||||
bat btop htop fastfetch
|
||||
|
|
@ -32,9 +32,20 @@ PACMAN_PKGS=(
|
|||
openssh
|
||||
bun
|
||||
)
|
||||
|
||||
log "installing pacman packages"
|
||||
sudo pacman -S --needed --noconfirm "${PACMAN_PKGS[@]}"
|
||||
MISSING_PKGS=()
|
||||
for p in "${PACMAN_PKGS[@]}"; do
|
||||
if ! command -v "$p" >/dev/null 2>&1 && ! pacman -Qi "$p" >/dev/null 2>&1; then
|
||||
MISSING_PKGS+=("$p")
|
||||
fi
|
||||
done
|
||||
if (( ${#MISSING_PKGS[@]} > 0 )); then
|
||||
log "pacman -Syu (missing: ${MISSING_PKGS[*]})"
|
||||
sudo pacman -Syu --noconfirm
|
||||
log "installing pacman packages"
|
||||
sudo pacman -S --needed --noconfirm "${MISSING_PKGS[@]}"
|
||||
else
|
||||
log "all user packages already installed; skipping pacman"
|
||||
fi
|
||||
|
||||
# --------------------------- Pi coding agent + oh-my-pi ---------------------
|
||||
# Arch: bun comes from pacman (above), used here for the global install.
|
||||
|
|
@ -50,9 +61,6 @@ fi
|
|||
{{ else if eq .os_family "debian" -}}
|
||||
# ----------------------------- DEBIAN --------------------------------------
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
sudo apt-get update -y
|
||||
sudo apt-get upgrade -y
|
||||
|
||||
APT_PKGS=(
|
||||
zsh tmux git build-essential
|
||||
btop htop fastfetch
|
||||
|
|
@ -63,9 +71,22 @@ APT_PKGS=(
|
|||
ca-certificates curl wget
|
||||
fontconfig
|
||||
)
|
||||
|
||||
log "installing apt packages"
|
||||
sudo apt-get install -y --no-install-recommends "${APT_PKGS[@]}"
|
||||
MISSING_PKGS=()
|
||||
for p in "${APT_PKGS[@]}"; do
|
||||
if ! command -v "$p" >/dev/null 2>&1; then
|
||||
MISSING_PKGS+=("$p")
|
||||
fi
|
||||
done
|
||||
if (( ${#MISSING_PKGS[@]} > 0 )); then
|
||||
log "apt-update (missing: ${MISSING_PKGS[*]})"
|
||||
sudo apt-get update -y
|
||||
log "apt-upgrade"
|
||||
sudo apt-get upgrade -y
|
||||
log "installing apt packages"
|
||||
sudo apt-get install -y --no-install-recommends "${MISSING_PKGS[@]}"
|
||||
else
|
||||
log "all user packages already installed; skipping apt"
|
||||
fi
|
||||
|
||||
# bun isn't in debian repos. Install via official script into ~/.local
|
||||
# (so the binary lands at ~/.local/bin/bun, which is already in PATH
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue