From 423f28c46968ab6bdd8f079ac10c36f5148cb70c Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@outlook.com>
Date: Fri, 17 Apr 2020 10:34:59 +0200
Subject: [PATCH] Allow update without password using default sudo

---
 playbook/site.yml                           | 3 +--
 playbook/templates/admin/i3.cfg             | 2 +-
 playbook/templates/global/sudo_allow_update | 1 +
 3 files changed, 3 insertions(+), 3 deletions(-)
 create mode 100644 playbook/templates/global/sudo_allow_update

diff --git a/playbook/site.yml b/playbook/site.yml
index d828bed..10480c2 100644
--- a/playbook/site.yml
+++ b/playbook/site.yml
@@ -53,8 +53,6 @@
           - suckless-tools # Tools for i3 config
           - fonts-dejavu-core # Font for fancy i3 / urxvt
           # Frontend applications
-          - lxqt-sudo # Graphical sudo prompt
-          - lxqt-sudo-l10n # Language packs for graphical sudo prompt
           - rxvt-unicode # Terminal for admin account and kiosk script
           - pcmanfm # File Manager for admin account
           - lxde-icon-theme # For icons in pcmanfm
@@ -128,6 +126,7 @@
         config_files:
           lightdm.conf: /etc/lightdm/lightdm.conf
           lightdm-gtk-greeter.conf: /etc/lightdm/lightdm-gtk-greeter.conf
+          sudo_allow_update: /etc/sudoers.d/allow_update
     # Admin User Configuration
     - name: Configure admin user
       user:
diff --git a/playbook/templates/admin/i3.cfg b/playbook/templates/admin/i3.cfg
index 8c7f870..77cd2af 100644
--- a/playbook/templates/admin/i3.cfg
+++ b/playbook/templates/admin/i3.cfg
@@ -129,7 +129,7 @@ bindsym $mod+Control+s exec systemctl poweroff
 # reboot computer
 bindsym $mod+Control+r exec systemctl reboot
 # start updater
-bindsym $mod+Control+u exec lxqt-sudo openvt --switch -- /bin/bash /playbook/update.sh
+bindsym $mod+Control+u exec sudo openvt --switch -- /bin/bash /playbook/update.sh
 
 # resize window (you can also use the mouse for that)
 mode "resize" {
diff --git a/playbook/templates/global/sudo_allow_update b/playbook/templates/global/sudo_allow_update
new file mode 100644
index 0000000..d2eebc5
--- /dev/null
+++ b/playbook/templates/global/sudo_allow_update
@@ -0,0 +1 @@
+{{ admin_user }} ALL=NOPASSWD: /usr/bin/openvt --switch -- /bin/bash /playbook/update.sh