Add turnstile Emacs service and stable ssh-agent

2026-05-30 15:39:58 +00:00 · 2026-04-10 13:32:03 +02:00
parent 7f82fc39d9
commit 5c57cce97c
18 changed files with 164 additions and 3 deletions
--- a/ansible/roles/profile_desktop_common/tasks/main.yml
+++ b/ansible/roles/profile_desktop_common/tasks/main.yml
@@ -311,6 +311,10 @@
  loop:
    - path: "{{ user_home }}/.local"
      mode: "0755"
+    - path: "{{ user_home }}/.local/state"
+      mode: "0755"
+    - path: "{{ user_home }}/.local/state/ssh-agent"
+      mode: "0700"
    - path: "{{ user_home }}/.local/share"
      mode: "0755"
    - path: "{{ user_home }}/.local/share/keyrings"
--- a/ansible/roles/services_runit/tasks/main.yml
+++ b/ansible/roles/services_runit/tasks/main.yml
@@ -14,3 +14,68 @@
    dest: "/var/service/{{ item }}"
    state: link
  loop: "{{ host_enabled_services | default([]) }}"
+
+- name: Ensure per-user runit directories exist
+  tags: [services, packages]
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+    mode: "{{ item.mode }}"
+  loop:
+    - path: "{{ user_home }}/.local/runit"
+      mode: "0755"
+    - path: "{{ user_home }}/.local/runit/current"
+      mode: "0755"
+    - path: "{{ user_home }}/.local/runit/sv"
+      mode: "0755"
+    - path: "{{ user_home }}/.local/runit/sv/ssh-agent"
+      mode: "0755"
+    - path: "{{ user_home }}/.local/state"
+      mode: "0755"
+    - path: "{{ user_home }}/.local/state/ssh-agent"
+      mode: "0700"
+
+- name: Render per-user ssh-agent runit service
+  tags: [services, packages]
+  ansible.builtin.template:
+    src: ssh-agent.run.j2
+    dest: "{{ user_home }}/.local/runit/sv/ssh-agent/run"
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+    mode: "0755"
+
+- name: Enable per-user ssh-agent runit service
+  tags: [services, packages]
+  ansible.builtin.file:
+    src: "../sv/ssh-agent"
+    dest: "{{ user_home }}/.local/runit/current/ssh-agent"
+    state: link
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+
+- name: Ensure per-user runsvdir service directory exists
+  tags: [services, packages]
+  ansible.builtin.file:
+    path: "/etc/sv/runsvdir-{{ username }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+
+- name: Render per-user runsvdir system service
+  tags: [services, packages]
+  ansible.builtin.template:
+    src: runsvdir-user.run.j2
+    dest: "/etc/sv/runsvdir-{{ username }}/run"
+    owner: root
+    group: root
+    mode: "0755"
+
+- name: Enable per-user runsvdir system service
+  tags: [services, packages]
+  ansible.builtin.file:
+    src: "/etc/sv/runsvdir-{{ username }}"
+    dest: "/var/service/runsvdir-{{ username }}"
+    state: link
--- a/ansible/roles/services_runit/templates/runsvdir-user.run.j2
+++ b/ansible/roles/services_runit/templates/runsvdir-user.run.j2
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -eu
+
+export USER="{{ username }}"
+export HOME="{{ user_home }}"
+
+groups="$(id -Gn "$USER" | tr ' ' ':')"
+svdir="$HOME/.local/runit/current"
+
+exec chpst -u "$USER:$groups" runsvdir "$svdir"
--- a/ansible/roles/services_runit/templates/ssh-agent.run.j2
+++ b/ansible/roles/services_runit/templates/ssh-agent.run.j2
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -eu
+
+sockdir="{{ user_home }}/.local/state/ssh-agent"
+sockpath="$sockdir/socket"
+
+mkdir -p "$sockdir"
+rm -f "$sockpath"
+
+exec ssh-agent -D -a "$sockpath"