fscotto/infra
1
0
Fork 0
mirror of https://github.com/fscotto/infra.git synced 2026-05-30 15:39:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix keyring startup and tolerate non-interactive secret storage

Browse Source
This commit is contained in:
Fabio Scotto di Santolo
2026-03-17 22:32:10 +01:00
parent e21c25c35f
commit 3801d3a6c8
3 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
ansible/roles/profile_desktop_i3/tasks/main.yml
View File

@@ -63,15 +63,41 @@
group: "{{ user_group }}" group: "{{ user_group }}"
mode: "0600" mode: "0600"
- name: Store iCloud mail password in GNOME Keyring
ansible.builtin.getent:
database: passwd
key: "{{ username }}"
- name: Set desktop user runtime UID
ansible.builtin.set_fact:
desktop_user_uid: "{{ ansible_facts.getent_passwd[username][1] }}"
- name: Store iCloud mail password in GNOME Keyring - name: Store iCloud mail password in GNOME Keyring
ansible.builtin.command: ansible.builtin.command:
cmd: secret-tool store --label="iCloud Mail" icloud-mail icloud cmd: secret-tool store --label="iCloud Mail" icloud-mail icloud
stdin: "{{ vault_icloud_mail_password }}" stdin: "{{ vault_icloud_mail_password }}"
stdin_add_newline: false stdin_add_newline: false
become: false become: true
become_user: "{{ username }}"
environment:
XDG_RUNTIME_DIR: "/run/user/{{ desktop_user_uid }}"
DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ desktop_user_uid }}/bus"
register: icloud_keyring_store
failed_when: false
changed_when: icloud_keyring_store.rc == 0
no_log: true no_log: true
when: (vault_icloud_mail_password | default('')) | length > 0 when: (vault_icloud_mail_password | default('')) | length > 0
- name: Warn when iCloud keyring storage is skipped
ansible.builtin.debug:
msg: >-
Unable to store iCloud password in GNOME Keyring automatically.
Ensure a graphical user session is active, then run:
secret-tool store --label="iCloud Mail" icloud-mail icloud
when:
- (vault_icloud_mail_password | default('')) | length > 0
- icloud_keyring_store.rc | default(1) != 0
- name: Ensure local source directory exists - name: Ensure local source directory exists
ansible.builtin.file: ansible.builtin.file:
path: "{{ user_home }}/.local/src" path: "{{ user_home }}/.local/src"

1
dotfiles/desktop/.config/i3/config
View File

@@ -7,7 +7,6 @@ font pango:Liberation Mono 10
# Start XDG autostart entries (.desktop), useful on Void for pipewire/wireplumber/etc. # Start XDG autostart entries (.desktop), useful on Void for pipewire/wireplumber/etc.
exec --no-startup-id dex --autostart --environment i3 exec --no-startup-id dex --autostart --environment i3
exec --no-startup-id gnome-keyring-daemon --start --components=secrets
exec_always --no-startup-id feh --bg-fill ~/.config/i3/wallpapers/gargantua2.png exec_always --no-startup-id feh --bg-fill ~/.config/i3/wallpapers/gargantua2.png
exec_always --no-startup-id ~/.config/i3/scripts/setup-gtk-theme.sh exec_always --no-startup-id ~/.config/i3/scripts/setup-gtk-theme.sh
exec --no-startup-id /usr/libexec/xdg-desktop-portal exec --no-startup-id /usr/libexec/xdg-desktop-portal

1
dotfiles/desktop/.xinitrc
View File

@@ -3,6 +3,7 @@
# dbus session # dbus session
export XDG_CURRENT_DESKTOP=i3 export XDG_CURRENT_DESKTOP=i3
exec dbus-run-session sh -c " exec dbus-run-session sh -c "
eval \$(gnome-keyring-daemon --start --components=secrets,ssh,gpg)
eval \$(ssh-agent -s) eval \$(ssh-agent -s)
gpgconf --launch gpg-agent gpgconf --launch gpg-agent
exec i3 exec i3