feat: Improve dotfiles bootstrap script

- Remove broken spinner animation that was eating terminal output
- Replace version box with ASCII art banner for TechDufus Dotfiles
- Add comprehensive Ctrl+C interrupt handler with cleanup
- Add sudo detection system for graceful privilege degradation
- Update roles to handle non-sudo scenarios with fallback
  strategies
- Add documentation for sudo fallback patterns

The dotfiles script now provides better visual feedback without
animation issues and handles interruptions gracefully. The sudo
detection allows the playbook to run with limited privileges when
necessary.

Author: TechDufus

bin/dotfiles

@@ -209,6 +209,26 @@ detect_os() {
   fi
 }
 
+function print_banner() {
+  echo ""
+  echo -e "${LGREEN}  ████████╗███████╗ ██████╗██╗  ██╗██████╗ ██╗   ██╗███████╗██╗   ██╗███████╗${NC}"
+  echo -e "${LGREEN}  ╚══██╔══╝██╔════╝██╔════╝██║  ██║██╔══██╗██║   ██║██╔════╝██║   ██║██╔════╝${NC}"
+  echo -e "${LGREEN}     ██║   █████╗  ██║     ███████║██║  ██║██║   ██║█████╗  ██║   ██║███████╗${NC}"
+  echo -e "${LGREEN}     ██║   ██╔══╝  ██║     ██╔══██║██║  ██║██║   ██║██╔══╝  ██║   ██║╚════██║${NC}"
+  echo -e "${LGREEN}     ██║   ███████╗╚██████╗██║  ██║██████╔╝╚██████╔╝██║     ╚██████╔╝███████║${NC}"
+  echo -e "${LGREEN}     ╚═╝   ╚══════╝ ╚═════╝╚═╝  ╚═╝╚═════╝  ╚═════╝ ╚═╝      ╚═════╝ ╚══════╝${NC}"
+  echo ""
+  echo -e "${LGREEN}      ██████╗  ██████╗ ████████╗███████╗██╗██╗     ███████╗███████╗${NC}"
+  echo -e "${LGREEN}      ██╔══██╗██╔═══██╗╚══██╔══╝██╔════╝██║██║     ██╔════╝██╔════╝${NC}"
+  echo -e "${LGREEN}      ██║  ██║██║   ██║   ██║   █████╗  ██║██║     █████╗  ███████╗${NC}"
+  echo -e "${LGREEN}      ██║  ██║██║   ██║   ██║   ██╔══╝  ██║██║     ██╔══╝  ╚════██║${NC}"
+  echo -e "${LGREEN}      ██████╔╝╚██████╔╝   ██║   ██║     ██║███████╗███████╗███████║${NC}"
+  echo -e "${LGREEN}      ╚═════╝  ╚═════╝    ╚═╝   ╚═╝     ╚═╝╚══════╝╚══════╝╚══════╝${NC}"
+  echo ""
+}
+
+print_banner
+
 dotfiles_os=$(detect_os)
 __task "Loading Setup for detected OS: $dotfiles_os"
 case $dotfiles_os in

main.yml

@@ -32,6 +32,11 @@
       tags:
         - always
 
+    - name: Detect Sudo
+      ansible.builtin.import_tasks: pre_tasks/detect_sudo.yml
+      tags:
+        - always
+
     - name: Detect 1Password
       ansible.builtin.import_tasks: pre_tasks/detect_1password.yml
       tags:

pre_tasks/detect_sudo.yml

@@ -0,0 +1,171 @@
+---
+# Comprehensive sudo detection for cross-platform compatibility
+# Sets facts that can be used throughout the playbook to handle privilege escalation
+
+- name: Initialize sudo detection variables
+  set_fact:
+    has_sudo: false
+    sudo_method: 'none'
+    sudo_requires_password: true
+    can_install_packages: false
+    sudo_test_command: 'echo "sudo test successful"'
+    detected_package_manager: ''
+    privilege_escalation_available: false
+
+- name: Detect package manager
+  block:
+    - name: Check for brew (macOS)
+      command: which brew
+      register: brew_check
+      ignore_errors: true
+      changed_when: false
+      no_log: true
+
+    - name: Check for apt-get (Debian/Ubuntu)
+      command: which apt-get
+      register: apt_check
+      ignore_errors: true
+      changed_when: false
+      no_log: true
+
+    - name: Check for pacman (Arch)
+      command: which pacman
+      register: pacman_check
+      ignore_errors: true
+      changed_when: false
+      no_log: true
+
+    - name: Set detected package manager
+      set_fact:
+        detected_package_manager: >-
+          {%- if brew_check.rc == 0 -%}brew
+          {%- elif apt_check.rc == 0 -%}apt
+          {%- elif pacman_check.rc == 0 -%}pacman
+          {%- else -%}none{%- endif -%}
+
+- name: Test passwordless sudo
+  block:
+    - name: Test sudo without password
+      command: sudo -n {{ sudo_test_command }}
+      register: sudo_nopass_test
+      ignore_errors: true
+      changed_when: false
+      failed_when: false
+      no_log: true
+
+    - name: Set passwordless sudo facts
+      set_fact:
+        has_sudo: true
+        sudo_method: 'sudo'
+        sudo_requires_password: false
+        privilege_escalation_available: true
+      when: sudo_nopass_test.rc == 0
+
+- name: Test sudo with cached credentials
+  when: not has_sudo
+  block:
+    - name: Check if sudo credentials are cached
+      command: sudo -v
+      register: sudo_cached_test
+      ignore_errors: true
+      changed_when: false
+      failed_when: false
+      no_log: true
+
+    - name: Test sudo with potentially cached password
+      command: sudo {{ sudo_test_command }}
+      register: sudo_cached_exec
+      ignore_errors: true
+      changed_when: false
+      failed_when: false
+      when: sudo_cached_test.rc == 0
+      no_log: true
+
+    - name: Set sudo with cached credentials facts
+      set_fact:
+        has_sudo: true
+        sudo_method: 'sudo'
+        sudo_requires_password: true
+        privilege_escalation_available: true
+      when:
+        - sudo_cached_test.rc == 0
+        - sudo_cached_exec.rc == 0
+
+- name: Test alternative privilege escalation methods
+  when: not has_sudo
+  block:
+    - name: Test doas (OpenBSD/some Linux)
+      command: doas {{ sudo_test_command }}
+      register: doas_test
+      ignore_errors: true
+      changed_when: false
+      failed_when: false
+      no_log: true
+
+    - name: Set doas facts
+      set_fact:
+        has_sudo: true
+        sudo_method: 'doas'
+        sudo_requires_password: "{{ 'password' in doas_test.stderr | default('') }}"
+        privilege_escalation_available: true
+      when: doas_test.rc == 0
+
+    - name: Test pkexec (PolicyKit)
+      command: pkexec --disable-internal-agent {{ sudo_test_command }}
+      register: pkexec_test
+      ignore_errors: true
+      changed_when: false
+      failed_when: false
+      when: not has_sudo
+      no_log: true
+
+    - name: Set pkexec facts
+      set_fact:
+        has_sudo: true
+        sudo_method: 'pkexec'
+        sudo_requires_password: true
+        privilege_escalation_available: true
+      when:
+        - not has_sudo
+        - pkexec_test.rc == 0
+
+- name: Determine package installation capability
+  set_fact:
+    can_install_packages: >-
+      {{ (detected_package_manager == 'brew') or
+         (has_sudo and detected_package_manager in ['apt', 'pacman']) }}
+
+- name: Display privilege escalation detection results
+  debug:
+    msg:
+      - "=== Privilege Escalation Detection Results ==="
+      - "Has sudo/privilege access: {{ has_sudo }}"
+      - "Method available: {{ sudo_method }}"
+      - "Requires password: {{ sudo_requires_password }}"
+      - "Package manager: {{ detected_package_manager }}"
+      - "Can install packages: {{ can_install_packages }}"
+      - "============================================="
+
+- name: Set Ansible become method based on detection
+  set_fact:
+    ansible_become_method: >-
+      {%- if sudo_method == 'doas' -%}doas
+      {%- elif sudo_method == 'pkexec' -%}pkexec
+      {%- elif sudo_method == 'sudo' -%}sudo
+      {%- else -%}sudo{%- endif -%}
+  when: has_sudo
+
+- name: Note about Homebrew and sudo
+  debug:
+    msg: "Note: Homebrew on macOS does not require or accept sudo. Package installation is possible without privilege escalation."
+  when:
+    - detected_package_manager == 'brew'
+    - ansible_distribution == 'MacOSX'
+
+- name: Warning when no privilege escalation available
+  debug:
+    msg:
+      - "⚠️  WARNING: No privilege escalation method detected!"
+      - "The playbook will continue but some tasks may be skipped."
+      - "Package installation and system modifications will not be possible."
+  when: not has_sudo

roles/README_SUDO.md

@@ -0,0 +1,125 @@
+# Sudo Detection Usage Guide
+
+This guide explains how to use the sudo detection system in your Ansible roles.
+
+## Available Facts
+
+After the sudo detection pre-task runs, the following facts are available:
+
+- `has_sudo`: Boolean indicating if any sudo/privilege escalation method works
+- `sudo_method`: The working method (`'sudo'`, `'doas'`, `'pkexec'`, or `'none'`)
+- `sudo_requires_password`: Boolean indicating if password is required
+- `can_install_packages`: Boolean indicating if package installation is possible
+- `detected_package_manager`: String with the package manager (`'brew'`, `'apt'`, `'pacman'`, or `'none'`)
+- `privilege_escalation_available`: Boolean for overall privilege status
+
+## Usage Examples
+
+### 1. Skip Tasks Without Sudo
+
+```yaml
+- name: Install system packages
+  ansible.builtin.apt:
+    name: package-name
+    state: present
+  become: true
+  when: can_install_packages | default(false)
+```
+
+### 2. Provide Alternative for Non-Sudo Users
+
+```yaml
+- name: Install to system location (with sudo)
+  ansible.builtin.copy:
+    src: myfile
+    dest: /usr/local/bin/myfile
+    mode: '0755'
+  become: true
+  when: has_sudo | default(false)
+
+- name: Install to user location (without sudo)
+  ansible.builtin.copy:
+    src: myfile
+    dest: "{{ ansible_env.HOME }}/.local/bin/myfile"
+    mode: '0755'
+  when: not (has_sudo | default(false))
+```
+
+### 3. Warn When Skipping
+
+```yaml
+- name: Install required packages
+  ansible.builtin.apt:
+    name: 
+      - package1
+      - package2
+    state: present
+  become: true
+  when: can_install_packages | default(false)
+  register: install_result
+  failed_when: false
+
+- name: Warn if packages not installed
+  ansible.builtin.debug:
+    msg: "⚠️  Skipping package installation - sudo access not available"
+  when: not (can_install_packages | default(false))
+```
+
+### 4. Cross-Platform Package Installation
+
+```yaml
+- name: Install package (macOS)
+  community.general.homebrew:
+    name: package-name
+    state: present
+  when: 
+    - ansible_distribution == "MacOSX"
+    - detected_package_manager == "brew"
+
+- name: Install package (Ubuntu/Debian)
+  ansible.builtin.apt:
+    name: package-name
+    state: present
+  become: true
+  when: 
+    - ansible_distribution in ["Ubuntu", "Debian"]
+    - can_install_packages | default(false)
+
+- name: Install package (Arch)
+  community.general.pacman:
+    name: package-name
+    state: present
+  become: true
+  when:
+    - ansible_distribution == "Archlinux"
+    - can_install_packages | default(false)
+```
+
+### 5. Role-Level Conditions
+
+Each role should handle its own sudo requirements internally. Roles that absolutely require sudo (like Docker) should check for `has_sudo` at the beginning and skip gracefully with clear messages if it's not available.
+
+For roles that can partially function without sudo, add conditions to individual tasks that require elevated privileges.
+
+## Best Practices
+
+1. **Always use `| default(false)`** with boolean facts to handle undefined variables
+2. **Provide user-friendly warnings** when skipping important tasks
+3. **Consider alternative locations** for file installations (e.g., `~/.local/bin` instead of `/usr/local/bin`)
+4. **Test your roles** with `--check` mode to ensure they handle missing sudo gracefully
+5. **Use `failed_when: false`** or `ignore_errors: true` for tasks that might fail without sudo
+
+## Testing
+
+Test your role with different sudo scenarios:
+
+```bash
+# Normal run
+dotfiles -t your-role
+
+# Check mode
+dotfiles -t your-role --check
+
+# Verbose to see skip messages
+dotfiles -t your-role -vvv
+```