From 76c94e2604779598a9e61f0c66fb15d726f56ddc Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Sat, 23 Aug 2025 22:31:42 +0200
Subject: [PATCH] Breakup the omnibus config install

---
 install.sh                               |  9 ++++--
 install/config/config.sh                 | 40 ------------------------
 install/config/fix-fkeys.sh              |  3 --
 install/config/git.sh                    | 18 +++++++++++
 install/config/gpg.sh                    |  8 +++++
 install/config/increase-lockout-limit.sh |  5 +++
 install/config/increase-sudo-tries.sh    |  2 ++
 install/config/ssh-flakiness.sh          |  4 +++
 install/config/xcompose.sh               | 10 ++++++
 9 files changed, 54 insertions(+), 45 deletions(-)
 create mode 100644 install/config/git.sh
 create mode 100644 install/config/gpg.sh
 create mode 100644 install/config/increase-lockout-limit.sh
 create mode 100644 install/config/ssh-flakiness.sh
 create mode 100644 install/config/xcompose.sh

diff --git a/install.sh b/install.sh
index 362fbacc..3485d623 100755
--- a/install.sh
+++ b/install.sh
@@ -60,15 +60,20 @@ source $OMARCHY_INSTALL/preflight/migrations.sh
 # Configuration
 source $OMARCHY_INSTALL/config/config.sh
 source $OMARCHY_INSTALL/config/branding.sh
-source $OMARCHY_INSTALL/config/detect-keyboard-layout.sh
-source $OMARCHY_INSTALL/config/fix-fkeys.sh
 source $OMARCHY_INSTALL/config/network.sh
 source $OMARCHY_INSTALL/config/power.sh
+source $OMARCHY_INSTALL/config/git.sh
+source $OMARCHY_INSTALL/config/gpg.sh
 source $OMARCHY_INSTALL/config/usb-autosuspend.sh
 source $OMARCHY_INSTALL/config/timezones.sh
 source $OMARCHY_INSTALL/config/nvidia.sh
 source $OMARCHY_INSTALL/config/increase-sudo-tries.sh
+source $OMARCHY_INSTALL/config/increase-lockout-limit.sh
 source $OMARCHY_INSTALL/config/ignore-power-button.sh
+source $OMARCHY_INSTALL/config/ssh-flakiness.sh
+source $OMARCHY_INSTALL/config/detect-keyboard-layout.sh
+source $OMARCHY_INSTALL/config/fix-fkeys.sh
+source $OMARCHY_INSTALL/config/xcompose.sh
 
 # Login
 source $OMARCHY_INSTALL/login/plymouth.sh
diff --git a/install/config/config.sh b/install/config/config.sh
index d341ccb8..37d081d0 100644
--- a/install/config/config.sh
+++ b/install/config/config.sh
@@ -15,43 +15,3 @@ if [ -n "$OMARCHY_BARE" ]; then
   mkdir -p ~/.local/state/omarchy
   touch ~/.local/state/omarchy/bare.mode
 fi
-
-# Setup GPG configuration with multiple keyservers for better reliability
-sudo mkdir -p /etc/gnupg
-sudo cp ~/.local/share/omarchy/default/gpg/dirmngr.conf /etc/gnupg/
-sudo chmod 644 /etc/gnupg/dirmngr.conf
-sudo gpgconf --kill dirmngr || true
-sudo gpgconf --launch dirmngr || true
-
-# Increase lockout limit to 10 and decrease timeout to 2 minutes
-sudo sed -i 's|^\(auth\s\+required\s\+pam_faillock.so\)\s\+preauth.*$|\1 preauth silent deny=10 unlock_time=120|' "/etc/pam.d/system-auth"
-sudo sed -i 's|^\(auth\s\+\[default=die\]\s\+pam_faillock.so\)\s\+authfail.*$|\1 authfail deny=10 unlock_time=120|' "/etc/pam.d/system-auth"
-
-# Solve common flakiness with SSH
-echo "net.ipv4.tcp_mtu_probing=1" | sudo tee -a /etc/sysctl.d/99-sysctl.conf
-
-# Set common git aliases
-git config --global alias.co checkout
-git config --global alias.br branch
-git config --global alias.ci commit
-git config --global alias.st status
-git config --global pull.rebase true
-git config --global init.defaultBranch master
-
-# Set identification from install inputs
-if [[ -n "${OMARCHY_USER_NAME//[[:space:]]/}" ]]; then
-  git config --global user.name "$OMARCHY_USER_NAME"
-fi
-
-if [[ -n "${OMARCHY_USER_EMAIL//[[:space:]]/}" ]]; then
-  git config --global user.email "$OMARCHY_USER_EMAIL"
-fi
-
-# Set default XCompose that is triggered with CapsLock
-tee ~/.XCompose >/dev/null <<EOF
-include "%H/.local/share/omarchy/default/xcompose"
-
-# Identification
-<Multi_key> <space> <n> : "$OMARCHY_USER_NAME"
-<Multi_key> <space> <e> : "$OMARCHY_USER_EMAIL"
-EOF
diff --git a/install/config/fix-fkeys.sh b/install/config/fix-fkeys.sh
index 1ae71c5b..29f4b84d 100644
--- a/install/config/fix-fkeys.sh
+++ b/install/config/fix-fkeys.sh
@@ -2,7 +2,4 @@
 
 if [[ ! -f /etc/modprobe.d/hid_apple.conf ]]; then
   echo "options hid_apple fnmode=2" | sudo tee /etc/modprobe.d/hid_apple.conf
-
-  # Rely on install/login.sh to do the rebuild
-  # sudo mkinitcpio -P
 fi
diff --git a/install/config/git.sh b/install/config/git.sh
new file mode 100644
index 00000000..54bb4bdc
--- /dev/null
+++ b/install/config/git.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Set common git aliases
+git config --global alias.co checkout
+git config --global alias.br branch
+git config --global alias.ci commit
+git config --global alias.st status
+git config --global pull.rebase true
+git config --global init.defaultBranch master
+
+# Set identification from install inputs
+if [[ -n "${OMARCHY_USER_NAME//[[:space:]]/}" ]]; then
+  git config --global user.name "$OMARCHY_USER_NAME"
+fi
+
+if [[ -n "${OMARCHY_USER_EMAIL//[[:space:]]/}" ]]; then
+  git config --global user.email "$OMARCHY_USER_EMAIL"
+fi
diff --git a/install/config/gpg.sh b/install/config/gpg.sh
new file mode 100644
index 00000000..174c5641
--- /dev/null
+++ b/install/config/gpg.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Setup GPG configuration with multiple keyservers for better reliability
+sudo mkdir -p /etc/gnupg
+sudo cp ~/.local/share/omarchy/default/gpg/dirmngr.conf /etc/gnupg/
+sudo chmod 644 /etc/gnupg/dirmngr.conf
+sudo gpgconf --kill dirmngr || true
+sudo gpgconf --launch dirmngr || true
diff --git a/install/config/increase-lockout-limit.sh b/install/config/increase-lockout-limit.sh
new file mode 100644
index 00000000..1fdbf7dd
--- /dev/null
+++ b/install/config/increase-lockout-limit.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# Increase lockout limit to 10 and decrease timeout to 2 minutes
+sudo sed -i 's|^\(auth\s\+required\s\+pam_faillock.so\)\s\+preauth.*$|\1 preauth silent deny=10 unlock_time=120|' "/etc/pam.d/system-auth"
+sudo sed -i 's|^\(auth\s\+\[default=die\]\s\+pam_faillock.so\)\s\+authfail.*$|\1 authfail deny=10 unlock_time=120|' "/etc/pam.d/system-auth"
diff --git a/install/config/increase-sudo-tries.sh b/install/config/increase-sudo-tries.sh
index f9b18ddf..7a167d80 100644
--- a/install/config/increase-sudo-tries.sh
+++ b/install/config/increase-sudo-tries.sh
@@ -1,2 +1,4 @@
+#!/bin/bash
+
 echo "Defaults passwd_tries=10" | sudo tee /etc/sudoers.d/passwd-tries
 sudo chmod 440 /etc/sudoers.d/passwd-tries
diff --git a/install/config/ssh-flakiness.sh b/install/config/ssh-flakiness.sh
new file mode 100644
index 00000000..1746f59b
--- /dev/null
+++ b/install/config/ssh-flakiness.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Solve common flakiness with SSH
+echo "net.ipv4.tcp_mtu_probing=1" | sudo tee -a /etc/sysctl.d/99-sysctl.conf
diff --git a/install/config/xcompose.sh b/install/config/xcompose.sh
new file mode 100644
index 00000000..5fb501b3
--- /dev/null
+++ b/install/config/xcompose.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Set default XCompose that is triggered with CapsLock
+tee ~/.XCompose >/dev/null <<EOF
+include "%H/.local/share/omarchy/default/xcompose"
+
+# Identification
+<Multi_key> <space> <n> : "$OMARCHY_USER_NAME"
+<Multi_key> <space> <e> : "$OMARCHY_USER_EMAIL"
+EOF