From 0723059fb3cb2520db0e944a3eb9a53f26712355 Mon Sep 17 00:00:00 2001
From: Martin Mose Hansen <martinmosehansen@me.com>
Date: Wed, 3 Sep 2025 17:08:09 +0200
Subject: [PATCH] fix: ensure that ufw is enabled

---
 install/first-run/firewall.sh |  3 +++
 migrations/1756911131.sh      | 13 +++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100755 migrations/1756911131.sh

diff --git a/install/first-run/firewall.sh b/install/first-run/firewall.sh
index efd1159..c802467 100755
--- a/install/first-run/firewall.sh
+++ b/install/first-run/firewall.sh
@@ -17,6 +17,9 @@ sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'al
 # Turn on the firewall
 sudo ufw --force enable
 
+# Enable UFW systemd service to start on boot
+sudo systemctl enable ufw
+
 # Turn on Docker protections
 sudo ufw-docker install
 sudo ufw reload
diff --git a/migrations/1756911131.sh b/migrations/1756911131.sh
new file mode 100755
index 0000000..c7e9cd5
--- /dev/null
+++ b/migrations/1756911131.sh
@@ -0,0 +1,13 @@
+echo "Enable UFW systemd service for existing installations"
+
+# Check if UFW is installed and configured but systemd service not enabled
+if command -v ufw >/dev/null 2>&1; then
+  # Check if UFW has rules configured (indicating it was set up by Omarchy)
+  if sudo ufw status | grep -q "Status: active\|22/tcp\|53317"; then
+    # Enable UFW systemd service if not already enabled
+    if ! systemctl is-enabled ufw >/dev/null 2>&1; then
+      sudo systemctl enable ufw
+      echo "UFW systemd service enabled"
+    fi
+  fi
+fi
\ No newline at end of file