Move user services to turnstile

2026-05-30 15:39:58 +00:00 · 2026-04-14 14:12:30 +02:00
parent a783b2d174
commit 98805d9290
10 changed files with 31 additions and 203 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -52,9 +52,9 @@ Ansible-driven personal infrastructure repo for Void desktops, Linux workstation
 ## Desktop Void Notes
 - `profile_desktop_common` owns the shared desktop bootstrap.
- GUI-aware user services use `turnstile` and live under `dotfiles/desktop/.config/service/`.
+- User services are managed by `turnstile` and live under `dotfiles/desktop/.config/service/`.
- `ssh-agent` is a separate always-on per-user runit service under `~/.local/runit/current` with stable socket `~/.local/state/ssh-agent/socket`.
+- `ssh-agent` runs under `turnstile` with stable socket `~/.local/state/ssh-agent/socket`.
- `ollama` is installed from the upstream Linux tarball into `/usr/local` and runs as a separate always-on per-user runit service under `~/.local/runit/current`.
+- `ollama` is installed from the upstream Linux tarball into `/usr/local` and runs under `turnstile`.
 - `Codex CLI` is installed globally via npm and can target the local Ollama instance.
 - Critical session entrypoints:
  - `dotfiles/desktop/.xinitrc`
--- a/README.md
+++ b/README.md
@@ -85,9 +85,9 @@ Lo stato attuale del profilo desktop include, tra le altre cose:
 - sessione i3 su tutti i desktop Void e sessioni Sway/Hyprland opzionali su `nymph`
 - `emptty` con scelta sessione a login su `nymph` e default host-specific sugli altri desktop
 - pacchetti Void Linux e servizi runit
- `turnstile` per servizi utente agganciati alla sessione, incluso `emacs` come server per `emacsclient`
+- `turnstile` per i servizi utente, inclusi `emacs`, `ssh-agent` e `ollama`
- `ssh-agent` come servizio runit utente always-on con socket stabile condiviso tra shell, SSH ed Emacs
+- `ssh-agent` con socket stabile condiviso tra shell, SSH ed Emacs in `~/.local/state/ssh-agent/socket`
- `ollama` installato da tarball upstream e gestito come servizio runit utente always-on, con `Codex CLI` installato globalmente via npm
+- `ollama` installato da tarball upstream e gestito come servizio utente `turnstile`, con `Codex CLI` installato globalmente via npm
 - Flatpak con remoto Flathub
 - GNOME Keyring e bootstrap della posta via script dedicato
 - `Waybar` separata per compositor (`config-sway.jsonc` e `config-hyprland.jsonc`) con `style.css` condiviso
--- a/ansible/roles/services_runit/tasks/main.yml
+++ b/ansible/roles/services_runit/tasks/main.yml
@@ -14,107 +14,3 @@
    dest: "/var/service/{{ item }}"
    state: link
  loop: "{{ host_enabled_services | default([]) }}"
 - name: Define per-user runit services
  tags: [services, packages]
  ansible.builtin.set_fact:
    per_user_runit_services:
      - name: ollama
        template: ollama.run.j2
        state_dirs: []
      - name: ssh-agent
        template: ssh-agent.run.j2
        state_dirs:
          - path: "{{ user_home }}/.local/state/ssh-agent"
            mode: "0700"
 - name: Ensure per-user runit directories exist
  tags: [services, packages]
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
    owner: "{{ username }}"
    group: "{{ user_group }}"
    mode: "{{ item.mode }}"
  loop:
    - path: "{{ user_home }}/.local/runit"
      mode: "0755"
    - path: "{{ user_home }}/.local/runit/current"
      mode: "0755"
    - path: "{{ user_home }}/.local/runit/sv"
      mode: "0755"
    - path: "{{ user_home }}/.local/state"
      mode: "0755"
 - name: Ensure per-user runit service directories exist
  tags: [services, packages]
  ansible.builtin.file:
    path: "{{ user_home }}/.local/runit/sv/{{ item.name }}"
    state: directory
    owner: "{{ username }}"
    group: "{{ user_group }}"
    mode: "0755"
  loop: "{{ per_user_runit_services }}"
  loop_control:
    label: "{{ item.name }}"
 - name: Ensure per-user runit service state directories exist
  tags: [services, packages]
  ansible.builtin.file:
    path: "{{ item.1.path }}"
    state: directory
    owner: "{{ username }}"
    group: "{{ user_group }}"
    mode: "{{ item.1.mode }}"
  loop: "{{ per_user_runit_services | subelements('state_dirs', skip_missing=True) }}"
  loop_control:
    label: "{{ item.1.path }}"
 - name: Render per-user runit services
  tags: [services, packages]
  ansible.builtin.template:
    src: "{{ item.template }}"
    dest: "{{ user_home }}/.local/runit/sv/{{ item.name }}/run"
    owner: "{{ username }}"
    group: "{{ user_group }}"
    mode: "0755"
  loop: "{{ per_user_runit_services }}"
  loop_control:
    label: "{{ item.name }}"
 - name: Enable per-user runit services
  tags: [services, packages]
  ansible.builtin.file:
    src: "../sv/{{ item.name }}"
    dest: "{{ user_home }}/.local/runit/current/{{ item.name }}"
    state: link
    owner: "{{ username }}"
    group: "{{ user_group }}"
  loop: "{{ per_user_runit_services }}"
  loop_control:
    label: "{{ item.name }}"
 - name: Ensure per-user runsvdir service directory exists
  tags: [services, packages]
  ansible.builtin.file:
    path: "/etc/sv/runsvdir-{{ username }}"
    state: directory
    owner: root
    group: root
    mode: "0755"
 - name: Render per-user runsvdir system service
  tags: [services, packages]
  ansible.builtin.template:
    src: runsvdir-user.run.j2
    dest: "/etc/sv/runsvdir-{{ username }}/run"
    owner: root
    group: root
    mode: "0755"
 - name: Enable per-user runsvdir system service
  tags: [services, packages]
  ansible.builtin.file:
    src: "/etc/sv/runsvdir-{{ username }}"
    dest: "/var/service/runsvdir-{{ username }}"
    state: link
--- a/ansible/roles/services_runit/templates/ollama.run.j2
+++ b/ansible/roles/services_runit/templates/ollama.run.j2
@@ -1,5 +0,0 @@
 #!/bin/sh
 set -eu
 exec /usr/local/bin/ollama serve
--- a/ansible/roles/services_runit/templates/runsvdir-user.run.j2
+++ b/ansible/roles/services_runit/templates/runsvdir-user.run.j2
@@ -1,11 +0,0 @@
 #!/bin/sh
 set -eu
 export USER="{{ username }}"
 export HOME="{{ user_home }}"
 groups="$(id -Gn "$USER" | tr ' ' ':')"
 svdir="$HOME/.local/runit/current"
 exec chpst -u "$USER:$groups" runsvdir "$svdir"
--- a/ansible/roles/services_runit/templates/ssh-agent.run.j2
+++ b/ansible/roles/services_runit/templates/ssh-agent.run.j2
@@ -1,11 +0,0 @@
 #!/bin/sh
 set -eu
 sockdir="{{ user_home }}/.local/state/ssh-agent"
 sockpath="$sockdir/socket"
 mkdir -p "$sockdir"
 rm -f "$sockpath"
 exec ssh-agent -D -a "$sockpath"
--- a/dotfiles/desktop/.bashrc.d/15-runit-desktop.sh
+++ b/dotfiles/desktop/.bashrc.d/15-runit-desktop.sh
@@ -1,2 +1,2 @@
-export SVDIR="$HOME/.local/runit/current"
+export SVDIR="$HOME/.config/service"
 export SSH_AUTH_SOCK="$HOME/.local/state/ssh-agent/socket"
--- a/dotfiles/desktop/.bashrc.d/16-vsv-wrappers.sh
+++ b/dotfiles/desktop/.bashrc.d/16-vsv-wrappers.sh
@@ -1,65 +0,0 @@
 vsvu() {
  command vsv -d "$HOME/.local/runit/current" "$@"
 }
 vsvs() {
  command vsv -d "$HOME/.config/service" "$@"
 }
 vsvc() {
  local user_svdir session_svdir cmd service user_path session_path
  user_svdir="$HOME/.local/runit/current"
  session_svdir="$HOME/.config/service"
  if ! command -v vsv >/dev/null 2>&1; then
    printf '%s\n' "vsv is not installed or not in PATH" >&2
    return 127
  fi
  if [ "$#" -eq 0 ] || { [ "$1" = "status" ] && [ "$#" -eq 1 ]; }; then
    printf '%s\n' "== Always-on services =="
    if [ -d "$user_svdir" ]; then
      command vsv -d "$user_svdir" status
    else
      printf '%s\n' "missing: $user_svdir" >&2
    fi
    printf '\n%s\n' "== Session services =="
    if [ -d "$session_svdir" ]; then
      command vsv -d "$session_svdir" status
    else
      printf '%s\n' "missing: $session_svdir" >&2
    fi
    return
  fi
  cmd="$1"
  service="$2"
  if [ -z "$service" ]; then
    printf '%s\n' "usage: vsvc [status [service] | <command> <service>]" >&2
    return 2
  fi
  user_path="$user_svdir/$service"
  session_path="$session_svdir/$service"
  if [ -e "$user_path" ] && [ -e "$session_path" ]; then
    printf '%s\n' "service '$service' exists in both trees; use vsvu or vsvs explicitly" >&2
    return 2
  fi
  if [ -e "$user_path" ]; then
    command vsv -d "$user_svdir" "$@"
    return
  fi
  if [ -e "$session_path" ]; then
    command vsv -d "$session_svdir" "$@"
    return
  fi
  printf '%s\n' "service '$service' not found in $user_svdir or $session_svdir" >&2
  return 1
 }
--- a/dotfiles/desktop/.config/service/ollama/run
+++ b/dotfiles/desktop/.config/service/ollama/run
@@ -0,0 +1,9 @@
 #!/bin/sh
 set -eu
 if [ -n "${TURNSTILE_ENV_DIR:-}" ]; then
  exec chpst -e "$TURNSTILE_ENV_DIR" /usr/local/bin/ollama serve
 fi
 exec /usr/local/bin/ollama serve
--- a/dotfiles/desktop/.config/service/ssh-agent/run
+++ b/dotfiles/desktop/.config/service/ssh-agent/run
@@ -0,0 +1,15 @@
 #!/bin/sh
 set -eu
 sockdir="$HOME/.local/state/ssh-agent"
 sockpath="$sockdir/socket"
 mkdir -p "$sockdir"
 rm -f "$sockpath"
 if [ -n "${TURNSTILE_ENV_DIR:-}" ]; then
  exec chpst -e "$TURNSTILE_ENV_DIR" ssh-agent -D -a "$sockpath"
 fi
 exec ssh-agent -D -a "$sockpath"
`@@ -1,2 +1,2 @@`
	`export SVDIR="$HOME/.local/runit/current"`	`export SVDIR="$HOME/.config/service"`
	`export SSH_AUTH_SOCK="$HOME/.local/state/ssh-agent/socket"`	`export SSH_AUTH_SOCK="$HOME/.local/state/ssh-agent/socket"`