From 3801d3a6c8ea05e8e733387fe258e65e7e58dc9e Mon Sep 17 00:00:00 2001
From: Fabio Scotto di Santolo <fabio.scottodisantolo@gmail.com>
Date: Tue, 17 Mar 2026 22:32:10 +0100
Subject: [PATCH] Fix keyring startup and tolerate non-interactive secret
 storage

---
 .../roles/profile_desktop_i3/tasks/main.yml   | 28 ++++++++++++++++++-
 dotfiles/desktop/.config/i3/config            |  1 -
 dotfiles/desktop/.xinitrc                     |  1 +
 3 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/profile_desktop_i3/tasks/main.yml b/ansible/roles/profile_desktop_i3/tasks/main.yml
index fd37be6..cd98058 100644
--- a/ansible/roles/profile_desktop_i3/tasks/main.yml
+++ b/ansible/roles/profile_desktop_i3/tasks/main.yml
@@ -63,15 +63,41 @@
     group: "{{ user_group }}"
     mode: "0600"
 
+- name: Store iCloud mail password in GNOME Keyring
+  ansible.builtin.getent:
+    database: passwd
+    key: "{{ username }}"
+
+- name: Set desktop user runtime UID
+  ansible.builtin.set_fact:
+    desktop_user_uid: "{{ ansible_facts.getent_passwd[username][1] }}"
+
 - name: Store iCloud mail password in GNOME Keyring
   ansible.builtin.command:
     cmd: secret-tool store --label="iCloud Mail" icloud-mail icloud
     stdin: "{{ vault_icloud_mail_password }}"
     stdin_add_newline: false
-  become: false
+  become: true
+  become_user: "{{ username }}"
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ desktop_user_uid }}"
+    DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ desktop_user_uid }}/bus"
+  register: icloud_keyring_store
+  failed_when: false
+  changed_when: icloud_keyring_store.rc == 0
   no_log: true
   when: (vault_icloud_mail_password | default('')) | length > 0
 
+- name: Warn when iCloud keyring storage is skipped
+  ansible.builtin.debug:
+    msg: >-
+      Unable to store iCloud password in GNOME Keyring automatically.
+      Ensure a graphical user session is active, then run:
+      secret-tool store --label="iCloud Mail" icloud-mail icloud
+  when:
+    - (vault_icloud_mail_password | default('')) | length > 0
+    - icloud_keyring_store.rc | default(1) != 0
+
 - name: Ensure local source directory exists
   ansible.builtin.file:
     path: "{{ user_home }}/.local/src"
diff --git a/dotfiles/desktop/.config/i3/config b/dotfiles/desktop/.config/i3/config
index b067615..af88254 100644
--- a/dotfiles/desktop/.config/i3/config
+++ b/dotfiles/desktop/.config/i3/config
@@ -7,7 +7,6 @@ font pango:Liberation Mono 10
 
 # Start XDG autostart entries (.desktop), useful on Void for pipewire/wireplumber/etc.
 exec --no-startup-id dex --autostart --environment i3
-exec --no-startup-id gnome-keyring-daemon --start --components=secrets
 exec_always --no-startup-id feh --bg-fill ~/.config/i3/wallpapers/gargantua2.png
 exec_always --no-startup-id ~/.config/i3/scripts/setup-gtk-theme.sh
 exec --no-startup-id /usr/libexec/xdg-desktop-portal
diff --git a/dotfiles/desktop/.xinitrc b/dotfiles/desktop/.xinitrc
index d0880bf..55dcb0f 100755
--- a/dotfiles/desktop/.xinitrc
+++ b/dotfiles/desktop/.xinitrc
@@ -3,6 +3,7 @@
 # dbus session
 export XDG_CURRENT_DESKTOP=i3
 exec dbus-run-session sh -c "
+    eval \$(gnome-keyring-daemon --start --components=secrets,ssh,gpg)
     eval \$(ssh-agent -s)
     gpgconf --launch gpg-agent
     exec i3