From 68e77daffa51c91afbdcce3a05891c0c6f776165 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@hey.com>
Date: Thu, 17 Jul 2025 14:51:59 -0700
Subject: [PATCH] Better setup flow and add --remove option

---
 bin/omarchy-fido2-setup | 52 ++++++++++++++++++++---------------------
 1 file changed, 25 insertions(+), 27 deletions(-)

diff --git a/bin/omarchy-fido2-setup b/bin/omarchy-fido2-setup
index e873392..e37132a 100755
--- a/bin/omarchy-fido2-setup
+++ b/bin/omarchy-fido2-setup
@@ -1,34 +1,32 @@
 #!/bin/bash
 
-yay -S --noconfirm --needed libfido2 pam-u2f
-
-# Check if the user doesn't want sudo
-while [[ $# -gt 0 ]]; do
-  case $1 in
-  --no-sudo) exit 0 ;;
-  *)
-    echo "Unknown option: $1 \n --no-sudo is the only option"
-    exit 1
-    ;;
-  esac
-  shift
-done
-
-tokens=$(fido2-token -L)
-if [ -z "$tokens" ]; then
-  echo -e "\e[31m\nNo fido2 device detected. Plug it in, you may have to unlock it as well\e[0m"
+if [[ "--remove" == "$1" ]]; then
+  sudo rm -rf /etc/fido2
+  sudo sed -i '\|^auth[[:space:]]\+sufficient[[:space:]]\+pam_u2f\.so[[:space:]]\+cue[[:space:]]\+authfile=/etc/fido2/fido2$|d' /etc/pam.d/sudo
+  echo -e "\e[32mYou've successfully removed the fido2 device setup.\e[0m"
 else
+  yay -S --noconfirm --needed libfido2 pam-u2f
 
-  # Create the pamu2fcfg file
-  if [ ! -f /etc/fido2/fido2 ]; then
-    sudo mkdir -p /etc/fido2
-    echo -e "\e[32m\nLet's setup your device, confirm on the device now\n\e[0m"
-    pamu2fcfg >/tmp/fido2 # This needs to run as the user
-    sudo mv /tmp/fido2 /etc/fido2/fido2
-  fi
+  tokens=$(fido2-token -L)
 
-  # Add fido2 auth as an option for sudo
-  if ! grep -q pam_u2f.so /etc/pam.d/sudo; then
-    sudo sed -i '1i auth    sufficient pam_u2f.so cue authfile=/etc/fido2/fido2' /etc/pam.d/sudo
+  if [ -z "$tokens" ]; then
+    echo -e "\e[31m\nNo fido2 device detected. Plug it in, you may have to unlock it as well\e[0m"
+  else
+    # Create the pamu2fcfg file
+    if [ ! -f /etc/fido2/fido2 ]; then
+      sudo mkdir -p /etc/fido2
+      echo -e "\e[32m\nLet's setup your device by confirming on the device now.\e[0m"
+      pamu2fcfg >/tmp/fido2 # This needs to run as the user
+      sudo mv /tmp/fido2 /etc/fido2/fido2
+    fi
+
+    # Add fido2 auth as an option for sudo
+    if ! grep -q pam_u2f.so /etc/pam.d/sudo; then
+      sudo sed -i '1i auth    sufficient pam_u2f.so cue authfile=/etc/fido2/fido2' /etc/pam.d/sudo
+    fi
+
+    if ! sudo echo -e "\e[32m\nPerfect! Now you can use your fido2 device for sudo.\e[0m"; then
+      echo -e "\e[31m\nSomething went wrong. Maybe try again?\e[0m"
+    fi
   fi
 fi