Merge branch 'dev' into mkinitcpio_module_thunderbolt

install/config/all.sh

@@ -14,6 +14,8 @@ run_logged $OMARCHY_INSTALL/config/fix-powerprofilesctl-shebang.sh
 run_logged $OMARCHY_INSTALL/config/docker.sh
 run_logged $OMARCHY_INSTALL/config/mimetypes.sh
 run_logged $OMARCHY_INSTALL/config/localdb.sh
+run_logged $OMARCHY_INSTALL/config/walker-elephant.sh
+run_logged $OMARCHY_INSTALL/config/fast-shutdown.sh
 run_logged $OMARCHY_INSTALL/config/sudoless-asdcontrol.sh
 run_logged $OMARCHY_INSTALL/config/hardware/network.sh
 run_logged $OMARCHY_INSTALL/config/hardware/set-wireless-regdom.sh
@@ -24,6 +26,8 @@ run_logged $OMARCHY_INSTALL/config/hardware/usb-autosuspend.sh
 run_logged $OMARCHY_INSTALL/config/hardware/ignore-power-button.sh
 run_logged $OMARCHY_INSTALL/config/hardware/nvidia.sh
 run_logged $OMARCHY_INSTALL/config/hardware/fix-f13-amd-audio-input.sh
-run_logged $OMARCHY_INSTALL/config/hardware/fix-apple-bcm4360.sh
+run_logged $OMARCHY_INSTALL/config/hardware/fix-bcm43xx.sh
 run_logged $OMARCHY_INSTALL/config/hardware/fix-apple-spi-keyboard.sh
+run_logged $OMARCHY_INSTALL/config/hardware/fix-apple-suspend-nvme.sh
 run_logged $OMARCHY_INSTALL/config/hardware/fix-apple-t2.sh
+run_logged $OMARCHY_INSTALL/config/hardware/fix-surface-keyboard.sh

install/config/fast-shutdown.sh

@@ -0,0 +1,7 @@
+sudo mkdir -p /etc/systemd/system.conf.d
+
+cat <<EOF | sudo tee /etc/systemd/system.conf.d/10-faster-shutdown.conf
+[Manager]
+DefaultTimeoutStopSec=5s
+EOF
+sudo systemctl daemon-reload

install/config/git.sh

@@ -1,15 +1,3 @@
-# Ensure git settings live under ~/.config
-mkdir -p ~/.config/git
-touch ~/.config/git/config
-
-# Set common git aliases
-git config --global alias.co checkout
-git config --global alias.br branch
-git config --global alias.ci commit
-git config --global alias.st status
-git config --global pull.rebase true
-git config --global init.defaultBranch master
-
 # Set identification from install inputs
 if [[ -n "${OMARCHY_USER_NAME//[[:space:]]/}" ]]; then
   git config --global user.name "$OMARCHY_USER_NAME"

install/config/hardware/fix-apple-bcm4360.sh

@@ -1,5 +0,0 @@
-# Install wifi drivers for 2013-2015 MacBooks using the BCM4360 chip
-if lspci -nnv | grep -A2 "14e4:43a0" | grep -q "106b:"; then
-  echo "Apple BCM4360 detected"
-  sudo pacman -S --noconfirm --needed broadcom-wl dkms linux-headers
-fi

install/config/hardware/fix-apple-spi-keyboard.sh

@@ -1,7 +1,12 @@
 # Detect MacBook models that need SPI keyboard modules
-if [[ "$(cat /sys/class/dmi/id/product_name 2>/dev/null)" =~ MacBook12,1|MacBookPro13,[123]|MacBookPro14,[123] ]]; then
+product_name="$(cat /sys/class/dmi/id/product_name 2>/dev/null)"
+if [[ "$product_name" =~ MacBook[89],1|MacBook1[02],1|MacBookPro13,[123]|MacBookPro14,[123] ]]; then
   echo "Detected MacBook with SPI keyboard"
 
   sudo pacman -S --noconfirm --needed macbook12-spi-driver-dkms
-  echo "MODULES=(applespi intel_lpss_pci spi_pxa2xx_platform)" | sudo tee /etc/mkinitcpio.conf.d/macbook_spi_modules.conf >/dev/null
+  if [[ "$product_name" == "MacBook8,1" ]]; then
+    echo "MODULES=(applespi spi_pxa2xx_platform spi_pxa2xx_pci)" | sudo tee /etc/mkinitcpio.conf.d/macbook_spi_modules.conf >/dev/null
+  else
+    echo "MODULES=(applespi intel_lpss_pci spi_pxa2xx_platform)" | sudo tee /etc/mkinitcpio.conf.d/macbook_spi_modules.conf >/dev/null
+  fi
 fi

install/config/hardware/fix-apple-suspend-nvme.sh

@@ -0,0 +1,30 @@
+# Fix NVMe suspend issues on MacBook models
+# This prevents NVMe drives from failing to wake from sleep properly
+MACBOOK_MODEL=$(cat /sys/class/dmi/id/product_name 2>/dev/null || true)
+
+if [[ "$MACBOOK_MODEL" =~ MacBook(8,1|9,1|10,1)|MacBookPro13,[123]|MacBookPro14,[123] ]]; then
+  echo "Detected MacBook model: $MACBOOK_MODEL"
+
+  NVME_DEVICE="/sys/bus/pci/devices/0000:01:00.0/d3cold_allowed"
+
+  if [[ -f "$NVME_DEVICE" ]]; then
+    echo "Applying NVMe suspend fix..."
+
+    cat <<EOF | sudo tee /etc/systemd/system/omarchy-nvme-suspend-fix.service >/dev/null
+[Unit]
+Description=Omarchy NVMe Suspend Fix for MacBook
+
+[Service]
+ExecStart=/bin/bash -c 'echo 0 > /sys/bus/pci/devices/0000\:01\:00.0/d3cold_allowed'
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+    chrootable_systemctl_enable omarchy-nvme-suspend-fix.service
+    sudo systemctl daemon-reload
+  else
+    echo "Warning: NVMe device not found at expected PCI address (0000:01:00.0)"
+    echo "This fix may not be needed for this MacBook model"
+  fi
+fi

install/config/hardware/fix-bcm43xx.sh

@@ -0,0 +1,10 @@
+# Install Wi-Fi drivers for Broadcom chips found in some MacBooks, as well as other systems:
+# - BCM4360 (2013–2015 MacBooks)
+# - BCM4331 (2012, early 2013 MacBooks)
+
+pci_info=$(lspci -nnv)
+
+if (echo "$pci_info" | grep -q "14e4:43a0" || echo "$pci_info" | grep -q "14e4:4331"); then
+  echo "BCM4360 / BCM4331 detected"
+  sudo pacman -S --noconfirm --needed broadcom-wl dkms linux-headers
+fi

install/config/hardware/fix-surface-keyboard.sh

@@ -0,0 +1,23 @@
+# Detect Surface devices which require additional modules for the keyboard to work.
+# Module list derived from Chris McLeod's manual install instructions
+# https://chrismcleod.dev/blog/installing-arch-linux-with-secure-boot-on-a-microsoft-surface-laptop-studio/
+product_name="$(cat /sys/class/dmi/id/product_name 2>/dev/null)"
+if [[ "$product_name" =~ Surface ]]; then
+  echo "Detected Surface Device"
+
+  # Modules already exist in the rootfs for the default kernel.
+  if [[ "$product_name" != "Surface Laptop 3" ]]; then
+    echo "Untested Surface Device: $product_name, additional modules may be required for your device."
+  fi
+
+  echo "Attempting to autodetect required pinctrl module"
+  pinctrl_module=$(lsmod | grep pinctrl_ | cut -f 1 -d" ")
+  if [[ -z "$pinctrl_module" ]]; then
+    echo "Failed to autodetect pinctrl module."
+  else
+    echo "Detected pinctrl module: $pinctrl_module"
+  fi
+
+  echo "MODULES=(${pinctrl_module} surface_aggregator surface_aggregator_registry surface_aggregator_hub surface_hid_core surface_hid surface_kbd intel_lpss_pci 8250_dw)" | sudo tee /etc/mkinitcpio.conf.d/surface_device_modules.conf >/dev/null
+
+fi

install/config/hardware/printer.sh

@@ -6,7 +6,7 @@ echo -e "[Resolve]\nMulticastDNS=no" | sudo tee /etc/systemd/resolved.conf.d/10-
 chrootable_systemctl_enable avahi-daemon.service
 
 # Enable mDNS resolution for .local domains
-sudo sed -i 's/^hosts:.*/hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns/' /etc/nsswitch.conf
+sudo sed -i 's/^hosts:.*/hosts: mymachines mdns_minimal [NOTFOUND=return] resolve files myhostname dns/' /etc/nsswitch.conf
 
 # Enable automatically adding remote printers
 if ! grep -q '^CreateRemotePrinters Yes' /etc/cups/cups-browsed.conf; then

install/config/increase-lockout-limit.sh

@@ -1,3 +1,7 @@
 # Increase lockout limit to 10 and decrease timeout to 2 minutes
 sudo sed -i 's|^\(auth\s\+required\s\+pam_faillock.so\)\s\+preauth.*$|\1 preauth silent deny=10 unlock_time=120|' "/etc/pam.d/system-auth"
 sudo sed -i 's|^\(auth\s\+\[default=die\]\s\+pam_faillock.so\)\s\+authfail.*$|\1 authfail deny=10 unlock_time=120|' "/etc/pam.d/system-auth"
+
+# Ensure lockout limit is reset on restart
+sudo sed -i '/pam_faillock\.so preauth/d' /etc/pam.d/sddm-autologin
+sudo sed -i '/auth.*pam_permit\.so/a auth        required    pam_faillock.so authsucc' /etc/pam.d/sddm-autologin

install/config/lazyvim.sh

@@ -1 +0,0 @@
-omarchy-lazyvim-setup

install/config/mimetypes.sh

@@ -33,3 +33,25 @@ xdg-mime default mpv.desktop video/x-ms-asf
 xdg-mime default mpv.desktop video/x-ogm+ogg
 xdg-mime default mpv.desktop video/x-theora+ogg
 xdg-mime default mpv.desktop application/ogg
+
+# Use Hey for mailto: links
+xdg-mime default HEY.desktop x-scheme-handler/mailto
+
+# Open text files with nvim
+xdg-mime default nvim.desktop text/plain
+xdg-mime default nvim.desktop text/english
+xdg-mime default nvim.desktop text/x-makefile
+xdg-mime default nvim.desktop text/x-c++hdr
+xdg-mime default nvim.desktop text/x-c++src
+xdg-mime default nvim.desktop text/x-chdr
+xdg-mime default nvim.desktop text/x-csrc
+xdg-mime default nvim.desktop text/x-java
+xdg-mime default nvim.desktop text/x-moc
+xdg-mime default nvim.desktop text/x-pascal
+xdg-mime default nvim.desktop text/x-tcl
+xdg-mime default nvim.desktop text/x-tex
+xdg-mime default nvim.desktop application/x-shellscript
+xdg-mime default nvim.desktop text/x-c
+xdg-mime default nvim.desktop text/x-c++
+xdg-mime default nvim.desktop application/xml
+xdg-mime default nvim.desktop text/xml

install/config/mise-work.sh

@@ -1,9 +1,27 @@
-# Add ./bin to path for all items in ~/Work
+# Setup default work directory (and tries)
 mkdir -p "$HOME/Work"
+mkdir -p "$HOME/Work/tries"
 
+# Add ./bin to path for all items in ~/Work
 cat >"$HOME/Work/.mise.toml" <<'EOF'
 [env]
 _.path = "{{ cwd }}/bin"
 EOF
 
 mise trust ~/Work/.mise.toml
+
+if [[ -n "${OMARCHY_CHROOT_INSTALL:-}" ]]; then
+  NODE_TARBALL=$(find /opt/packages -name "node-v*-linux-x64.tar.gz" -type f 2>/dev/null | head -n1)
+
+  NODE_VERSION=$(basename "$NODE_TARBALL" | sed 's/node-v\(.*\)-linux-x64.tar.gz/\1/')
+  NODE_INSTALL_DIR="$HOME/.local/share/mise/installs/node/$NODE_VERSION"
+
+  mkdir -p "$NODE_INSTALL_DIR"
+  tar -xzf "$NODE_TARBALL" \
+      --strip-components=1 \
+      -C "$NODE_INSTALL_DIR"
+
+  mise use -g node@"$NODE_VERSION"
+else
+  mise use -g node@latest
+fi

install/config/sudoless-asdcontrol.sh

@@ -1,3 +1,3 @@
 # Setup sudo-less controls for controlling brightness on Apple Displays
-echo "$USER ALL=(ALL) NOPASSWD: /usr/local/bin/asdcontrol" | sudo tee /etc/sudoers.d/asdcontrol
+echo "$USER ALL=(ALL) NOPASSWD: /usr/bin/asdcontrol" | sudo tee /etc/sudoers.d/asdcontrol
 sudo chmod 440 /etc/sudoers.d/asdcontrol

install/config/theme.sh

@@ -12,7 +12,7 @@ ln -snf ~/.config/omarchy/themes/tokyo-night ~/.config/omarchy/current/theme
 ln -snf ~/.config/omarchy/current/theme/backgrounds/1-scenery-pink-lakeside-sunset-lake-landscape-scenic-panorama-7680x3215-144.png ~/.config/omarchy/current/background
 
 # Set specific app links for current theme
-ln -snf ~/.config/omarchy/current/theme/neovim.lua ~/.config/nvim/lua/plugins/theme.lua
+# ~/.config/omarchy/current/theme/neovim.lua -> ~/.config/nvim/lua/plugins/theme.lua is handled via omarchy-setup-nvim
 
 mkdir -p ~/.config/btop/themes
 ln -snf ~/.config/omarchy/current/theme/btop.theme ~/.config/btop/themes/current.theme
@@ -20,9 +20,6 @@ ln -snf ~/.config/omarchy/current/theme/btop.theme ~/.config/btop/themes/current
 mkdir -p ~/.config/mako
 ln -snf ~/.config/omarchy/current/theme/mako.ini ~/.config/mako/config
 
-mkdir -p ~/.config/eza
-ln -snf ~/.config/omarchy/current/theme/eza.yml ~/.config/eza/theme.yml
-
 # Add managed policy directories for Chromium and Brave for theme changes
 sudo mkdir -p /etc/chromium/policies/managed
 sudo chmod a+rw /etc/chromium/policies/managed

install/config/walker-elephant.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Ensure Walker service is started automatically on boot
+mkdir -p ~/.config/autostart/
+cp $OMARCHY_PATH/autostart/walker.desktop ~/.config/autostart/
+
+# Create pacman hook to restart walker after updates
+sudo mkdir -p /etc/pacman.d/hooks
+sudo tee /etc/pacman.d/hooks/walker-restart.hook > /dev/null << EOF
+[Trigger]
+Type = Package
+Operation = Upgrade
+Target = walker
+Target = walker-debug
+Target = elephant*
+
+[Action]
+Description = Restarting Walker services after system update
+When = PostTransaction
+Exec = $OMARCHY_PATH/bin/omarchy-restart-walker
+EOF
+
+# Link the visual theme menu config
+mkdir -p ~/.config/elephant/menus
+ln -snf $OMARCHY_PATH/default/elephant/omarchy_themes.lua ~/.config/elephant/menus/omarchy_themes.lua

install/first-run/cleanup-reboot-sudoers.sh

@@ -0,0 +1,3 @@
+if sudo test -f /etc/sudoers.d/99-omarchy-installer-reboot; then
+  sudo rm -f /etc/sudoers.d/99-omarchy-installer-reboot
+fi

install/first-run/dns-resolver.sh

@@ -0,0 +1,4 @@
+# https://wiki.archlinux.org/title/Systemd-resolved
+echo "Symlink resolved stub-resolv to /etc/resolv.conf"
+
+sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

install/first-run/elephant.sh

@@ -0,0 +1,2 @@
+elephant service enable
+systemctl --user start elephant.service

install/first-run/firewall.sh

@@ -6,9 +6,6 @@ sudo ufw default allow outgoing
 sudo ufw allow 53317/udp
 sudo ufw allow 53317/tcp
 
-# Allow SSH in
-sudo ufw allow 22/tcp
-
 # Allow Docker containers to use DNS on host
 sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'allow-docker-dns'
 

install/first-run/welcome.sh

@@ -1,2 +1 @@
-notify-send "    Update System" "When you have internet, click to update the system." -u critical
-notify-send "👋  Welcome to Omarchy" "You're in for a great computing adventure. Have fun!" -t 30000
+notify-send "    Learn Keybindings" "Super + K for cheatsheet.\nSuper + Space for application launcher.\nSuper + Alt + Space for Omarchy Menu." -u critical

install/first-run/wifi.sh

@@ -1,3 +1,6 @@
 if ! ping -c3 -W1 1.1.1.1 >/dev/null 2>&1; then
-  notify-send "󰖩    Click to Setup Wi-Fi" "Tab between sections, space selects, ? for help." -u critical -t 30000
+  notify-send "    Update System" "When you have internet, click to update the system." -u critical
+  notify-send "󰖩    Click to Setup Wi-Fi" "Tab to navigate, Space to select, ? for help." -u critical
+else
+  notify-send "    Update System" "Click to update the system." -u critical
 fi

install/login/all.sh

@@ -1,4 +1,4 @@
 run_logged $OMARCHY_INSTALL/login/plymouth.sh
+run_logged $OMARCHY_INSTALL/login/default-keyring.sh
+run_logged $OMARCHY_INSTALL/login/sddm.sh
 run_logged $OMARCHY_INSTALL/login/limine-snapper.sh
-run_logged $OMARCHY_INSTALL/login/enable-mkinitcpio.sh
-run_logged $OMARCHY_INSTALL/login/alt-bootloaders.sh

install/login/alt-bootloaders.sh

@@ -1,115 +0,0 @@
-if ! command -v limine &>/dev/null; then
-  # Add kernel hooks
-  if ! grep -Eq '^HOOKS=.*plymouth' /etc/mkinitcpio.conf; then
-    # Backup original mkinitcpio.conf just in case
-    backup_timestamp=$(date +"%Y%m%d%H%M%S")
-    sudo cp /etc/mkinitcpio.conf "/etc/mkinitcpio.conf.bak.${backup_timestamp}"
-
-    # Add plymouth to HOOKS array after 'base udev' or 'base systemd'
-    if grep "^HOOKS=" /etc/mkinitcpio.conf | grep -q "base systemd"; then
-      sudo sed -i '/^HOOKS=/s/base systemd/base systemd plymouth/' /etc/mkinitcpio.conf
-    elif grep "^HOOKS=" /etc/mkinitcpio.conf | grep -q "base udev"; then
-      sudo sed -i '/^HOOKS=/s/base udev/base udev plymouth/' /etc/mkinitcpio.conf
-    else
-      echo "Couldn't add the Plymouth hook"
-    fi
-
-    # Regenerate initramfs
-    sudo mkinitcpio -P
-  fi
-
-  # Add kernel parameters for Plymouth
-  if [ -d "/boot/loader/entries" ]; then # systemd-boot
-    echo "Detected systemd-boot"
-
-    for entry in /boot/loader/entries/*.conf; do
-      if [ -f "$entry" ]; then
-        # Skip fallback entries
-        if [[ "$(basename "$entry")" == *"fallback"* ]]; then
-          echo "Skipped: $(basename "$entry") (fallback entry)"
-          continue
-        fi
-
-        # Skip if splash it already present for some reason
-        if ! grep -q "splash" "$entry"; then
-          sudo sed -i '/^options/ s/$/ splash quiet/' "$entry"
-        else
-          echo "Skipped: $(basename "$entry") (splash already present)"
-        fi
-      fi
-    done
-  elif [ -f "/etc/default/grub" ]; then # Grub
-    echo "Detected grub"
-
-    # Backup GRUB config before modifying
-    backup_timestamp=$(date +"%Y%m%d%H%M%S")
-    sudo cp /etc/default/grub "/etc/default/grub.bak.${backup_timestamp}"
-
-    # Check if splash is already in GRUB_CMDLINE_LINUX_DEFAULT
-    if ! grep -q "GRUB_CMDLINE_LINUX_DEFAULT.*splash" /etc/default/grub; then
-      # Get current GRUB_CMDLINE_LINUX_DEFAULT value
-      current_cmdline=$(grep "^GRUB_CMDLINE_LINUX_DEFAULT=" /etc/default/grub | cut -d'"' -f2)
-
-      # Add splash and quiet if not present
-      new_cmdline="$current_cmdline"
-      if [[ ! "$current_cmdline" =~ splash ]]; then
-        new_cmdline="$new_cmdline splash"
-      fi
-      if [[ ! "$current_cmdline" =~ quiet ]]; then
-        new_cmdline="$new_cmdline quiet"
-      fi
-
-      # Trim any leading/trailing spaces
-      new_cmdline=$(echo "$new_cmdline" | xargs)
-
-      sudo sed -i "s/^GRUB_CMDLINE_LINUX_DEFAULT=\".*\"/GRUB_CMDLINE_LINUX_DEFAULT=\"$new_cmdline\"/" /etc/default/grub
-
-      # Regenerate grub config
-      sudo grub-mkconfig -o /boot/grub/grub.cfg
-    else
-      echo "GRUB already configured with splash kernel parameters"
-    fi
-  elif [ -d "/etc/cmdline.d" ]; then # UKI
-    echo "Detected a UKI setup"
-    # Relying on mkinitcpio to assemble a UKI
-    # https://wiki.archlinux.org/title/Unified_kernel_image
-    if ! grep -q splash /etc/cmdline.d/*.conf; then
-      # Need splash, create the omarchy file
-      echo "splash" | sudo tee -a /etc/cmdline.d/omarchy.conf
-    fi
-    if ! grep -q quiet /etc/cmdline.d/*.conf; then
-      # Need quiet, create or append the omarchy file
-      echo "quiet" | sudo tee -a /etc/cmdline.d/omarchy.conf
-    fi
-  elif [ -f "/etc/kernel/cmdline" ]; then # UKI Alternate
-    # Alternate UKI kernel cmdline location
-    echo "Detected a UKI setup"
-
-    # Backup kernel cmdline config before modifying
-    backup_timestamp=$(date +"%Y%m%d%H%M%S")
-    sudo cp /etc/kernel/cmdline "/etc/kernel/cmdline.bak.${backup_timestamp}"
-
-    current_cmdline=$(cat /etc/kernel/cmdline)
-
-    # Add splash and quiet if not present
-    new_cmdline="$current_cmdline"
-    if [[ ! "$current_cmdline" =~ splash ]]; then
-      new_cmdline="$new_cmdline splash"
-    fi
-    if [[ ! "$current_cmdline" =~ quiet ]]; then
-      new_cmdline="$new_cmdline quiet"
-    fi
-
-    # Trim any leading/trailing spaces
-    new_cmdline=$(echo "$new_cmdline" | xargs)
-
-    # Write new file
-    echo $new_cmdline | sudo tee /etc/kernel/cmdline
-  else
-    echo ""
-    echo " None of systemd-boot, GRUB, or UKI detected. Please manually add these kernel parameters:"
-    echo "  - splash (to see the graphical splash screen)"
-    echo "  - quiet (for silent boot)"
-    echo ""
-  fi
-fi

install/login/default-keyring.sh

@@ -0,0 +1,22 @@
+KEYRING_DIR="$HOME/.local/share/keyrings"
+KEYRING_FILE="$KEYRING_DIR/Default_keyring.keyring"
+DEFAULT_FILE="$KEYRING_DIR/default"
+
+mkdir -p $KEYRING_DIR
+
+cat << EOF | tee "$KEYRING_FILE"
+[keyring]
+display-name=Default keyring
+ctime=$(date +%s)
+mtime=0
+lock-on-idle=false
+lock-after=false
+EOF
+
+cat << EOF | tee "$DEFAULT_FILE"
+Default_keyring
+EOF
+
+chmod 700 "$KEYRING_DIR"
+chmod 600 "$KEYRING_FILE"
+chmod 644 "$DEFAULT_FILE"

install/login/enable-mkinitcpio.sh

@@ -1,18 +0,0 @@
-echo "Re-enabling mkinitcpio hooks..."
-
-# Restore the specific mkinitcpio pacman hooks
-if [ -f /usr/share/libalpm/hooks/90-mkinitcpio-install.hook.disabled ]; then
-  sudo mv /usr/share/libalpm/hooks/90-mkinitcpio-install.hook.disabled /usr/share/libalpm/hooks/90-mkinitcpio-install.hook
-fi
-
-if [ -f /usr/share/libalpm/hooks/60-mkinitcpio-remove.hook.disabled ]; then
-  sudo mv /usr/share/libalpm/hooks/60-mkinitcpio-remove.hook.disabled /usr/share/libalpm/hooks/60-mkinitcpio-remove.hook
-fi
-
-echo "mkinitcpio hooks re-enabled"
-
-if command -v limine &>/dev/null; then
-  sudo limine-update
-else
-  sudo mkinitcpio -P
-fi

install/login/limine-snapper.sh

@@ -1,4 +1,6 @@
 if command -v limine &>/dev/null; then
+  sudo pacman -S --noconfirm --needed limine-snapper-sync limine-mkinitcpio-hook
+
   sudo tee /etc/mkinitcpio.conf.d/omarchy_hooks.conf <<EOF >/dev/null
 MODULES=(thunderbolt)
 HOOKS=(base udev plymouth keyboard autodetect microcode modconf kms keymap consolefont block encrypt filesystems fsck btrfs-overlayfs)
@@ -35,6 +37,7 @@ KERNEL_CMDLINE[default]="$CMDLINE"
 KERNEL_CMDLINE[default]+="quiet splash"
 
 ENABLE_UKI=yes
+CUSTOM_UKI_NAME="omarchy"
 
 ENABLE_LIMINE_FALLBACK=yes
 
@@ -73,10 +76,14 @@ term_palette_bright: 414868;f7768e;9ece6a;e0af68;7aa2f7;bb9af7;7dcfff;c0caf5
 term_foreground: c0caf5
 term_foreground_bright: c0caf5
 term_background_bright: 24283b
- 
+
 EOF
 
-  sudo pacman -S --noconfirm --needed limine-snapper-sync limine-mkinitcpio-hook
+  # Remove the original config file if it's not /boot/limine.conf
+  if [[ "$limine_config" != "/boot/limine.conf" ]] && [[ -f "$limine_config" ]]; then
+    sudo rm "$limine_config"
+  fi
+
 
   # Match Snapper configs if not installing from the ISO
   if [[ -z ${OMARCHY_CHROOT_INSTALL:-} ]]; then
@@ -97,13 +104,40 @@ EOF
   chrootable_systemctl_enable limine-snapper-sync.service
 fi
 
-# Add UKI entry to UEFI machines to skip bootloader showing on normal boot
-if [[ -n $EFI ]] && efibootmgr &>/dev/null && ! efibootmgr | grep -q Omarchy &&
-  ! cat /sys/class/dmi/id/bios_vendor 2>/dev/null | grep -qi "American Megatrends" &&
-  ! cat /sys/class/dmi/id/bios_vendor 2>/dev/null | grep -qi "Apple"; then
-  sudo efibootmgr --create \
-    --disk "$(findmnt -n -o SOURCE /boot | sed 's/p\?[0-9]*$//')" \
-    --part "$(findmnt -n -o SOURCE /boot | grep -o 'p\?[0-9]*$' | sed 's/^p//')" \
-    --label "Omarchy" \
-    --loader "\\EFI\\Linux\\$(cat /etc/machine-id)_linux.efi"
+echo "Re-enabling mkinitcpio hooks..."
+
+# Restore the specific mkinitcpio pacman hooks
+if [ -f /usr/share/libalpm/hooks/90-mkinitcpio-install.hook.disabled ]; then
+  sudo mv /usr/share/libalpm/hooks/90-mkinitcpio-install.hook.disabled /usr/share/libalpm/hooks/90-mkinitcpio-install.hook
 fi
+
+if [ -f /usr/share/libalpm/hooks/60-mkinitcpio-remove.hook.disabled ]; then
+  sudo mv /usr/share/libalpm/hooks/60-mkinitcpio-remove.hook.disabled /usr/share/libalpm/hooks/60-mkinitcpio-remove.hook
+fi
+
+echo "mkinitcpio hooks re-enabled"
+
+sudo limine-update
+
+if [[ -n $EFI ]] && efibootmgr &>/dev/null; then
+    # Remove the archinstall-created Limine entry
+  while IFS= read -r bootnum; do
+    sudo efibootmgr -b "$bootnum" -B >/dev/null 2>&1
+  done < <(efibootmgr | grep -E "^Boot[0-9]{4}\*? Arch Linux Limine" | sed 's/^Boot\([0-9]\{4\}\).*/\1/')
+fi
+
+# Move this to a utility to allow manual activation
+# if [[ -n $EFI ]] && efibootmgr &>/dev/null &&
+#   ! cat /sys/class/dmi/id/bios_vendor 2>/dev/null | grep -qi "American Megatrends" &&
+#   ! cat /sys/class/dmi/id/bios_vendor 2>/dev/null | grep -qi "Apple"; then
+#
+#   uki_file=$(find /boot/EFI/Linux/ -name "omarchy*.efi" -printf "%f\n" 2>/dev/null | head -1)
+#
+#   if [[ -n "$uki_file" ]]; then
+#     sudo efibootmgr --create \
+#       --disk "$(findmnt -n -o SOURCE /boot | sed 's/p\?[0-9]*$//')" \
+#       --part "$(findmnt -n -o SOURCE /boot | grep -o 'p\?[0-9]*$' | sed 's/^p//')" \
+#       --label "Omarchy" \
+#       --loader "\\EFI\\Linux\\$uki_file"
+#   fi
+# fi

install/login/plymouth.sh

@@ -1,151 +1,4 @@
-# Hyprland launched via UWSM and login directly as user, rely on disk encryption + hyprlock for security
-
-# ==============================================================================
-# PLYMOUTH SETUP
-# ==============================================================================
-
 if [ "$(plymouth-set-default-theme)" != "omarchy" ]; then
   sudo cp -r "$HOME/.local/share/omarchy/default/plymouth" /usr/share/plymouth/themes/omarchy/
   sudo plymouth-set-default-theme omarchy
 fi
-
-# ==============================================================================
-# SEAMLESS LOGIN
-# ==============================================================================
-
-if [ ! -x /usr/local/bin/seamless-login ]; then
-  # Compile the seamless login helper -- needed to prevent seeing terminal between loader and desktop
-  cat <<'CCODE' >/tmp/seamless-login.c
-/*
-* Seamless Login - Minimal SDDM-style Plymouth transition
-* Replicates SDDM's VT management for seamless auto-login
-*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/ioctl.h>
-#include <linux/kd.h>
-#include <linux/vt.h>
-#include <sys/wait.h>
-#include <string.h>
-
-int main(int argc, char *argv[]) {
-    int vt_fd;
-    int vt_num = 1; // TTY1
-    char vt_path[32];
-    
-    if (argc < 2) {
-        fprintf(stderr, "Usage: %s <session_command>\n", argv[0]);
-        return 1;
-    }
-    
-    // Open the VT (simple approach like SDDM)
-    snprintf(vt_path, sizeof(vt_path), "/dev/tty%d", vt_num);
-    vt_fd = open(vt_path, O_RDWR);
-    if (vt_fd < 0) {
-        perror("Failed to open VT");
-        return 1;
-    }
-    
-    // Activate the VT
-    if (ioctl(vt_fd, VT_ACTIVATE, vt_num) < 0) {
-        perror("VT_ACTIVATE failed");
-        close(vt_fd);
-        return 1;
-    }
-    
-    // Wait for VT to be active
-    if (ioctl(vt_fd, VT_WAITACTIVE, vt_num) < 0) {
-        perror("VT_WAITACTIVE failed");
-        close(vt_fd);
-        return 1;
-    }
-    
-    // Critical: Set graphics mode to prevent console text
-    if (ioctl(vt_fd, KDSETMODE, KD_GRAPHICS) < 0) {
-        perror("KDSETMODE KD_GRAPHICS failed");
-        close(vt_fd);
-        return 1;
-    }
-    
-    // Clear VT and close (like SDDM does)
-    const char *clear_seq = "\33[H\33[2J";
-    if (write(vt_fd, clear_seq, strlen(clear_seq)) < 0) {
-        perror("Failed to clear VT");
-    }
-    
-    close(vt_fd);
-    
-    // Set working directory to user's home
-    const char *home = getenv("HOME");
-    if (home) chdir(home);
-    
-    // Now execute the session command
-    execvp(argv[1], &argv[1]);
-    perror("Failed to exec session");
-    return 1;
-}
-CCODE
-
-  gcc -o /tmp/seamless-login /tmp/seamless-login.c
-  sudo mv /tmp/seamless-login /usr/local/bin/seamless-login
-  sudo chmod +x /usr/local/bin/seamless-login
-  rm /tmp/seamless-login.c
-fi
-
-if [ ! -f /etc/systemd/system/omarchy-seamless-login.service ]; then
-  cat <<EOF | sudo tee /etc/systemd/system/omarchy-seamless-login.service
-[Unit]
-Description=Omarchy Seamless Auto-Login
-Documentation=https://github.com/basecamp/omarchy
-Conflicts=getty@tty1.service
-After=systemd-user-sessions.service getty@tty1.service plymouth-quit.service systemd-logind.service
-PartOf=graphical.target
-
-[Service]
-Type=simple
-ExecStart=/usr/local/bin/seamless-login uwsm start -- hyprland.desktop
-Restart=always
-RestartSec=2
-StartLimitIntervalSec=30
-StartLimitBurst=2
-User=$USER
-TTYPath=/dev/tty1
-TTYReset=yes
-TTYVHangup=yes
-TTYVTDisallocate=yes
-StandardInput=tty
-StandardOutput=journal
-StandardError=journal+console
-PAMName=login
-
-[Install]
-WantedBy=graphical.target
-EOF
-fi
-
-if [ ! -f /etc/systemd/system/plymouth-quit.service.d/wait-for-graphical.conf ]; then
-  # Make plymouth remain until graphical.target
-  sudo mkdir -p /etc/systemd/system/plymouth-quit.service.d
-  sudo tee /etc/systemd/system/plymouth-quit.service.d/wait-for-graphical.conf <<'EOF'
-[Unit]
-After=multi-user.target
-EOF
-fi
-
-# Mask plymouth-quit-wait.service only if not already masked
-if ! systemctl is-enabled plymouth-quit-wait.service | grep -q masked; then
-  sudo systemctl mask plymouth-quit-wait.service
-  sudo systemctl daemon-reload
-fi
-
-# Enable omarchy-seamless-login.service only if not already enabled
-if ! systemctl is-enabled omarchy-seamless-login.service | grep -q enabled; then
-  sudo systemctl enable omarchy-seamless-login.service
-fi
-
-# Disable getty@tty1.service only if not already disabled
-if ! systemctl is-enabled getty@tty1.service | grep -q disabled; then
-  sudo systemctl disable getty@tty1.service
-fi

install/login/sddm.sh

@@ -0,0 +1,15 @@
+sudo mkdir -p /etc/sddm.conf.d
+
+if [ ! -f /etc/sddm.conf.d/autologin.conf ]; then
+  cat <<EOF | sudo tee /etc/sddm.conf.d/autologin.conf
+[Autologin]
+User=$USER
+Session=hyprland-uwsm
+
+[Theme]
+Current=breeze
+EOF
+fi
+
+# Don't use chrootable here as --now will cause issues for manual installs
+sudo systemctl enable sddm.service

install/omarchy-base.packages

@@ -1,18 +1,16 @@
-# Omarchy core package list installed via install/packages.sh
+# Omarchy core package list installed via install/packaging/base.sh
 # This file is also used by the ISO builder when determining needs
 
 1password-beta
 1password-cli
-alacritty
-asdcontrol-git
+aether
+asdcontrol
 avahi
 bash-completion
 bat
-blueberry
-bolt
+bluetui
 brightnessctl
 btop
-cargo
 clang
 cups
 cups-browsed
@@ -23,6 +21,8 @@ docker-buildx
 docker-compose
 dust
 evince
+exfatprogs
+expac
 eza
 fastfetch
 fcitx5
@@ -32,24 +32,28 @@ fd
 ffmpegthumbnailer
 fontconfig
 fzf
+ghostty
 github-cli
 gnome-calculator
 gnome-keyring
 gnome-themes-extra
+grim
+gpu-screen-recorder
 gum
 gvfs-mtp
+gvfs-nfs
 gvfs-smb
 hypridle
 hyprland
-hyprland-qtutils
+hyprland-guiutils
 hyprlock
 hyprpicker
-hyprshot
 hyprsunset
 imagemagick
 impala
 imv
 inetutils
+inxi
 iwd
 jq
 kdenlive
@@ -57,18 +61,20 @@ kvantum-qt5
 lazydocker
 lazygit
 less
+libsecret
 libyaml
 libqalculate
-libreoffice
+libreoffice-fresh
 llvm
 localsend
 luarocks
 mako
-man
+man-db
 mariadb-libs
 mise
 mpv
 nautilus
+gnome-disk-utility
 noto-fonts
 noto-fonts-cjk
 noto-fonts-emoji
@@ -78,7 +84,8 @@ nvim
 obs-studio
 obsidian
 omarchy-chromium
-omarchy-lazyvim
+omarchy-nvim
+omarchy-walker
 pamixer
 pinta
 playerctl
@@ -92,7 +99,10 @@ python-poetry-core
 python-terminaltexteffects
 qt5-wayland
 ripgrep
+ruby
+rust
 satty
+sddm
 signal-desktop
 slurp
 spotify
@@ -103,6 +113,7 @@ swayosd
 system-config-printer
 tldr
 tree-sitter-cli
+tobi-try
 ttf-cascadia-mono-nerd
 ttf-ia-writer
 ttf-jetbrains-mono-nerd
@@ -111,20 +122,19 @@ tzupdate
 ufw
 ufw-docker
 unzip
+usage
 uwsm
-walker-bin
 waybar
-wf-recorder
+wayfreeze
 whois
 wireless-regdb
 wiremix
 wireplumber
-wl-clip-persist
 wl-clipboard
-wl-screenrec
 woff2-font-awesome
 xdg-desktop-portal-gtk
 xdg-desktop-portal-hyprland
+xdg-terminal-exec
 xmlstarlet
 xournalpp
 yaru-icon-theme

install/omarchy-other.packages

@@ -35,7 +35,6 @@ pipewire
 pipewire-alsa
 pipewire-jack
 pipewire-pulse
-qt5-remoteobjects
 qt6-wayland
 sassc
 snapper

install/packaging/all.sh

@@ -1,6 +1,6 @@
 run_logged $OMARCHY_INSTALL/packaging/base.sh
 run_logged $OMARCHY_INSTALL/packaging/fonts.sh
-run_logged $OMARCHY_INSTALL/packaging/lazyvim.sh
+run_logged $OMARCHY_INSTALL/packaging/nvim.sh
 run_logged $OMARCHY_INSTALL/packaging/icons.sh
 run_logged $OMARCHY_INSTALL/packaging/webapps.sh
 run_logged $OMARCHY_INSTALL/packaging/tuis.sh

install/packaging/lazyvim.sh

@@ -1,3 +0,0 @@
-if [[ ! -d "$HOME/.config/nvim" ]]; then
-  omarchy-lazyvim-setup
-fi

install/packaging/nvim.sh

@@ -0,0 +1,2 @@
+# Includes lazyvim and the themes
+omarchy-nvim-setup

install/packaging/webapps.sh

@@ -1,4 +1,4 @@
-omarchy-webapp-install "HEY" https://app.hey.com HEY.png
+omarchy-webapp-install "HEY" https://app.hey.com HEY.png "omarchy-webapp-handler-hey %u" "x-scheme-handler/mailto"
 omarchy-webapp-install "Basecamp" https://launchpad.37signals.com Basecamp.png
 omarchy-webapp-install "WhatsApp" https://web.whatsapp.com/ WhatsApp.png
 omarchy-webapp-install "Google Photos" https://photos.google.com/ "Google Photos.png"

install/post-install/all.sh

@@ -1,2 +1,3 @@
 run_logged $OMARCHY_INSTALL/post-install/pacman.sh
+source $OMARCHY_INSTALL/post-install/allow-reboot.sh
 source $OMARCHY_INSTALL/post-install/finished.sh

install/post-install/allow-reboot.sh

@@ -0,0 +1,5 @@
+# Allow passwordless reboot for the installer - removed in first-run
+sudo tee /etc/sudoers.d/99-omarchy-installer-reboot >/dev/null <<EOF
+$USER ALL=(ALL) NOPASSWD: /usr/bin/reboot
+EOF
+sudo chmod 440 /etc/sudoers.d/99-omarchy-installer-reboot

install/post-install/finished.sh

@@ -22,8 +22,6 @@ fi
 
 if sudo test -f /etc/sudoers.d/99-omarchy-installer; then
   sudo rm -f /etc/sudoers.d/99-omarchy-installer &>/dev/null
-  echo
-  echo_in_style "Remember to remove USB installer!"
 fi
 
 # Exit gracefully if user chooses not to reboot
@@ -31,10 +29,10 @@ if gum confirm --padding "0 0 0 $((PADDING_LEFT + 32))" --show-help=false --defa
   # Clear screen to hide any shutdown messages
   clear
 
-  # Use systemctl if available, otherwise fallback to reboot command
-  if command -v systemctl &>/dev/null; then
-    systemctl reboot --no-wall 2>/dev/null
+  if [[ -n "${OMARCHY_CHROOT_INSTALL:-}" ]]; then
+    touch /var/tmp/omarchy-install-completed
+    exit 0
   else
-    reboot 2>/dev/null
+    sudo reboot 2>/dev/null
   fi
 fi

install/post-install/pacman.sh

@@ -1,6 +1,6 @@
 # Configure pacman
 sudo cp -f ~/.local/share/omarchy/default/pacman/pacman.conf /etc/pacman.conf
-sudo cp -f ~/.local/share/omarchy/default/pacman/mirrorlist /etc/pacman.d/mirrorlist
+sudo cp -f ~/.local/share/omarchy/default/pacman/mirrorlist-stable /etc/pacman.d/mirrorlist
 
 if lspci -nn | grep -q "106b:180[12]"; then
   cat <<EOF | sudo tee -a /etc/pacman.conf >/dev/null

install/preflight/first-run-mode.sh

@@ -5,9 +5,12 @@ touch ~/.local/state/omarchy/first-run.mode
 # Setup sudo-less access for first-run
 sudo tee /etc/sudoers.d/first-run >/dev/null <<EOF
 Cmnd_Alias FIRST_RUN_CLEANUP = /bin/rm -f /etc/sudoers.d/first-run
+Cmnd_Alias SYMLINK_RESOLVED = /usr/bin/ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+$USER ALL=(ALL) NOPASSWD: /usr/bin/systemctl
 $USER ALL=(ALL) NOPASSWD: /usr/bin/ufw
 $USER ALL=(ALL) NOPASSWD: /usr/bin/ufw-docker
 $USER ALL=(ALL) NOPASSWD: /usr/bin/gtk-update-icon-cache
+$USER ALL=(ALL) NOPASSWD: SYMLINK_RESOLVED
 $USER ALL=(ALL) NOPASSWD: FIRST_RUN_CLEANUP
 EOF
 sudo chmod 440 /etc/sudoers.d/first-run

install/preflight/guard.sh

@@ -5,22 +5,42 @@ abort() {
 }
 
 # Must be an Arch distro
-[[ -f /etc/arch-release ]] || abort "Vanilla Arch"
+if [[ ! -f /etc/arch-release ]]; then
+  abort "Vanilla Arch"
+fi
 
 # Must not be an Arch derivative distro
 for marker in /etc/cachyos-release /etc/eos-release /etc/garuda-release /etc/manjaro-release; do
-  [[ -f "$marker" ]] && abort "Vanilla Arch"
+  if [[ -f "$marker" ]]; then
+    abort "Vanilla Arch"
+  fi
 done
 
 # Must not be running as root
-[ "$EUID" -eq 0 ] && abort "Running as root (not user)"
+if [ "$EUID" -eq 0 ]; then
+  abort "Running as root (not user)"
+fi
 
 # Must be x86 only to fully work
-[ "$(uname -m)" != "x86_64" ] && abort "x86_64 CPU"
+if [ "$(uname -m)" != "x86_64" ]; then
+  abort "x86_64 CPU"
+fi
+
+# Must have secure boot disabled
+if bootctl status 2>/dev/null | grep -q 'Secure Boot: enabled'; then
+  abort "Secure Boot disabled"
+fi
 
 # Must not have Gnome or KDE already install
-pacman -Qe gnome-shell &>/dev/null && abort "Fresh + Vanilla Arch"
-pacman -Qe plasma-desktop &>/dev/null && abort "Fresh + Vanilla Arch"
+if pacman -Qe gnome-shell &>/dev/null || pacman -Qe plasma-desktop &>/dev/null; then
+  abort "Fresh + Vanilla Arch"
+fi
+
+# Must have limine installed
+command -v limine &>/dev/null || abort "Limine bootloader"
+
+# Must have btrfs root filesystem
+[ "$(findmnt -n -o FSTYPE /)" = "btrfs" ] || abort "Btrfs root filesystem" 
 
 # Cleared all guards
 echo "Guards: OK"

install/preflight/pacman.sh

@@ -6,6 +6,13 @@ if [[ -n ${OMARCHY_ONLINE_INSTALL:-} ]]; then
   sudo cp -f ~/.local/share/omarchy/default/pacman/pacman.conf /etc/pacman.conf
   sudo cp -f ~/.local/share/omarchy/default/pacman/mirrorlist /etc/pacman.d/mirrorlist
 
+  sudo pacman-key --recv-keys 40DFB630FF42BCFFB047046CF0134EE680CAC571 --keyserver keys.openpgp.org
+  sudo pacman-key --lsign-key 40DFB630FF42BCFFB047046CF0134EE680CAC571
+
+  sudo pacman -Sy
+  sudo pacman -S --noconfirm --needed omarchy-keyring
+
+
   # Refresh all repos
   sudo pacman -Syu --noconfirm
 fi