diff --git a/src/vnc.yml b/src/vnc.yml index b0a7757..b9c161b 100644 --- a/src/vnc.yml +++ b/src/vnc.yml @@ -23,6 +23,50 @@ groups: - wheel name: "{{ username }}" + - name: >- + Enable and start the user-mode systemd service that creates + the file share symlink for the vnc user + block: + - name: Start and enable systemd-logind + service: + enabled: yes + name: systemd-logind + state: started + # This causes the vnc user's user-specific systemd session to + # start on boot instead of only when that user logs in. We + # need the vnc user's session to be active so we can enable + # the user-mode systemd service, so we use the trick of + # enabling linger for the user, enabling the user-mode + # service, then disabling linger for the user. + - name: Enable linger for vnc user + ansible.builtin.command: + argv: + - /bin/loginctl + - enable-linger + - "{{ username }}" + - name: >- + Enable the user-mode systemd service that creates the file + share symlink for the vnc user + ansible.builtin.systemd: + daemon_reload: yes + enabled: yes + name: create-fileshare-symlink + scope: user + become_user: "{{ username }}" + vars: + # This is necessary to get around the difficult case where + # you ssh into a machine as an unprivileged user _and_ + # become an unprivileged user: + # https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user + ansible_ssh_pipelining: yes + # Now that the user-mode service has been enabled we can + # disable linger for the vnc user. + - name: Disable linger for vnc user + ansible.builtin.command: + argv: + - /bin/loginctl + - disable-linger + - "{{ username }}" vars: # The username, password, and ssh keys for the VNC user username: "{{ lookup('aws_ssm', '/vnc/username') }}"