julianprester/linux-provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SSH agent and systemd service race conditions

Browse Source 
- bw-ssh-keys.service: use ssh-agent.service, add SSH_AUTH_SOCK env
- Stage 08: enable ssh-agent.socket, mask gcr-ssh-agent before services
- Stage 11: remove SSH agent section (moved to stage 08 for ordering)
- Stage 09: remove stale bw-load-ssh autostart config
- .zshrc: export SSH_AUTH_SOCK to match OpenSSH agent socket
- Remove config/autostart/ (no longer needed)
- porridge daemon: no longer exits on missing API key;
  add SIGHUP handler for live config reload
This commit is contained in:
Julian Prester
2026-06-08 20:53:38 +10:00
parent 1cc2a52a17
commit 1eecb796c0
5 changed files with 41 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
stages/08-systemd.sh
View File

@@ -7,9 +7,11 @@
# - porridge.service : Zoom meeting transcriber daemon
# - porridge-dictate.service : Push-to-talk transcription
# - pi-overview.service : Session dashboard on port 3000
# - bw-ssh-keys.service : Load Bitwarden SSH keys at boot
# - mempi-sync.service : Sync memory DB to Nextcloud
# - empty_downloads.service : Clear Downloads folder at login
#
# bw-ssh-keys.service uses ssh-agent.service (OpenSSH) to avoid
# agent socket conflicts at login.
# ===========================================================================
CONFIG_DIR="${SCRIPT_DIR:-$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)}/config"
@@ -18,6 +20,27 @@ UNIT_DIR="$HOME/.config/systemd/user"
mkdir -p "$UNIT_DIR"
# ===========================================================================
# 0. SSH Agent setup — ensure OpenSSH ssh-agent is the active agent
# ===========================================================================
# Enable ssh-agent.socket and disable/mask the GCR SSH agent so that
# bw-ssh-keys.service (below) loads keys into the same agent the user's
# terminal sees. Must run BEFORE enabling bw-ssh-keys.service.
if [ "$DISTRO_FAMILY" = "fedora" ]; then
info "Setting up OpenSSH ssh-agent..."
systemctl --user enable --now ssh-agent.socket 2>/dev/null && \
ok "ssh-agent.socket enabled." || \
warn "ssh-agent.socket not available."
if systemctl --user list-unit-files gcr-ssh-agent.service &>/dev/null 2>&1; then
systemctl --user disable --now gcr-ssh-agent.socket gcr-ssh-agent.service 2>/dev/null || true
systemctl --user mask --now gcr-ssh-agent.socket gcr-ssh-agent.service 2>/dev/null && \
ok "gcr-ssh-agent disabled (masked)." || \
warn "Could not mask gcr-ssh-agent."
fi
fi
info "Deploying user systemd services..."
# ---- Helper: install service file ----
@@ -41,13 +64,10 @@ install_service_file "$SERVICES_DIR/porridge-dictate.service" "porridge-dictate.
# ---- 3. pi-overview.service — Session dashboard ----
install_service_file "$SERVICES_DIR/pi-overview.service" "pi-overview.service"
# ---- 4. bw-ssh-keys.service — Load Bitwarden SSH keys at boot ----
install_service_file "$SERVICES_DIR/bw-ssh-keys.service" "bw-ssh-keys.service"
# ---- 5. mempi-sync.service + timer — Sync memory DB to Nextcloud ----
# ---- 4. mempi-sync.service + timer — Sync memory DB to Nextcloud ----
install_service_file "$SERVICES_DIR/mempi-sync.service" "mempi-sync.service"
# ---- 6. empty_downloads.service — Clear Downloads at login ----
# ---- 5. empty_downloads.service — Clear Downloads at login ----
install_service_file "$SERVICES_DIR/empty_downloads.service" "empty_downloads.service"
# ---- Enable and start services ----
@@ -56,9 +76,6 @@ info "Enabling and starting services..."
# Services that should start automatically (enabled)
systemctl --user daemon-reload
# Check which scripts from stages 06 and 07 are available before enabling services.
# This avoids failures when running stages out of order.
if [ -x "$HOME/.local/bin/porridge" ]; then
systemctl --user enable --now porridge.service 2>/dev/null && ok "porridge.service enabled"
else
@@ -77,16 +94,10 @@ else
warn "pi-overview.service skipped (binary not found — run stage 07 first)."
fi
if [ -f "$HOME/.local/bin/bw-load-ssh.sh" ]; then
systemctl --user enable bw-ssh-keys.service 2>/dev/null && ok "bw-ssh-keys.service enabled"
else
warn "bw-ssh-keys.service skipped (script not found — run stage 06 first)."
fi
systemctl --user enable --now empty_downloads.service 2>/dev/null && ok "empty_downloads.service enabled" || warn "empty_downloads.service not started."
info "===== Service Status ====="
systemctl --user list-units --type=service --state=running 2>/dev/null | grep -E "(porridge|swayidle|pi-overview|mempi|bw-ssh|empty)" || true
systemctl --user list-units --type=service --state=running 2>/dev/null | grep -E "(porridge|swayidle|pi-overview|mempi|empty)" || true
ok "Stage 08 complete: user systemd services deployed."