Add new systemd user unit services

This commit for the new "systemd" (1) snowblock includes user service (2) units (3) to 1. automount the "sync" gocryptfs (4) volume located in the Dropbox (5) folder receiving the password stored in the GNOME Keyring (6) via the "secret-tool" ("libsecret" (7)). 2. automatically run a instance of the "ssh-agent" (8) using the "$SSH_AUTH_SOCK" and let systemd manage the "$SSH_AGENT_PID env. >>> snowsaw core plugin configuration >>>> clean The target path "~/.config/systemd/user" is cleaned before the "link" core plugin execution. >>>> link The target paths "~/.config/systemd/user" for all unit files will be created by snowsaw if they doesn't exist yet. The "igloosync-dropbox.service" unit file will be linked for the "archbook" and "igloo" hosts while the "ssh-agent.service" file is linked by default. References: (1) https://wiki.archlinux.org/index.php/Systemd (2) https://www.freedesktop.org/software/systemd/man/systemd.service.html (3) https://www.freedesktop.org/software/systemd/man/systemd.unit.html (4) https://github.com/rfjakob/gocryptfs (5) https://www.dropbox.com (6) https://wiki.archlinux.org/index.php/GNOME/Keyring (7) https://wiki.gnome.org/Projects/Libsecret (8) https://wiki.archlinux.org/index.php/SSH_keys#ssh-agent GH-58
arcticicestudio · Nov 15, 2017 · 9731358 · 9731358
1 parent 880b3fa
commit 9731358
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 0 deletions.
diff --git a/snowblocks/systemd/README.md b/snowblocks/systemd/README.md
@@ -0,0 +1,32 @@
+* [Units](#units)
+  * [Services](#services)
+    * [igloosync-dropbox](#igloosync-dropbox)
+
+# Units
+
+## Services
+
+### igloosync-dropbox
+
+> The [gocryptfs][gocryptfs-gh] password **must be stored in the** [GNOME Keyring][archwiki-keyring] **before enabling this user service** in order to receive the value from the [`secret-tool`][gnome-libsecret]!
+
+The stored password must be assigned with the following attribute-value pair:
+
+* attribute: `igloosync`
+* value: `dropbox`
+
+To store the password run
+
+```sh
+secret-tool store --label="igloosync-dropbox" igloosync dropbox
+```
+
+The password can be received from the `secret-tool` by running
+
+```sh
+secret-tool lookup igloosync dropbox
+```
+
+[archwiki-keyring]: https://wiki.archlinux.org/index.php/GNOME/Keyring
+[gnome-libsecret]: https://wiki.gnome.org/Projects/Libsecret
+[gocryptfs-gh]: https://github.com/rfjakob/gocryptfs
diff --git a/snowblocks/systemd/snowblock.json b/snowblocks/systemd/snowblock.json
@@ -0,0 +1,20 @@
+[
+  {
+    "clean": ["~/.config/systemd/user"]
+  },
+  {
+    "link": {
+      "~/.config/systemd/user/igloosync-dropbox.service": {
+        "create": true,
+        "hosts": {
+          "archbook": "units/user/igloosync-dropbox.service",
+          "igloo": "units/user/igloosync-dropbox.service"
+        }
+      },
+      "~/.config/systemd/user/ssh-agent.service": {
+        "create": true,
+        "path": "units/user/ssh-agent.service"
+      }
+    }
+  }
+]
diff --git a/snowblocks/systemd/units/user/igloosync-dropbox.service b/snowblocks/systemd/units/user/igloosync-dropbox.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Dropbox Synchronization (igloosync-dropbox)
+After=network.target local-fs.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/gocryptfs -allow_other -extpass="secret-tool lookup igloosync dropbox" %h/cloud/.dropbox/Dropbox/sync %h/cloud/dropbox
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=default.target
diff --git a/snowblocks/systemd/units/user/ssh-agent.service b/snowblocks/systemd/units/user/ssh-agent.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=SSH Key Agent
+
+[Service]
+Type=forking
+Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
+ExecStart=/usr/bin/ssh-agent -a $SSH_AUTH_SOCK
+
+[Install]
+WantedBy=default.target