Can't install firewall in chroot, so move it into its own service for now

bin/omarchy-install-firewall

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if ! command -v ufw &>/dev/null; then
+  yay -S --noconfirm --needed ufw ufw-docker
+fi
+
+# Allow nothing in, everything out
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+
+# Allow ports for LocalSend
+sudo ufw allow 53317/udp
+sudo ufw allow 53317/tcp
+
+# Allow SSH in
+sudo ufw allow 22/tcp
+
+# Allow Docker containers to use DNS on host
+sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'
+
+# Turn on the firewall
+sudo ufw --force enable
+
+# Turn on Docker protections
+sudo ufw-docker install
+sudo ufw reload

bin/omarchy-menu

@@ -184,7 +184,8 @@ show_install_menu() {
 }
 
 show_install_service_menu() {
-  case $(menu "Install" "  Dropbox\n  Tailscale") in
+  case $(menu "Install" "󱨑  Firewall\n  Dropbox\n  Tailscale") in
+  *Firewall*) present_terminal omarchy-install-firewall ;;
   *Dropbox*) present_terminal omarchy-install-dropbox ;;
   *Tailscale*) present_terminal omarchy-install-tailscale ;;
   *) show_install_menu ;;

install/development/firewall.sh

@@ -1,26 +1,5 @@
 #!/bin/bash
 
-if ! command -v ufw &>/dev/null && -z "${OMARCHY_CHROOT_INSTALL:-}"; then
-  yay -S --noconfirm --needed ufw ufw-docker
-
-  # Allow nothing in, everything out
-  sudo ufw default deny incoming
-  sudo ufw default allow outgoing
-
-  # Allow ports for LocalSend
-  sudo ufw allow 53317/udp
-  sudo ufw allow 53317/tcp
-
-  # Allow SSH in
-  sudo ufw allow 22/tcp
-
-  # Allow Docker containers to use DNS on host
-  sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'
-
-  # Turn on the firewall
-  sudo ufw --force enable
-
-  # Turn on Docker protections
-  sudo ufw-docker install
-  sudo ufw reload
+if -z "${OMARCHY_CHROOT_INSTALL:-}"; then
+  omarchy-install-firewall
 fi