From 9731358039cbd6b872d76a144ea0c4b01e7ed8e2 Mon Sep 17 00:00:00 2001 From: Arctic Ice Studio Date: Wed, 15 Nov 2017 11:02:58 +0100 Subject: [PATCH] Add new systemd user unit services This commit for the new "systemd" (1) snowblock includes user service (2) units (3) to 1. automount the "sync" gocryptfs (4) volume located in the Dropbox (5) folder receiving the password stored in the GNOME Keyring (6) via the "secret-tool" ("libsecret" (7)). 2. automatically run a instance of the "ssh-agent" (8) using the "$SSH_AUTH_SOCK" and let systemd manage the "$SSH_AGENT_PID env. >>> snowsaw core plugin configuration >>>> clean The target path "~/.config/systemd/user" is cleaned before the "link" core plugin execution. >>>> link The target paths "~/.config/systemd/user" for all unit files will be created by snowsaw if they doesn't exist yet. The "igloosync-dropbox.service" unit file will be linked for the "archbook" and "igloo" hosts while the "ssh-agent.service" file is linked by default. References: (1) https://wiki.archlinux.org/index.php/Systemd (2) https://www.freedesktop.org/software/systemd/man/systemd.service.html (3) https://www.freedesktop.org/software/systemd/man/systemd.unit.html (4) https://github.com/rfjakob/gocryptfs (5) https://www.dropbox.com (6) https://wiki.archlinux.org/index.php/GNOME/Keyring (7) https://wiki.gnome.org/Projects/Libsecret (8) https://wiki.archlinux.org/index.php/SSH_keys#ssh-agent GH-58 --- snowblocks/systemd/README.md | 32 +++++++++++++++++++ snowblocks/systemd/snowblock.json | 20 ++++++++++++ .../units/user/igloosync-dropbox.service | 12 +++++++ .../systemd/units/user/ssh-agent.service | 10 ++++++ 4 files changed, 74 insertions(+) create mode 100644 snowblocks/systemd/README.md create mode 100644 snowblocks/systemd/snowblock.json create mode 100644 snowblocks/systemd/units/user/igloosync-dropbox.service create mode 100644 snowblocks/systemd/units/user/ssh-agent.service diff --git a/snowblocks/systemd/README.md b/snowblocks/systemd/README.md new file mode 100644 index 0000000..25a641b --- /dev/null +++ b/snowblocks/systemd/README.md @@ -0,0 +1,32 @@ +* [Units](#units) + * [Services](#services) + * [igloosync-dropbox](#igloosync-dropbox) + +# Units + +## Services + +### igloosync-dropbox + +> The [gocryptfs][gocryptfs-gh] password **must be stored in the** [GNOME Keyring][archwiki-keyring] **before enabling this user service** in order to receive the value from the [`secret-tool`][gnome-libsecret]! + +The stored password must be assigned with the following attribute-value pair: + +* attribute: `igloosync` +* value: `dropbox` + +To store the password run + +```sh +secret-tool store --label="igloosync-dropbox" igloosync dropbox +``` + +The password can be received from the `secret-tool` by running + +```sh +secret-tool lookup igloosync dropbox +``` + +[archwiki-keyring]: https://wiki.archlinux.org/index.php/GNOME/Keyring +[gnome-libsecret]: https://wiki.gnome.org/Projects/Libsecret +[gocryptfs-gh]: https://github.com/rfjakob/gocryptfs diff --git a/snowblocks/systemd/snowblock.json b/snowblocks/systemd/snowblock.json new file mode 100644 index 0000000..3aef248 --- /dev/null +++ b/snowblocks/systemd/snowblock.json @@ -0,0 +1,20 @@ +[ + { + "clean": ["~/.config/systemd/user"] + }, + { + "link": { + "~/.config/systemd/user/igloosync-dropbox.service": { + "create": true, + "hosts": { + "archbook": "units/user/igloosync-dropbox.service", + "igloo": "units/user/igloosync-dropbox.service" + } + }, + "~/.config/systemd/user/ssh-agent.service": { + "create": true, + "path": "units/user/ssh-agent.service" + } + } + } +] diff --git a/snowblocks/systemd/units/user/igloosync-dropbox.service b/snowblocks/systemd/units/user/igloosync-dropbox.service new file mode 100644 index 0000000..1b3a7ba --- /dev/null +++ b/snowblocks/systemd/units/user/igloosync-dropbox.service @@ -0,0 +1,12 @@ +[Unit] +Description=Dropbox Synchronization (igloosync-dropbox) +After=network.target local-fs.target + +[Service] +Type=forking +ExecStart=/usr/bin/gocryptfs -allow_other -extpass="secret-tool lookup igloosync dropbox" %h/cloud/.dropbox/Dropbox/sync %h/cloud/dropbox +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=default.target diff --git a/snowblocks/systemd/units/user/ssh-agent.service b/snowblocks/systemd/units/user/ssh-agent.service new file mode 100644 index 0000000..161b15a --- /dev/null +++ b/snowblocks/systemd/units/user/ssh-agent.service @@ -0,0 +1,10 @@ +[Unit] +Description=SSH Key Agent + +[Service] +Type=forking +Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket +ExecStart=/usr/bin/ssh-agent -a $SSH_AUTH_SOCK + +[Install] +WantedBy=default.target