From 6634e28540ea6a73dacf3a91a7d5369ea16a5ca6 Mon Sep 17 00:00:00 2001
From: Manuel <manuel.ramsaier89@gmail.com>
Date: Tue, 12 Aug 2025 13:31:48 +0200
Subject: [PATCH] Set sudo max tries to 10, binary for easy lockout reset
 (#686)

* set sudo max fail count to 10, bin for easy reset

* Slim down

Let the failure just fail in the shell

* Rename to be more descriptive

* No need for the 00- prefix

* Add migration to raise sudo try limit

---------

Co-authored-by: Manuel <manuel.ramsaier@gmail.com>
Co-authored-by: David Heinemeier Hansson <david@hey.com>
---
 bin/omarchy-reset-sudo                | 4 ++++
 install.sh                            | 1 +
 install/config/increase-sudo-tries.sh | 2 ++
 migrations/1754996869.sh              | 3 +++
 4 files changed, 10 insertions(+)
 create mode 100755 bin/omarchy-reset-sudo
 create mode 100644 install/config/increase-sudo-tries.sh
 create mode 100644 migrations/1754996869.sh

diff --git a/bin/omarchy-reset-sudo b/bin/omarchy-reset-sudo
new file mode 100755
index 00000000..18294965
--- /dev/null
+++ b/bin/omarchy-reset-sudo
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+echo "Resetting sudo lockout for user: $USER"
+su -c "faillock --reset --user $USER"
diff --git a/install.sh b/install.sh
index 9b728d0a..f8d07875 100755
--- a/install.sh
+++ b/install.sh
@@ -44,6 +44,7 @@ source $OMARCHY_INSTALL/config/power.sh
 source $OMARCHY_INSTALL/config/timezones.sh
 source $OMARCHY_INSTALL/config/login.sh
 source $OMARCHY_INSTALL/config/nvidia.sh
+source $OMARCHY_INSTALL/config/increase-sudo-tries.sh
 
 # Development
 show_logo decrypt 920
diff --git a/install/config/increase-sudo-tries.sh b/install/config/increase-sudo-tries.sh
new file mode 100644
index 00000000..f9b18ddf
--- /dev/null
+++ b/install/config/increase-sudo-tries.sh
@@ -0,0 +1,2 @@
+echo "Defaults passwd_tries=10" | sudo tee /etc/sudoers.d/passwd-tries
+sudo chmod 440 /etc/sudoers.d/passwd-tries
diff --git a/migrations/1754996869.sh b/migrations/1754996869.sh
new file mode 100644
index 00000000..d2be16bb
--- /dev/null
+++ b/migrations/1754996869.sh
@@ -0,0 +1,3 @@
+echo "Increase sudo attempts limit to 10"
+
+source $OMARCHY_PATH/install/config/increase-sudo-tries.sh