feat: doas is no more

CJ-Jackson · Jan 24, 2025 · 087b96e · 087b96e
1 parent 8d57503
commit 087b96e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 24 deletions.
diff --git a/README.md b/README.md
@@ -5,8 +5,6 @@ the following sane open-source solution.
 
 * [SquashFS](https://en.wikipedia.org/wiki/SquashFS)
   * With the json manifest located inside the image `_deploy/push.json`
-* [OpenDoas](https://wiki.archlinux.org/title/Doas)
-  * To allow deploy user to run the script as root, it is a lot safer than SUDO and Polkit.
 * [Minisign](https://jedisct1.github.io/minisign/)
   * For image and user verification, the public key is cherry picked by the client `username@hostname`, as mentioned
     earlier it a stateless system.
@@ -22,7 +20,6 @@ File: `build.py`
 ```python
 #!/usr/bin/env python3
 import os
-import shutil
 import sys
 
 project_path = ""
@@ -126,17 +123,17 @@ run-deploy currently has three editions.
 ### remote-incus
 
 * python3.11
+* systemd
 * squashfuse
-* doas
 * dash
 * minisign
 * incus
 
 ### remote-metal
 
 * python3.11
+* systemd
 * squashfuse
-* doas
 * dash
 * minisign
 

diff --git a/create_server_installer.py b/create_server_installer.py
@@ -59,8 +59,6 @@
 # Enable strict mode by default
 pathlib.Path("opt/run-deploy/options/strict").write_text("strict", 'utf-8')
 
-doas_permission = []
-
 uv_stub = None
 if toml_config.get("uv", False):
     uv_stub = pathlib.Path(f"{current_path}/uv_stub.py").read_text("utf-8").strip() + "\n"
@@ -80,14 +78,6 @@ def copy(src: str, dest: str):
     run_deploy_target_path = f"opt/run-deploy/bin/{os.path.basename(run_deploy_path).removesuffix('.py')}"
     copy(run_deploy_path, run_deploy_target_path)
     os.chmod(run_deploy_target_path, 0o700)
-    if run_deploy_target_path.endswith("-cli"):
-        doas_permission.append(
-            f"permit nopass setenv {{ RUN_DEPLOY_TOKEN RUN_DEPLOY_KEY }} {toml_config['deploy_user']} as root cmd /{run_deploy_target_path}"
-        )
-    else:
-        doas_permission.append(
-            f"permit nopass {toml_config['deploy_user']} as root cmd /{run_deploy_target_path}"
-        )
 
 if os.path.exists(f"{current_path}/{toml_config['edition']}/_opt"):
     shutil.copytree(f"{current_path}/{toml_config['edition']}/_opt", "opt/run-deploy", dirs_exist_ok=True)
@@ -111,10 +101,6 @@ def copy(src: str, dest: str):
 systemd_symlinks = "\n".join(systemd_symlinks)
 systemd_cmd = "\n".join(systemd_cmd)
 
-doas = pathlib.Path("opt/run-deploy/etc/doas.conf")
-doas.write_text("\n".join(doas_permission), 'utf-8')
-doas.chmod(0o400)
-
 update = pathlib.Path("update.sh")
 update.write_text("""#!/bin/dash
 cp -p opt/run-deploy/bin/* /opt/run-deploy/bin
@@ -141,11 +127,6 @@ def copy(src: str, dest: str):
 cp /opt/run-deploy/ssh/authorized_keys /home/{toml_config['deploy_user']}/.ssh
 chown root:{toml_config['deploy_user']} /home/{toml_config['deploy_user']}/.ssh/authorized_keys
 
-# Copy doas
-chmod 600 /etc/doas.conf 2> /dev/null
-cat /opt/run-deploy/etc/doas.conf >> /etc/doas.conf
-chmod 400 /etc/doas.conf
-
 exit 0
 """, 'utf-8')
 install.chmod(0o755)