fscotto/infra
1
0
Fork 0
mirror of https://github.com/fscotto/infra.git synced 2026-05-30 15:39:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add turnstile Emacs service and stable ssh-agent

Browse Source
This commit is contained in:
Fabio Scotto di Santolo
2026-04-10 13:32:03 +02:00
parent b553933502
commit 2eb01d324f
18 changed files with 164 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
AGENTS.md
View File

@@ -155,6 +155,8 @@ Use the narrowest command matching the changed area.
## Area-Specific Notes ## Area-Specific Notes
- `profile_desktop_common` manages shared Void desktop bootstrap, `emptty`, PAM hooks, dotfiles, mail bootstrap, and shared desktop tooling - `profile_desktop_common` manages shared Void desktop bootstrap, `emptty`, PAM hooks, dotfiles, mail bootstrap, and shared desktop tooling
- Void desktop user services now use `turnstile` with runit-backed definitions under `dotfiles/desktop/.config/service/`; session launchers refresh the shared turnstile env for GUI-aware services such as `emacs`
- `ssh-agent` on Void desktops now runs under a separate always-on per-user runsvdir rooted at `~/.local/runit/current`, with a stable socket under `~/.local/state/ssh-agent/socket`
- `profile_desktop_i3` contains the X11/i3 session pieces - `profile_desktop_i3` contains the X11/i3 session pieces
- `profile_desktop_sway` contains the wlroots/Sway session pieces and deploys shared Sway + Waybar dotfiles - `profile_desktop_sway` contains the wlroots/Sway session pieces and deploys shared Sway + Waybar dotfiles
- `profile_desktop_hyprland` contains the optional Hyprland/Wayland session pieces - `profile_desktop_hyprland` contains the optional Hyprland/Wayland session pieces

2
README.md
View File

@@ -85,6 +85,8 @@ Lo stato attuale del profilo desktop include, tra le altre cose:
- sessione i3 su tutti i desktop Void e sessioni Sway/Hyprland opzionali su `nymph` - sessione i3 su tutti i desktop Void e sessioni Sway/Hyprland opzionali su `nymph`
- `emptty` con scelta sessione a login su `nymph` e default host-specific sugli altri desktop - `emptty` con scelta sessione a login su `nymph` e default host-specific sugli altri desktop
- pacchetti Void Linux e servizi runit - pacchetti Void Linux e servizi runit
- `turnstile` per servizi utente agganciati alla sessione, incluso `emacs` come server per `emacsclient`
- `ssh-agent` come servizio runit utente always-on con socket stabile condiviso tra shell, SSH ed Emacs
- Flatpak con remoto Flathub - Flatpak con remoto Flathub
- GNOME Keyring e bootstrap della posta via script dedicato - GNOME Keyring e bootstrap della posta via script dedicato
- `Waybar` separata per compositor (`config-sway.jsonc` e `config-hyprland.jsonc`) con `style.css` condiviso - `Waybar` separata per compositor (`config-sway.jsonc` e `config-hyprland.jsonc`) con `style.css` condiviso

9
ansible/inventory/group_vars/desktop.yml
View File

@@ -19,6 +19,7 @@ desktop_common_packages:
- pinentry-emacs - pinentry-emacs
- pinentry-gtk - pinentry-gtk
- rofi - rofi
- turnstile
- udiskie - udiskie
- xfce-polkit - xfce-polkit
- xdg-desktop-portal - xdg-desktop-portal
@@ -169,6 +170,10 @@ desktop_common_dotfiles:
src: .config/opencode/ src: .config/opencode/
dest: .config/opencode/ dest: .config/opencode/
mode: preserve mode: preserve
- name: Turnstile user services
src: .config/service/
dest: .config/service/
mode: preserve
- name: Bash profile fragments - name: Bash profile fragments
src: .bashrc.d/ src: .bashrc.d/
dest: .bashrc.d/ dest: .bashrc.d/
@@ -205,6 +210,10 @@ desktop_common_dotfiles:
src: .local/bin/powermenu src: .local/bin/powermenu
dest: .local/bin/powermenu dest: .local/bin/powermenu
mode: "0755" mode: "0755"
- name: Turnstile environment update script
src: .local/bin/update-turnstile-env
dest: .local/bin/update-turnstile-env
mode: "0755"
desktop_i3_dotfiles: desktop_i3_dotfiles:
- name: i3 config - name: i3 config

1
ansible/inventory/group_vars/void.yml
View File

@@ -50,6 +50,7 @@ enabled_services:
- libvirtd - libvirtd
- nanoklogd - nanoklogd
- socklog-unix - socklog-unix
- turnstiled
- ufw - ufw
- virtlockd - virtlockd
- virtlogd - virtlogd

4
ansible/roles/profile_desktop_common/tasks/main.yml
View File

@@ -311,6 +311,10 @@
loop: loop:
- path: "{{ user_home }}/.local" - path: "{{ user_home }}/.local"
mode: "0755" mode: "0755"
- path: "{{ user_home }}/.local/state"
mode: "0755"
- path: "{{ user_home }}/.local/state/ssh-agent"
mode: "0700"
- path: "{{ user_home }}/.local/share" - path: "{{ user_home }}/.local/share"
mode: "0755" mode: "0755"
- path: "{{ user_home }}/.local/share/keyrings" - path: "{{ user_home }}/.local/share/keyrings"

65
ansible/roles/services_runit/tasks/main.yml
View File

@@ -14,3 +14,68 @@
dest: "/var/service/{{ item }}" dest: "/var/service/{{ item }}"
state: link state: link
loop: "{{ host_enabled_services | default([]) }}" loop: "{{ host_enabled_services | default([]) }}"
- name: Ensure per-user runit directories exist
tags: [services, packages]
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
owner: "{{ username }}"
group: "{{ user_group }}"
mode: "{{ item.mode }}"
loop:
- path: "{{ user_home }}/.local/runit"
mode: "0755"
- path: "{{ user_home }}/.local/runit/current"
mode: "0755"
- path: "{{ user_home }}/.local/runit/sv"
mode: "0755"
- path: "{{ user_home }}/.local/runit/sv/ssh-agent"
mode: "0755"
- path: "{{ user_home }}/.local/state"
mode: "0755"
- path: "{{ user_home }}/.local/state/ssh-agent"
mode: "0700"
- name: Render per-user ssh-agent runit service
tags: [services, packages]
ansible.builtin.template:
src: ssh-agent.run.j2
dest: "{{ user_home }}/.local/runit/sv/ssh-agent/run"
owner: "{{ username }}"
group: "{{ user_group }}"
mode: "0755"
- name: Enable per-user ssh-agent runit service
tags: [services, packages]
ansible.builtin.file:
src: "../sv/ssh-agent"
dest: "{{ user_home }}/.local/runit/current/ssh-agent"
state: link
owner: "{{ username }}"
group: "{{ user_group }}"
- name: Ensure per-user runsvdir service directory exists
tags: [services, packages]
ansible.builtin.file:
path: "/etc/sv/runsvdir-{{ username }}"
state: directory
owner: root
group: root
mode: "0755"
- name: Render per-user runsvdir system service
tags: [services, packages]
ansible.builtin.template:
src: runsvdir-user.run.j2
dest: "/etc/sv/runsvdir-{{ username }}/run"
owner: root
group: root
mode: "0755"
- name: Enable per-user runsvdir system service
tags: [services, packages]
ansible.builtin.file:
src: "/etc/sv/runsvdir-{{ username }}"
dest: "/var/service/runsvdir-{{ username }}"
state: link

11
ansible/roles/services_runit/templates/runsvdir-user.run.j2 Normal file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
set -eu
export USER="{{ username }}"
export HOME="{{ user_home }}"
groups="$(id -Gn "$USER" | tr ' ' ':')"
svdir="$HOME/.local/runit/current"
exec chpst -u "$USER:$groups" runsvdir "$svdir"

11
ansible/roles/services_runit/templates/ssh-agent.run.j2 Normal file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
set -eu
sockdir="{{ user_home }}/.local/state/ssh-agent"
sockpath="$sockdir/socket"
mkdir -p "$sockdir"
rm -f "$sockpath"
exec ssh-agent -D -a "$sockpath"

2
dotfiles/desktop/.bashrc.d/15-runit-desktop.sh Normal file
View File

@@ -0,0 +1,2 @@
export SVDIR="$HOME/.local/runit/current"
export SSH_AUTH_SOCK="$HOME/.local/state/ssh-agent/socket"

15
dotfiles/desktop/.bashrc.d/25-emacs-client-desktop.sh Normal file
View File

@@ -0,0 +1,15 @@
if command -v emacsclient >/dev/null 2>&1; then
ec() {
emacsclient -c -n "$@" || {
printf '%s\n' "Emacs server is not available. Log into a graphical session and ensure the turnstile-managed 'emacs' service is running." >&2
return 1
}
}
et() {
emacsclient -t "$@" || {
printf '%s\n' "Emacs server is not available. Ensure the turnstile-managed 'emacs' service is running in your graphical session." >&2
return 1
}
}
fi

2
dotfiles/desktop/.config/hypr/hyprland.conf
View File

@@ -7,6 +7,7 @@ $locker = ~/.local/bin/lock-session
$screenshot = ~/.local/bin/screenshot-wayland $screenshot = ~/.local/bin/screenshot-wayland
exec-once = dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP exec-once = dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
exec-once = ~/.local/bin/update-turnstile-env
exec-once = dex --autostart --environment Hyprland exec-once = dex --autostart --environment Hyprland
exec-once = gnome-keyring-daemon --start --components=secrets exec-once = gnome-keyring-daemon --start --components=secrets
exec-once = ~/.local/bin/setup-gtk-theme exec-once = ~/.local/bin/setup-gtk-theme
@@ -79,6 +80,7 @@ windowrulev2 = float,class:^(blueman-manager)$
bind = $mod, Return, exec, $terminal bind = $mod, Return, exec, $terminal
bind = $mod SHIFT, Return, exec, $fallback_terminal bind = $mod SHIFT, Return, exec, $fallback_terminal
bind = $mod SHIFT, E, exec, emacsclient -c -n
bind = $mod, D, exec, $menu bind = $mod, D, exec, $menu
bind = $mod SHIFT, V, exec, pavucontrol bind = $mod SHIFT, V, exec, pavucontrol
bind = $mod SHIFT, F, exec, thunar bind = $mod SHIFT, F, exec, thunar

3
dotfiles/desktop/.config/i3/config
View File

@@ -58,6 +58,9 @@ bindsym $mod+Return exec --no-startup-id /usr/bin/alacritty
# Emergency terminal fallback # Emergency terminal fallback
bindsym $mod+Shift+Return exec --no-startup-id st bindsym $mod+Shift+Return exec --no-startup-id st
# Emacs client
bindsym $mod+Shift+e exec --no-startup-id emacsclient -c -n
# Launcher # Launcher
#bindsym $mod+d exec --no-startup-id "rofi -modi drun,run -show drun" #bindsym $mod+d exec --no-startup-id "rofi -modi drun,run -show drun"
bindsym $mod+d exec --no-startup-id "rofi -show drun -theme ~/.config/rofi/config.rasi" bindsym $mod+d exec --no-startup-id "rofi -show drun -theme ~/.config/rofi/config.rasi"

11
dotfiles/desktop/.config/service/emacs/run Executable file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
set -eu
export SSH_AUTH_SOCK="$HOME/.local/state/ssh-agent/socket"
if [ -n "${TURNSTILE_ENV_DIR:-}" ]; then
exec chpst -e "$TURNSTILE_ENV_DIR" emacs --fg-daemon
fi
exec emacs --fg-daemon

2
dotfiles/desktop/.config/sway/config
View File

@@ -14,6 +14,7 @@ font pango:Liberation Mono 10
# Session bootstrap # Session bootstrap
exec dbus-update-activation-environment --systemd WAYLAND_DISPLAY DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP XDG_SESSION_DESKTOP XDG_SESSION_TYPE XCURSOR_THEME XCURSOR_SIZE exec dbus-update-activation-environment --systemd WAYLAND_DISPLAY DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP XDG_SESSION_DESKTOP XDG_SESSION_TYPE XCURSOR_THEME XCURSOR_SIZE
exec systemctl --user import-environment WAYLAND_DISPLAY DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP XDG_SESSION_DESKTOP XDG_SESSION_TYPE XCURSOR_THEME XCURSOR_SIZE exec systemctl --user import-environment WAYLAND_DISPLAY DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP XDG_SESSION_DESKTOP XDG_SESSION_TYPE XCURSOR_THEME XCURSOR_SIZE
exec ~/.local/bin/update-turnstile-env
exec dex --autostart --environment sway exec dex --autostart --environment sway
exec gnome-keyring-daemon --start --components=secrets exec gnome-keyring-daemon --start --components=secrets
exec ~/.local/bin/setup-gtk-theme exec ~/.local/bin/setup-gtk-theme
@@ -71,6 +72,7 @@ set $right l
# App launchers and window actions # App launchers and window actions
bindsym $mod+Return exec $terminal bindsym $mod+Return exec $terminal
bindsym $mod+Shift+Return exec $fallback_terminal bindsym $mod+Shift+Return exec $fallback_terminal
bindsym $mod+Shift+e exec emacsclient -c -n
bindsym $mod+d exec $menu bindsym $mod+d exec $menu
bindsym $mod+Shift+v exec pavucontrol bindsym $mod+Shift+v exec pavucontrol
bindsym $mod+Shift+f exec thunar bindsym $mod+Shift+f exec thunar

3
dotfiles/desktop/.local/bin/start-hyprland-session
View File

@@ -12,11 +12,12 @@ session_name=${1##*/}
export XDG_CURRENT_DESKTOP="$session_name" export XDG_CURRENT_DESKTOP="$session_name"
export XDG_SESSION_DESKTOP="$session_name" export XDG_SESSION_DESKTOP="$session_name"
export XDG_SESSION_TYPE=wayland export XDG_SESSION_TYPE=wayland
export SSH_AUTH_SOCK="$HOME/.local/state/ssh-agent/socket"
exec dbus-run-session sh -eu -c ' exec dbus-run-session sh -eu -c '
umask 077 umask 077
printf "%s\n" "$DBUS_SESSION_BUS_ADDRESS" > "$HOME/.dbus-session-bus-address" printf "%s\n" "$DBUS_SESSION_BUS_ADDRESS" > "$HOME/.dbus-session-bus-address"
eval "$(ssh-agent -s)" >/dev/null
gpgconf --launch gpg-agent gpgconf --launch gpg-agent
"$HOME/.local/bin/update-turnstile-env"
exec "$@" exec "$@"
' sh "$@" ' sh "$@"

3
dotfiles/desktop/.local/bin/start-sway-session
View File

@@ -11,6 +11,7 @@ session_name=sway
export XDG_CURRENT_DESKTOP="$session_name" export XDG_CURRENT_DESKTOP="$session_name"
export XDG_SESSION_DESKTOP="$session_name" export XDG_SESSION_DESKTOP="$session_name"
export XDG_SESSION_TYPE=wayland export XDG_SESSION_TYPE=wayland
export SSH_AUTH_SOCK="$HOME/.local/state/ssh-agent/socket"
if [ "${SWAY_UNSUPPORTED_GPU:-0}" = "1" ]; then if [ "${SWAY_UNSUPPORTED_GPU:-0}" = "1" ]; then
set -- sway --unsupported-gpu set -- sway --unsupported-gpu
@@ -21,7 +22,7 @@ fi
exec dbus-run-session sh -eu -c ' exec dbus-run-session sh -eu -c '
umask 077 umask 077
printf "%s\n" "$DBUS_SESSION_BUS_ADDRESS" > "$HOME/.dbus-session-bus-address" printf "%s\n" "$DBUS_SESSION_BUS_ADDRESS" > "$HOME/.dbus-session-bus-address"
eval "$(ssh-agent -s)" >/dev/null
gpgconf --launch gpg-agent gpgconf --launch gpg-agent
"$HOME/.local/bin/update-turnstile-env"
exec "$@" exec "$@"
' sh "$@" ' sh "$@"

18
dotfiles/desktop/.local/bin/update-turnstile-env Executable file
View File

@@ -0,0 +1,18 @@
#!/bin/sh
set -eu
if ! command -v turnstile-update-runit-env >/dev/null 2>&1; then
exit 0
fi
turnstile-update-runit-env \
DISPLAY \
WAYLAND_DISPLAY \
XAUTHORITY \
DBUS_SESSION_BUS_ADDRESS \
SSH_AUTH_SOCK \
XDG_CURRENT_DESKTOP \
XDG_SESSION_DESKTOP \
XDG_SESSION_TYPE \
SWAYSOCK >/dev/null 2>&1 || true

3
dotfiles/desktop/.xinitrc
View File

@@ -10,11 +10,12 @@ session_name=${1##*/}
export XDG_CURRENT_DESKTOP="$session_name" export XDG_CURRENT_DESKTOP="$session_name"
export XDG_SESSION_DESKTOP="$session_name" export XDG_SESSION_DESKTOP="$session_name"
export XDG_SESSION_TYPE=x11 export XDG_SESSION_TYPE=x11
export SSH_AUTH_SOCK="$HOME/.local/state/ssh-agent/socket"
exec dbus-run-session sh -eu -c ' exec dbus-run-session sh -eu -c '
umask 077 umask 077
printf "%s\n" "$DBUS_SESSION_BUS_ADDRESS" > "$HOME/.dbus-session-bus-address" printf "%s\n" "$DBUS_SESSION_BUS_ADDRESS" > "$HOME/.dbus-session-bus-address"
eval "$(ssh-agent -s)" >/dev/null
gpgconf --launch gpg-agent gpgconf --launch gpg-agent
"$HOME/.local/bin/update-turnstile-env"
exec "$@" exec "$@"
' sh "$@" ' sh "$@"