Move user services to turnstile

2026-05-30 15:39:58 +00:00 · 2026-04-14 14:12:30 +02:00
parent a783b2d174
commit 98805d9290
10 changed files with 31 additions and 203 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -52,9 +52,9 @@ Ansible-driven personal infrastructure repo for Void desktops, Linux workstation

 ## Desktop Void Notes
 - `profile_desktop_common` owns the shared desktop bootstrap.
- GUI-aware user services use `turnstile` and live under `dotfiles/desktop/.config/service/`.
- `ssh-agent` is a separate always-on per-user runit service under `~/.local/runit/current` with stable socket `~/.local/state/ssh-agent/socket`.
- `ollama` is installed from the upstream Linux tarball into `/usr/local` and runs as a separate always-on per-user runit service under `~/.local/runit/current`.
+- User services are managed by `turnstile` and live under `dotfiles/desktop/.config/service/`.
+- `ssh-agent` runs under `turnstile` with stable socket `~/.local/state/ssh-agent/socket`.
+- `ollama` is installed from the upstream Linux tarball into `/usr/local` and runs under `turnstile`.
 - `Codex CLI` is installed globally via npm and can target the local Ollama instance.
 - Critical session entrypoints:
  - `dotfiles/desktop/.xinitrc`
--- a/README.md
+++ b/README.md
@@ -85,9 +85,9 @@ Lo stato attuale del profilo desktop include, tra le altre cose:
 - sessione i3 su tutti i desktop Void e sessioni Sway/Hyprland opzionali su `nymph`
 - `emptty` con scelta sessione a login su `nymph` e default host-specific sugli altri desktop
 - pacchetti Void Linux e servizi runit
- `turnstile` per servizi utente agganciati alla sessione, incluso `emacs` come server per `emacsclient`
- `ssh-agent` come servizio runit utente always-on con socket stabile condiviso tra shell, SSH ed Emacs
- `ollama` installato da tarball upstream e gestito come servizio runit utente always-on, con `Codex CLI` installato globalmente via npm
+- `turnstile` per i servizi utente, inclusi `emacs`, `ssh-agent` e `ollama`
+- `ssh-agent` con socket stabile condiviso tra shell, SSH ed Emacs in `~/.local/state/ssh-agent/socket`
+- `ollama` installato da tarball upstream e gestito come servizio utente `turnstile`, con `Codex CLI` installato globalmente via npm
 - Flatpak con remoto Flathub
 - GNOME Keyring e bootstrap della posta via script dedicato
 - `Waybar` separata per compositor (`config-sway.jsonc` e `config-hyprland.jsonc`) con `style.css` condiviso
--- a/ansible/roles/services_runit/tasks/main.yml
+++ b/ansible/roles/services_runit/tasks/main.yml
@@ -14,107 +14,3 @@
    dest: "/var/service/{{ item }}"
    state: link
  loop: "{{ host_enabled_services | default([]) }}"
-
- name: Define per-user runit services
-  tags: [services, packages]
-  ansible.builtin.set_fact:
-    per_user_runit_services:
-      - name: ollama
-        template: ollama.run.j2
-        state_dirs: []
-      - name: ssh-agent
-        template: ssh-agent.run.j2
-        state_dirs:
-          - path: "{{ user_home }}/.local/state/ssh-agent"
-            mode: "0700"
-
- name: Ensure per-user runit directories exist
-  tags: [services, packages]
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: directory
-    owner: "{{ username }}"
-    group: "{{ user_group }}"
-    mode: "{{ item.mode }}"
-  loop:
-    - path: "{{ user_home }}/.local/runit"
-      mode: "0755"
-    - path: "{{ user_home }}/.local/runit/current"
-      mode: "0755"
-    - path: "{{ user_home }}/.local/runit/sv"
-      mode: "0755"
-    - path: "{{ user_home }}/.local/state"
-      mode: "0755"
-
- name: Ensure per-user runit service directories exist
-  tags: [services, packages]
-  ansible.builtin.file:
-    path: "{{ user_home }}/.local/runit/sv/{{ item.name }}"
-    state: directory
-    owner: "{{ username }}"
-    group: "{{ user_group }}"
-    mode: "0755"
-  loop: "{{ per_user_runit_services }}"
-  loop_control:
-    label: "{{ item.name }}"
-
- name: Ensure per-user runit service state directories exist
-  tags: [services, packages]
-  ansible.builtin.file:
-    path: "{{ item.1.path }}"
-    state: directory
-    owner: "{{ username }}"
-    group: "{{ user_group }}"
-    mode: "{{ item.1.mode }}"
-  loop: "{{ per_user_runit_services | subelements('state_dirs', skip_missing=True) }}"
-  loop_control:
-    label: "{{ item.1.path }}"
-
- name: Render per-user runit services
-  tags: [services, packages]
-  ansible.builtin.template:
-    src: "{{ item.template }}"
-    dest: "{{ user_home }}/.local/runit/sv/{{ item.name }}/run"
-    owner: "{{ username }}"
-    group: "{{ user_group }}"
-    mode: "0755"
-  loop: "{{ per_user_runit_services }}"
-  loop_control:
-    label: "{{ item.name }}"
-
- name: Enable per-user runit services
-  tags: [services, packages]
-  ansible.builtin.file:
-    src: "../sv/{{ item.name }}"
-    dest: "{{ user_home }}/.local/runit/current/{{ item.name }}"
-    state: link
-    owner: "{{ username }}"
-    group: "{{ user_group }}"
-  loop: "{{ per_user_runit_services }}"
-  loop_control:
-    label: "{{ item.name }}"
-
- name: Ensure per-user runsvdir service directory exists
-  tags: [services, packages]
-  ansible.builtin.file:
-    path: "/etc/sv/runsvdir-{{ username }}"
-    state: directory
-    owner: root
-    group: root
-    mode: "0755"
-
- name: Render per-user runsvdir system service
-  tags: [services, packages]
-  ansible.builtin.template:
-    src: runsvdir-user.run.j2
-    dest: "/etc/sv/runsvdir-{{ username }}/run"
-    owner: root
-    group: root
-    mode: "0755"
-
- name: Enable per-user runsvdir system service
-  tags: [services, packages]
-  ansible.builtin.file:
-    src: "/etc/sv/runsvdir-{{ username }}"
-    dest: "/var/service/runsvdir-{{ username }}"
-    state: link
--- a/ansible/roles/services_runit/templates/ollama.run.j2
+++ b/ansible/roles/services_runit/templates/ollama.run.j2
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-exec /usr/local/bin/ollama serve
--- a/ansible/roles/services_runit/templates/runsvdir-user.run.j2
+++ b/ansible/roles/services_runit/templates/runsvdir-user.run.j2
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-export USER="{{ username }}"
-export HOME="{{ user_home }}"
-
-groups="$(id -Gn "$USER" | tr ' ' ':')"
-svdir="$HOME/.local/runit/current"
-
-exec chpst -u "$USER:$groups" runsvdir "$svdir"
--- a/ansible/roles/services_runit/templates/ssh-agent.run.j2
+++ b/ansible/roles/services_runit/templates/ssh-agent.run.j2
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-sockdir="{{ user_home }}/.local/state/ssh-agent"
-sockpath="$sockdir/socket"
-
-mkdir -p "$sockdir"
-rm -f "$sockpath"
-
-exec ssh-agent -D -a "$sockpath"
--- a/dotfiles/desktop/.bashrc.d/15-runit-desktop.sh
+++ b/dotfiles/desktop/.bashrc.d/15-runit-desktop.sh
@@ -1,2 +1,2 @@
-export SVDIR="$HOME/.local/runit/current"
+export SVDIR="$HOME/.config/service"
 export SSH_AUTH_SOCK="$HOME/.local/state/ssh-agent/socket"
--- a/dotfiles/desktop/.bashrc.d/16-vsv-wrappers.sh
+++ b/dotfiles/desktop/.bashrc.d/16-vsv-wrappers.sh
@@ -1,65 +0,0 @@
-vsvu() {
-  command vsv -d "$HOME/.local/runit/current" "$@"
-}
-
-vsvs() {
-  command vsv -d "$HOME/.config/service" "$@"
-}
-
-vsvc() {
-  local user_svdir session_svdir cmd service user_path session_path
-
-  user_svdir="$HOME/.local/runit/current"
-  session_svdir="$HOME/.config/service"
-
-  if ! command -v vsv >/dev/null 2>&1; then
-    printf '%s\n' "vsv is not installed or not in PATH" >&2
-    return 127
-  fi
-
-  if [ "$#" -eq 0 ] || { [ "$1" = "status" ] && [ "$#" -eq 1 ]; }; then
-    printf '%s\n' "== Always-on services =="
-    if [ -d "$user_svdir" ]; then
-      command vsv -d "$user_svdir" status
-    else
-      printf '%s\n' "missing: $user_svdir" >&2
-    fi
-
-    printf '\n%s\n' "== Session services =="
-    if [ -d "$session_svdir" ]; then
-      command vsv -d "$session_svdir" status
-    else
-      printf '%s\n' "missing: $session_svdir" >&2
-    fi
-    return
-  fi
-
-  cmd="$1"
-  service="$2"
-
-  if [ -z "$service" ]; then
-    printf '%s\n' "usage: vsvc [status [service] | <command> <service>]" >&2
-    return 2
-  fi
-
-  user_path="$user_svdir/$service"
-  session_path="$session_svdir/$service"
-
-  if [ -e "$user_path" ] && [ -e "$session_path" ]; then
-    printf '%s\n' "service '$service' exists in both trees; use vsvu or vsvs explicitly" >&2
-    return 2
-  fi
-
-  if [ -e "$user_path" ]; then
-    command vsv -d "$user_svdir" "$@"
-    return
-  fi
-
-  if [ -e "$session_path" ]; then
-    command vsv -d "$session_svdir" "$@"
-    return
-  fi
-
-  printf '%s\n' "service '$service' not found in $user_svdir or $session_svdir" >&2
-  return 1
-}
--- a/dotfiles/desktop/.config/service/ollama/run
+++ b/dotfiles/desktop/.config/service/ollama/run
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -eu
+
+if [ -n "${TURNSTILE_ENV_DIR:-}" ]; then
+  exec chpst -e "$TURNSTILE_ENV_DIR" /usr/local/bin/ollama serve
+fi
+
+exec /usr/local/bin/ollama serve
--- a/dotfiles/desktop/.config/service/ssh-agent/run
+++ b/dotfiles/desktop/.config/service/ssh-agent/run
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -eu
+
+sockdir="$HOME/.local/state/ssh-agent"
+sockpath="$sockdir/socket"
+
+mkdir -p "$sockdir"
+rm -f "$sockpath"
+
+if [ -n "${TURNSTILE_ENV_DIR:-}" ]; then
+  exec chpst -e "$TURNSTILE_ENV_DIR" ssh-agent -D -a "$sockpath"
+fi
+
+exec ssh-agent -D -a "$sockpath"