From ca115b9061c57499bed2d690b9fe7671d4ab91d5 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Sun, 24 Aug 2025 09:12:51 +0200
Subject: [PATCH] Can't install firewall in chroot, so move it into its own
 service for now

---
 bin/omarchy-install-firewall    | 26 ++++++++++++++++++++++++++
 bin/omarchy-menu                |  3 ++-
 install/development/firewall.sh | 25 ++-----------------------
 3 files changed, 30 insertions(+), 24 deletions(-)
 create mode 100755 bin/omarchy-install-firewall

diff --git a/bin/omarchy-install-firewall b/bin/omarchy-install-firewall
new file mode 100755
index 00000000..4c3fca49
--- /dev/null
+++ b/bin/omarchy-install-firewall
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if ! command -v ufw &>/dev/null; then
+  yay -S --noconfirm --needed ufw ufw-docker
+fi
+
+# Allow nothing in, everything out
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+
+# Allow ports for LocalSend
+sudo ufw allow 53317/udp
+sudo ufw allow 53317/tcp
+
+# Allow SSH in
+sudo ufw allow 22/tcp
+
+# Allow Docker containers to use DNS on host
+sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'
+
+# Turn on the firewall
+sudo ufw --force enable
+
+# Turn on Docker protections
+sudo ufw-docker install
+sudo ufw reload
diff --git a/bin/omarchy-menu b/bin/omarchy-menu
index 0571b500..671e5674 100755
--- a/bin/omarchy-menu
+++ b/bin/omarchy-menu
@@ -184,7 +184,8 @@ show_install_menu() {
 }
 
 show_install_service_menu() {
-  case $(menu "Install" "  Dropbox\n  Tailscale") in
+  case $(menu "Install" "󱨑  Firewall\n  Dropbox\n  Tailscale") in
+  *Firewall*) present_terminal omarchy-install-firewall ;;
   *Dropbox*) present_terminal omarchy-install-dropbox ;;
   *Tailscale*) present_terminal omarchy-install-tailscale ;;
   *) show_install_menu ;;
diff --git a/install/development/firewall.sh b/install/development/firewall.sh
index b58d3dfd..39e9e0ad 100644
--- a/install/development/firewall.sh
+++ b/install/development/firewall.sh
@@ -1,26 +1,5 @@
 #!/bin/bash
 
-if ! command -v ufw &>/dev/null && -z "${OMARCHY_CHROOT_INSTALL:-}"; then
-  yay -S --noconfirm --needed ufw ufw-docker
-
-  # Allow nothing in, everything out
-  sudo ufw default deny incoming
-  sudo ufw default allow outgoing
-
-  # Allow ports for LocalSend
-  sudo ufw allow 53317/udp
-  sudo ufw allow 53317/tcp
-
-  # Allow SSH in
-  sudo ufw allow 22/tcp
-
-  # Allow Docker containers to use DNS on host
-  sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'
-
-  # Turn on the firewall
-  sudo ufw --force enable
-
-  # Turn on Docker protections
-  sudo ufw-docker install
-  sudo ufw reload
+if -z "${OMARCHY_CHROOT_INSTALL:-}"; then
+  omarchy-install-firewall
 fi