diff --git a/config/shell/zshrc b/config/shell/zshrc index b6ee4c0..a68f260 100755 --- a/config/shell/zshrc +++ b/config/shell/zshrc @@ -22,6 +22,10 @@ fi # ---- PATH setup ---- export PATH=$HOME/bin:$HOME/.local/bin:/usr/local/bin:$PATH +# ---- SSH agent socket ---- +# Match the socket used by ssh-agent.socket (OpenSSH), not GCR/gnome-keyring. +export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.sock" + # ---- Oh My Zsh ---- export ZSH="$HOME/.oh-my-zsh" ZSH_THEME="powerlevel10k/powerlevel10k" @@ -73,3 +77,7 @@ if [ -n "${BW_SESSION:-}" ]; then "export " + (.name | gsub(" "; "_")) + "=" + (.value | @sh) ' 2>/dev/null)" 2>/dev/null fi + +# Signal porridge daemon to reload config (picks up newly loaded env vars) +_pidfile="$HOME/.local/state/porridge/daemon.pid" +[[ -f "$_pidfile" ]] && kill -HUP "$(cat "$_pidfile")" 2>/dev/null || true diff --git a/config/systemd/bw-ssh-keys.service b/config/systemd/bw-ssh-keys.service index a974eaa..a66c917 100755 --- a/config/systemd/bw-ssh-keys.service +++ b/config/systemd/bw-ssh-keys.service @@ -1,11 +1,14 @@ [Unit] Description=Load Bitwarden SSH keys into ssh-agent -After=graphical-session.target -Wants=graphical-session.target +# Use ssh-agent.service (OpenSSH) instead of GCR/gnome-keyring SSH agent +# to avoid conflicts — keys are loaded into the socket the terminal sees. +After=ssh-agent.service +Wants=ssh-agent.service [Service] Type=oneshot Environment=PATH=%h/.local/bin:/usr/local/bin:/usr/bin:/bin +Environment=SSH_AUTH_SOCK=%t/ssh-agent.sock ExecStart=%h/.local/bin/bw-load-ssh.sh RemainAfterExit=yes Restart=on-failure diff --git a/stages/08-systemd.sh b/stages/08-systemd.sh index 75ce727..27971a7 100755 --- a/stages/08-systemd.sh +++ b/stages/08-systemd.sh @@ -3,12 +3,12 @@ # Stage 08: User Systemd Services # Deploys and enables Julian's custom user systemd services. # =========================================================================== -# On the Pop machine, Julian runs several custom services: +# Custom user services: # - porridge.service : Zoom meeting transcriber daemon # - porridge-dictate.service : Push-to-talk transcription # - pi-overview.service : Session dashboard on port 3000 -# - bw-ssh-keys.service : Load Bitwarden SSH keys at boot # - mempi-sync.service : Sync memory DB to Nextcloud +# - bw-ssh-keys.service : Load Bitwarden SSH keys into ssh-agent # - empty_downloads.service : Clear Downloads folder at login # =========================================================================== @@ -18,6 +18,27 @@ UNIT_DIR="$HOME/.config/systemd/user" mkdir -p "$UNIT_DIR" +# =========================================================================== +# 0. SSH Agent setup — ensure OpenSSH ssh-agent is the active agent +# =========================================================================== +# Enable ssh-agent.socket and disable/mask the GCR SSH agent so that +# bw-ssh-keys.service (below) loads keys into the same agent the user's +# terminal sees. Must run BEFORE enabling bw-ssh-keys.service. +if [ "$DISTRO_FAMILY" = "fedora" ]; then + info "Setting up OpenSSH ssh-agent..." + + systemctl --user enable --now ssh-agent.socket 2>/dev/null && \ + ok "ssh-agent.socket enabled." || \ + warn "ssh-agent.socket not available." + + if systemctl --user list-unit-files gcr-ssh-agent.service &>/dev/null 2>&1; then + systemctl --user disable --now gcr-ssh-agent.socket gcr-ssh-agent.service 2>/dev/null || true + systemctl --user mask --now gcr-ssh-agent.socket gcr-ssh-agent.service 2>/dev/null && \ + ok "gcr-ssh-agent disabled (masked)." || \ + warn "Could not mask gcr-ssh-agent." + fi +fi + info "Deploying user systemd services..." # ---- Helper: install service file ---- @@ -41,12 +62,12 @@ install_service_file "$SERVICES_DIR/porridge-dictate.service" "porridge-dictate. # ---- 3. pi-overview.service — Session dashboard ---- install_service_file "$SERVICES_DIR/pi-overview.service" "pi-overview.service" -# ---- 4. bw-ssh-keys.service — Load Bitwarden SSH keys at boot ---- -install_service_file "$SERVICES_DIR/bw-ssh-keys.service" "bw-ssh-keys.service" - -# ---- 5. mempi-sync.service + timer — Sync memory DB to Nextcloud ---- +# ---- 4. mempi-sync.service + timer — Sync memory DB to Nextcloud ---- install_service_file "$SERVICES_DIR/mempi-sync.service" "mempi-sync.service" +# ---- 5. bw-ssh-keys.service — Load Bitwarden SSH keys into ssh-agent ---- +install_service_file "$SERVICES_DIR/bw-ssh-keys.service" "bw-ssh-keys.service" + # ---- 6. empty_downloads.service — Clear Downloads at login ---- install_service_file "$SERVICES_DIR/empty_downloads.service" "empty_downloads.service" @@ -56,9 +77,6 @@ info "Enabling and starting services..." # Services that should start automatically (enabled) systemctl --user daemon-reload -# Check which scripts from stages 06 and 07 are available before enabling services. -# This avoids failures when running stages out of order. - if [ -x "$HOME/.local/bin/porridge" ]; then systemctl --user enable --now porridge.service 2>/dev/null && ok "porridge.service enabled" else @@ -80,7 +98,7 @@ fi if [ -f "$HOME/.local/bin/bw-load-ssh.sh" ]; then systemctl --user enable bw-ssh-keys.service 2>/dev/null && ok "bw-ssh-keys.service enabled" else - warn "bw-ssh-keys.service skipped (script not found — run stage 06 first)." + warn "bw-ssh-keys.service skipped (bw-load-ssh.sh not found — run stage 06 first)." fi systemctl --user enable --now empty_downloads.service 2>/dev/null && ok "empty_downloads.service enabled" || warn "empty_downloads.service not started." diff --git a/stages/09-desktop.sh b/stages/09-desktop.sh index 998d538..ee6a3b8 100755 --- a/stages/09-desktop.sh +++ b/stages/09-desktop.sh @@ -168,7 +168,7 @@ autostart_app() { fi } -# Apps to autostart at login +# Apps to autostart at login (from system .desktop files) autostart_app "firefox" "org.mozilla.firefox.desktop" autostart_app "ghostty" "com.mitchellh.ghostty.desktop" autostart_app "nextcloud" "com.nextcloud.desktopclient.nextcloud.desktop" diff --git a/stages/11-tweaks.sh b/stages/11-tweaks.sh index 8d714d9..4ddb5ba 100755 --- a/stages/11-tweaks.sh +++ b/stages/11-tweaks.sh @@ -41,5 +41,4 @@ EOF fi $SERVICE_ENABLE powertop 2>/dev/null && ok "PowerTOP auto-tune enabled." || true fi - ok "Stage 11 complete: system tweaks applied."