Parametrize user svscan definition, support UID-based /run/user directories, factor out cgroups code. - carbon-config

commit b6a9397e432d3d1779a0a20f1a311fa88eab76b4
parent e44d45de2bd2c764be31e3b085874c1da16947a2
Author: Jan Pobrislo <ccx@webprojekty.cz>
Date:   Wed, 12 Oct 2022 19:25:30 +0200

Parametrize user svscan definition, support UID-based /run/user directories, factor out cgroups code.

Diffstat:
M config.aat  | 5 +++++
M s6-rc.aat  | 274 +++++++++++++++++++------------------------------------------------------------
M s6-rc.fileset  | 271 +++++++++++++++++++++++++++++++++++++++++++++++++++----------------------------

3 files changed, 247 insertions(+), 303 deletions(-)
diff --git a/config.aat b/config.aat
@@ -51,4 +51,9 @@ iface	spec
 |#eth0	default via 10.70.145.129
 ]
 
+user_svscan=[
+id	name
+1000	ccx
+]
+
 |}
diff --git a/s6-rc.aat b/s6-rc.aat
@@ -1,5 +1,6 @@
 @include common.aat
 |function service(name, type, deps) {
+|gsub("[ \t]+", "\n", deps)  # Allow whitespace-separated dependencies for readability
 /{{name}}	d	m755
 /{{name}}/type	cN	{{type}}	m644
 /{{name}}/{{ type == "bundle" ? "contents" : "dependencies" }}{{ deps?C(deps)"m644":"\tr\t" }}
@@ -16,24 +17,32 @@
 |function longrun(name, deps) {
 |	return service(name, "longrun", deps)
 |}
-|function longrun_with_logger(name, deps) {
-|	longrun(name "-log", "mount-run-cgroup2\nrootfs")
-/{{name}}-log/consumer-for	cN	{{name}}	m640
-/{{name}}-log/run
+|function runscript_el_cgroup2(svc_name) {
+/{{svc_name}}/run
 CN	#!/command/execlineb -P
 	getpid SERVICE_PID
 	foreground {
 		importas -i SERVICE_PID SERVICE_PID
 		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/{{name}}-log }
-		redirfd -w 1 /run/cgroup2/s6-rc/{{name}}-log/cgroup.procs
+		if { mkdir -p /run/cgroup2/s6-rc/{{svc_name}} }
+		redirfd -w 1 /run/cgroup2/s6-rc/{{svc_name}}/cgroup.procs
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
+|}
+|function runscript_simple(svc_name, cmd) {
+|runscript_el_cgroup2(svc_name)
+	fdmove -c 2 1
+	{{cmd}}
+m755
+|}
+|function longrun_with_logger(name, deps) {
+|	longrun(name "-log", "mount-run-cgroup2\nrootfs")
+/{{name}}-log/consumer-for	cN	{{name}}	m640
+|runscript_el_cgroup2(name "-log")
 	if { mkdir -p /var/log/{{name}} }
 	s6-log -b -- n10 s10240000 t /var/log/{{name}}
-m750
+m755
 |	longrun(name, deps)
 /{{name}}/producer-for	cN	{{name}}-log	m640
 |}
@@ -46,7 +55,11 @@ m750
 |function add_to_bundle(bundle_name, svc_name) {
 |	if(already_in_bundle[bundle_name,svc_name]) { return }
 |	already_in_bundle[bundle_name,svc_name] = 1
-|	bundles[bundle_name] = bundles[bundle_name] svc_name "\n"
+|	if(bundles[bundle_name]) {
+|		bundles[bundle_name] = bundles[bundle_name] "\n" svc_name
+|	} else {
+|		bundles[bundle_name] = svc_name
+|	}
 |}
 |function print_bundles(    bundle_name) {
 |	for(bundle_name in bundles) {
@@ -111,50 +124,12 @@ m755
 @endfor
 
 |add_to_bundle("net-all", "dhcpcd")
-/dhcpcd	d	m755
-/dhcpcd/type	cN	longrun	m644
-/dhcpcd/dependencies
-CN	modules
-	ok-mount
-	ok-sysinit
-m644
-/dhcpcd/run
-CN	#!/command/execlineb -P
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/dhcpcd }
-		redirfd -w 1 /run/cgroup2/s6-rc/dhcpcd/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
-	
-	dhcpcd --nobackground
-m755
+|longrun_with_logger("dhcpcd", "modules ok-mount ok-sysinit")
+|runscript_simple("dhcpcd", "dhcpcd --nobackground")
 
 |add_to_bundle("net-all", "unbound")
-/unbound	d	m755
-/unbound/type	cN	longrun	m644
-/unbound/dependencies
-CN	loopback
-	ok-mount
-	ok-sysinit
-m644
-/unbound/run
-CN	#!/command/execlineb -P
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/unbound }
-		redirfd -w 1 /run/cgroup2/s6-rc/unbound/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
-	
-	unbound -d
-m755
+|longrun_with_logger("unbound", "loopback ok-mount ok-sysinit")
+|runscript_simple("unbound", "unbound -ddp")
 
 |add_to_bundle("ok-all-but-tty", "hostname")
 /hostname	d	m755
@@ -171,22 +146,9 @@ m755
 
 |for(tty=1; tty<=(<getty_max>+0); tty++) {
 |add_to_bundle("gettys", "tty" tty)
-/tty{{tty}}	d	m755
-/tty{{tty}}/type	cN	longrun	m644
-/tty{{tty}}/dependencies	cN	ok-sysinit	m644
-/tty{{tty}}/run
-CN	#!/command/execlineb -P
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/tty{{tty}} }
-		redirfd -w 1 /run/cgroup2/s6-rc/tty{{tty}}/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
+|longrun("tty" tty, "ok-sysinit")
+|runscript_el_cgroup2("tty" tty)
 	foreground { /command/issue-gen }
-	
 	env LOGIN_TTY=/dev/tty{{tty}} /sbin/getty -l login-keepenv 38400 tty{{tty}} linux
 m755
 /tty{{tty}}/finish
@@ -255,25 +217,10 @@ C	#!/command/execlineb -P
 	mdevd -D 3 -f /current/conf/etc/mdevd.conf
 m755
 
-/udev	d	m755
-/udev/dependencies
-CN	mount-sys
-	mount-proc
-	mount-dev
+|longrun("udev", "mount-sys mount-proc mount-dev")
 m640
 /udev/notification-fd	cN	3	m640
-/udev/run
-CN	#!/command/execlineb -P
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/udev }
-		redirfd -w 1 /run/cgroup2/s6-rc/udev/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
-	
+|runscript_el_cgroup2("udev")
 	background {
 		sh -xc "until /sbin/udevadm settle --timeout=120; do sleep 0.5; done; echo >&3 settled"
 		#foreground { loopwhilex -x 0 if -nt { /sbin/udevadm settle --timeout=120 } foreground { sleep 0.1 } exit 1 }
@@ -283,7 +230,6 @@ CN	#!/command/execlineb -P
 	fdclose 3
 	/sbin/udevd
 m755
-/udev/type	cN	longrun	m640
 
 |add_to_bundle("ok-all-but-tty", "swapon-vg-swap")
 /swapon-vg-swap	d	m755
@@ -326,28 +272,8 @@ m644
 /.scripts	d	m755
 
 |add_to_bundle("ok-all-but-tty", "sshd")
-/sshd	d	m755
-/sshd/type	cN	longrun	m644
-/sshd/dependencies
-CN	ssh_host_ed25519_key
-	ssh_host_rsa_key
-	ok-sysinit
-m644
-/sshd/run
-CN	#!/command/execlineb -P
-	fdmove -c 2 1
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/sshd }
-		redirfd -w 1 /run/cgroup2/s6-rc/sshd/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
-	
-	/usr/sbin/sshd -D -f /etc/ssh/sshd_config
-m755
+|longrun_with_logger("sshd", "ssh_host_ed25519_key ssh_host_rsa_key ok-sysinit")
+|runscript_simple("sshd", "/usr/sbin/sshd -D -e -f /etc/ssh/sshd_config")
 
 /ssh_host_ed25519_key	d	m755
 /ssh_host_ed25519_key/type	cN	oneshot	m644
@@ -399,23 +325,8 @@ CN	sh -c "
 m640
 
 |add_to_bundle("ok-all-but-tty", "alsactl-rdaemon")
-/alsactl-rdaemon	d	m750
-/alsactl-rdaemon/dependencies	cN	alsa-devices	m640
-/alsactl-rdaemon/run
-CN	#!/command/execlineb -P
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/alsactl-rdaemon }
-		redirfd -w 1 /run/cgroup2/s6-rc/alsactl-rdaemon/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
-	
-	alsactl rdaemon
-m750
-/alsactl-rdaemon/type	cN	longrun	m640
+|longrun_with_logger("alsactl-rdaemon","alsa-devices")
+|runscript_simple("alsactl-rdaemon", "alsactl rdaemon")
 
 |add_to_bundle("ok-all-but-tty", "brightness")
 /brightness	d	m750
@@ -438,106 +349,53 @@ CN	export TERM "linux"
 	s6-svscanctl -a /run/service
 m644
 
-|add_to_bundle("ok-all-but-tty", "svscan-ccx")
-|longrun("svscan-ccx-log", "ok-sysinit\nrootfs")
-/svscan-ccx-log/consumer-for	cN	svscan-ccx	m640
-/svscan-ccx-log/run
-CN	#!/command/execlineb -P
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/svscan-ccx-log }
-		redirfd -w 1 /run/cgroup2/s6-rc/svscan-ccx-log/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
-	
-	if { mkdir -p /run/user/ccx.logs }
-	if { chown ccx: /run/user/ccx.logs }
-	if { chmod 700 /run/user/ccx.logs }
-	s6-setuidgid ccx
-	s6-log -- t /run/user/ccx.logs
-m750
-
-|longrun("svscan-ccx", "ok-sysinit\nrootfs")
-/svscan-ccx/notification-fd	cN	3
-m640
-/svscan-ccx/producer-for	cN	svscan-ccx-log	m640
-/svscan-ccx/run
-CN	#!/command/execlineb -P
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/svscan-ccx }
-		redirfd -w 1 /run/cgroup2/s6-rc/svscan-ccx/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
-	
-	if { mkdir -p /run/user/ccx }
-	if { chown ccx: /run/user/ccx }
-	if { chmod 700 /run/user/ccx }
-	s6-setuidgid ccx
-	if { mkdir -p /run/user/ccx/service }
-	s6-svscan -d 3 /run/user/ccx/service
-m750
+@for u in user_svscan
+|add_to_bundle("ok-all-but-tty", "svscan-"(<u.name>))
+|longrun("svscan-"(<u.name>)"-log", "ok-sysinit\nrootfs")
+/svscan-{<u.name>}-log/consumer-for	cN	svscan-{<u.name>}	m640
+|runscript_el_cgroup2("svscan-"(<u.name>)"-log")
+	if { mkdir -p /run/user/{<u.id>}.logs }
+	if { ln -sf /run/user/{<u.id>}.logs {<u.name>}.logs }
+	if { chown {<u.name>}: /run/user/{<u.id>}.logs }
+	if { chmod 700 /run/user/{<u.id>}.logs }
+	s6-setuidgid {<u.name>}
+	s6-log -- t /run/user/{<u.id>}.logs
+m755
+
+|longrun("svscan-"(<u.name>), "ok-sysinit\nrootfs")
+/svscan-{<u.name>}/notification-fd	cN	3
+m644
+/svscan-{<u.name>}/producer-for	cN	svscan-{<u.name>}-log	m640
+|runscript_el_cgroup2("svscan-"(<u.name>))
+	if { mkdir -p /run/user/{<u.id>} }
+	if { ln -sf /run/user/{<u.id>} {<u.name>} }
+	if { chown {<u.name>}: /run/user/{<u.id>} }
+	if { chmod 700 /run/user/{<u.id>} }
+	s6-setuidgid {<u.name>}
+	if { mkdir -p /run/user/{<u.id>}/service }
+	s6-svscan -d 3 /run/user/{<u.id>}/service
+m755
+@endfor
 
 |add_to_bundle("ok-all-but-tty", "syncthing")
 |longrun_with_logger("syncthing", "ok-mount")
-/syncthing/run
-CN	#!/command/execlineb -P
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/syncthing }
-		redirfd -w 1 /run/cgroup2/s6-rc/syncthing/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
-	
+|runscript_el_cgroup2("syncthing")
 	/usr/bin/env HOME=/var/lib/syncthing
 	s6-setuidgid syncthing
 	syncthing -logflags 0
-m750
+m755
 
 |add_to_bundle("ok-all-but-tty", "tinc.ccx")
 |longrun_with_logger("tinc.ccx", "net-all")
-/tinc.ccx/run
-CN	#!/command/execlineb -P
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/tinc.ccx }
-		redirfd -w 1 /run/cgroup2/s6-rc/tinc.ccx/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
-	
-	tincd -n ccx -D -d
-m750
+|runscript_simple("tinc.ccx", "tincd -n ccx -D -d")
 
 |add_to_bundle("net-all", "wpa_supplicant")
 |longrun_with_logger("wpa_supplicant", "modules\nok-sysinit")
-/wpa_supplicant/run
-CN	#!/command/execlineb -P
-	getpid SERVICE_PID
-	foreground {
-		importas -i SERVICE_PID SERVICE_PID
-		if { test -d /run/cgroup2 }
-		if { mkdir -p /run/cgroup2/s6-rc/wpa_supplicant }
-		redirfd -w 1 /run/cgroup2/s6-rc/wpa_supplicant/cgroup.procs
-		printf "%s" ${SERVICE_PID}
-	}
-	unexport SERVICE_PID
-	
+|runscript_el_cgroup2("wpa_supplicant")
 	/sbin/wpa_supplicant
 	-iwlan0
 	-c/etc/wpa_supplicant/wpa_supplicant.conf
-m750
+m755
 
 
 @for i in X_servers
diff --git a/s6-rc.fileset b/s6-rc.fileset
@@ -199,18 +199,6 @@ CN	# mount /dev/mapper/vg-containers_user on /mnt/volumes/containers/user
 	if { mkdir -p "/mnt/volumes/containers/user" }
 	if -n -t { mount -t "xfs" -o "remount,nosuid,noatime" "/dev/mapper/vg-containers_user" "/mnt/volumes/containers/user" }
 	mount -t "xfs" -o "nosuid,noatime" "/dev/mapper/vg-containers_user" "/mnt/volumes/containers/user"
-/mount-sysinit	d	m755
-/mount-sysinit/contents
-CN	mount-sys
-	mount-proc
-	mount-dev
-	mount-dev-pts
-	mount-dev-shm
-	mount-dev-mqueue
-	mount-run-cgroup2
-
-m644
-/mount-sysinit/type	cN	bundle	m644
 /ok-localmount	d	m755
 /ok-localmount/contents
 CN	rootfs
@@ -227,6 +215,18 @@ CN	rootfs
 
 m644
 /ok-localmount/type	cN	bundle	m644
+/mount-sysinit	d	m755
+/mount-sysinit/contents
+CN	mount-sys
+	mount-proc
+	mount-dev
+	mount-dev-pts
+	mount-dev-shm
+	mount-dev-mqueue
+	mount-run-cgroup2
+
+m644
+/mount-sysinit/type	cN	bundle	m644
 /	d	m755
 
 /ok-all	d	m755
@@ -252,13 +252,35 @@ m755
 
 
 
+/dhcpcd-log	d	m755
+/dhcpcd-log/type	cN	longrun	m644
+/dhcpcd-log/dependencies
+C	mount-run-cgroup2
+	rootfs
+m644
+/dhcpcd-log/consumer-for	cN	dhcpcd	m640
+/dhcpcd-log/run
+CN	#!/command/execlineb -P
+	getpid SERVICE_PID
+	foreground {
+		importas -i SERVICE_PID SERVICE_PID
+		if { test -d /run/cgroup2 }
+		if { mkdir -p /run/cgroup2/s6-rc/dhcpcd-log }
+		redirfd -w 1 /run/cgroup2/s6-rc/dhcpcd-log/cgroup.procs
+		printf "%s" ${SERVICE_PID}
+	}
+	unexport SERVICE_PID
+	if { mkdir -p /var/log/dhcpcd }
+	s6-log -b -- n10 s10240000 t /var/log/dhcpcd
+m755
 /dhcpcd	d	m755
 /dhcpcd/type	cN	longrun	m644
 /dhcpcd/dependencies
-CN	modules
+C	modules
 	ok-mount
 	ok-sysinit
 m644
+/dhcpcd/producer-for	cN	dhcpcd-log	m640
 /dhcpcd/run
 CN	#!/command/execlineb -P
 	getpid SERVICE_PID
@@ -270,17 +292,39 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
+	fdmove -c 2 1
 	dhcpcd --nobackground
 m755
 
+/unbound-log	d	m755
+/unbound-log/type	cN	longrun	m644
+/unbound-log/dependencies
+C	mount-run-cgroup2
+	rootfs
+m644
+/unbound-log/consumer-for	cN	unbound	m640
+/unbound-log/run
+CN	#!/command/execlineb -P
+	getpid SERVICE_PID
+	foreground {
+		importas -i SERVICE_PID SERVICE_PID
+		if { test -d /run/cgroup2 }
+		if { mkdir -p /run/cgroup2/s6-rc/unbound-log }
+		redirfd -w 1 /run/cgroup2/s6-rc/unbound-log/cgroup.procs
+		printf "%s" ${SERVICE_PID}
+	}
+	unexport SERVICE_PID
+	if { mkdir -p /var/log/unbound }
+	s6-log -b -- n10 s10240000 t /var/log/unbound
+m755
 /unbound	d	m755
 /unbound/type	cN	longrun	m644
 /unbound/dependencies
-CN	loopback
+C	loopback
 	ok-mount
 	ok-sysinit
 m644
+/unbound/producer-for	cN	unbound-log	m640
 /unbound/run
 CN	#!/command/execlineb -P
 	getpid SERVICE_PID
@@ -292,8 +336,8 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
-	unbound -d
+	fdmove -c 2 1
+	unbound -ddp
 m755
 
 /hostname	d	m755
@@ -308,7 +352,9 @@ m755
 
 /tty1	d	m755
 /tty1/type	cN	longrun	m644
-/tty1/dependencies	cN	ok-sysinit	m644
+/tty1/dependencies
+C	ok-sysinit
+m644
 /tty1/run
 CN	#!/command/execlineb -P
 	getpid SERVICE_PID
@@ -321,7 +367,6 @@ CN	#!/command/execlineb -P
 	}
 	unexport SERVICE_PID
 	foreground { /command/issue-gen }
-	
 	env LOGIN_TTY=/dev/tty1 /sbin/getty -l login-keepenv 38400 tty1 linux
 m755
 /tty1/finish
@@ -333,7 +378,9 @@ CN	#!/command/execlineb -P
 m755
 /tty2	d	m755
 /tty2/type	cN	longrun	m644
-/tty2/dependencies	cN	ok-sysinit	m644
+/tty2/dependencies
+C	ok-sysinit
+m644
 /tty2/run
 CN	#!/command/execlineb -P
 	getpid SERVICE_PID
@@ -346,7 +393,6 @@ CN	#!/command/execlineb -P
 	}
 	unexport SERVICE_PID
 	foreground { /command/issue-gen }
-	
 	env LOGIN_TTY=/dev/tty2 /sbin/getty -l login-keepenv 38400 tty2 linux
 m755
 /tty2/finish
@@ -358,7 +404,9 @@ CN	#!/command/execlineb -P
 m755
 /tty3	d	m755
 /tty3/type	cN	longrun	m644
-/tty3/dependencies	cN	ok-sysinit	m644
+/tty3/dependencies
+C	ok-sysinit
+m644
 /tty3/run
 CN	#!/command/execlineb -P
 	getpid SERVICE_PID
@@ -371,7 +419,6 @@ CN	#!/command/execlineb -P
 	}
 	unexport SERVICE_PID
 	foreground { /command/issue-gen }
-	
 	env LOGIN_TTY=/dev/tty3 /sbin/getty -l login-keepenv 38400 tty3 linux
 m755
 /tty3/finish
@@ -383,7 +430,9 @@ CN	#!/command/execlineb -P
 m755
 /tty4	d	m755
 /tty4/type	cN	longrun	m644
-/tty4/dependencies	cN	ok-sysinit	m644
+/tty4/dependencies
+C	ok-sysinit
+m644
 /tty4/run
 CN	#!/command/execlineb -P
 	getpid SERVICE_PID
@@ -396,7 +445,6 @@ CN	#!/command/execlineb -P
 	}
 	unexport SERVICE_PID
 	foreground { /command/issue-gen }
-	
 	env LOGIN_TTY=/dev/tty4 /sbin/getty -l login-keepenv 38400 tty4 linux
 m755
 /tty4/finish
@@ -498,10 +546,12 @@ C	#!/command/execlineb -P
 m755
 
 /udev	d	m755
+/udev/type	cN	longrun	m644
 /udev/dependencies
-CN	mount-sys
+C	mount-sys
 	mount-proc
 	mount-dev
+m644
 m640
 /udev/notification-fd	cN	3	m640
 /udev/run
@@ -515,7 +565,6 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
 	background {
 		sh -xc "until /sbin/udevadm settle --timeout=120; do sleep 0.5; done; echo >&3 settled"
 		#foreground { loopwhilex -x 0 if -nt { /sbin/udevadm settle --timeout=120 } foreground { sleep 0.1 } exit 1 }
@@ -525,7 +574,6 @@ CN	#!/command/execlineb -P
 	fdclose 3
 	/sbin/udevd
 m755
-/udev/type	cN	longrun	m640
 
 /swapon-vg-swap	d	m755
 /swapon-vg-swap/dependencies
@@ -569,16 +617,37 @@ m644
 
 /.scripts	d	m755
 
+/sshd-log	d	m755
+/sshd-log/type	cN	longrun	m644
+/sshd-log/dependencies
+C	mount-run-cgroup2
+	rootfs
+m644
+/sshd-log/consumer-for	cN	sshd	m640
+/sshd-log/run
+CN	#!/command/execlineb -P
+	getpid SERVICE_PID
+	foreground {
+		importas -i SERVICE_PID SERVICE_PID
+		if { test -d /run/cgroup2 }
+		if { mkdir -p /run/cgroup2/s6-rc/sshd-log }
+		redirfd -w 1 /run/cgroup2/s6-rc/sshd-log/cgroup.procs
+		printf "%s" ${SERVICE_PID}
+	}
+	unexport SERVICE_PID
+	if { mkdir -p /var/log/sshd }
+	s6-log -b -- n10 s10240000 t /var/log/sshd
+m755
 /sshd	d	m755
 /sshd/type	cN	longrun	m644
 /sshd/dependencies
-CN	ssh_host_ed25519_key
+C	ssh_host_ed25519_key
 	ssh_host_rsa_key
 	ok-sysinit
 m644
+/sshd/producer-for	cN	sshd-log	m640
 /sshd/run
 CN	#!/command/execlineb -P
-	fdmove -c 2 1
 	getpid SERVICE_PID
 	foreground {
 		importas -i SERVICE_PID SERVICE_PID
@@ -588,8 +657,8 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
-	/usr/sbin/sshd -D -f /etc/ssh/sshd_config
+	fdmove -c 2 1
+	/usr/sbin/sshd -D -e -f /etc/ssh/sshd_config
 m755
 
 /ssh_host_ed25519_key	d	m755
@@ -636,8 +705,33 @@ CN	sh -c "
 	"
 m640
 
-/alsactl-rdaemon	d	m750
-/alsactl-rdaemon/dependencies	cN	alsa-devices	m640
+/alsactl-rdaemon-log	d	m755
+/alsactl-rdaemon-log/type	cN	longrun	m644
+/alsactl-rdaemon-log/dependencies
+C	mount-run-cgroup2
+	rootfs
+m644
+/alsactl-rdaemon-log/consumer-for	cN	alsactl-rdaemon	m640
+/alsactl-rdaemon-log/run
+CN	#!/command/execlineb -P
+	getpid SERVICE_PID
+	foreground {
+		importas -i SERVICE_PID SERVICE_PID
+		if { test -d /run/cgroup2 }
+		if { mkdir -p /run/cgroup2/s6-rc/alsactl-rdaemon-log }
+		redirfd -w 1 /run/cgroup2/s6-rc/alsactl-rdaemon-log/cgroup.procs
+		printf "%s" ${SERVICE_PID}
+	}
+	unexport SERVICE_PID
+	if { mkdir -p /var/log/alsactl-rdaemon }
+	s6-log -b -- n10 s10240000 t /var/log/alsactl-rdaemon
+m755
+/alsactl-rdaemon	d	m755
+/alsactl-rdaemon/type	cN	longrun	m644
+/alsactl-rdaemon/dependencies
+C	alsa-devices
+m644
+/alsactl-rdaemon/producer-for	cN	alsactl-rdaemon-log	m640
 /alsactl-rdaemon/run
 CN	#!/command/execlineb -P
 	getpid SERVICE_PID
@@ -649,10 +743,9 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
+	fdmove -c 2 1
 	alsactl rdaemon
-m750
-/alsactl-rdaemon/type	cN	longrun	m640
+m755
 
 /brightness	d	m750
 /brightness/type	cN	oneshot	m640
@@ -691,13 +784,13 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
-	if { mkdir -p /run/user/ccx.logs }
-	if { chown ccx: /run/user/ccx.logs }
-	if { chmod 700 /run/user/ccx.logs }
+	if { mkdir -p /run/user/1000.logs }
+	if { ln -sf /run/user/1000.logs ccx.logs }
+	if { chown ccx: /run/user/1000.logs }
+	if { chmod 700 /run/user/1000.logs }
 	s6-setuidgid ccx
-	s6-log -- t /run/user/ccx.logs
-m750
+	s6-log -- t /run/user/1000.logs
+m755
 
 /svscan-ccx	d	m755
 /svscan-ccx/type	cN	longrun	m644
@@ -706,7 +799,7 @@ C	ok-sysinit
 	rootfs
 m644
 /svscan-ccx/notification-fd	cN	3
-m640
+m644
 /svscan-ccx/producer-for	cN	svscan-ccx-log	m640
 /svscan-ccx/run
 CN	#!/command/execlineb -P
@@ -719,14 +812,14 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
-	if { mkdir -p /run/user/ccx }
-	if { chown ccx: /run/user/ccx }
-	if { chmod 700 /run/user/ccx }
+	if { mkdir -p /run/user/1000 }
+	if { ln -sf /run/user/1000 ccx }
+	if { chown ccx: /run/user/1000 }
+	if { chmod 700 /run/user/1000 }
 	s6-setuidgid ccx
-	if { mkdir -p /run/user/ccx/service }
-	s6-svscan -d 3 /run/user/ccx/service
-m750
+	if { mkdir -p /run/user/1000/service }
+	s6-svscan -d 3 /run/user/1000/service
+m755
 
 /syncthing-log	d	m755
 /syncthing-log/type	cN	longrun	m644
@@ -746,10 +839,9 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
 	if { mkdir -p /var/log/syncthing }
 	s6-log -b -- n10 s10240000 t /var/log/syncthing
-m750
+m755
 /syncthing	d	m755
 /syncthing/type	cN	longrun	m644
 /syncthing/dependencies
@@ -767,11 +859,10 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
 	/usr/bin/env HOME=/var/lib/syncthing
 	s6-setuidgid syncthing
 	syncthing -logflags 0
-m750
+m755
 
 /tinc.ccx-log	d	m755
 /tinc.ccx-log/type	cN	longrun	m644
@@ -791,10 +882,9 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
 	if { mkdir -p /var/log/tinc.ccx }
 	s6-log -b -- n10 s10240000 t /var/log/tinc.ccx
-m750
+m755
 /tinc.ccx	d	m755
 /tinc.ccx/type	cN	longrun	m644
 /tinc.ccx/dependencies
@@ -812,9 +902,9 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
+	fdmove -c 2 1
 	tincd -n ccx -D -d
-m750
+m755
 
 /wpa_supplicant-log	d	m755
 /wpa_supplicant-log/type	cN	longrun	m644
@@ -834,10 +924,9 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
 	if { mkdir -p /var/log/wpa_supplicant }
 	s6-log -b -- n10 s10240000 t /var/log/wpa_supplicant
-m750
+m755
 /wpa_supplicant	d	m755
 /wpa_supplicant/type	cN	longrun	m644
 /wpa_supplicant/dependencies
@@ -856,11 +945,10 @@ CN	#!/command/execlineb -P
 		printf "%s" ${SERVICE_PID}
 	}
 	unexport SERVICE_PID
-	
 	/sbin/wpa_supplicant
 	-iwlan0
 	-c/etc/wpa_supplicant/wpa_supplicant.conf
-m750
+m755
 
 
 /X5	d	m750
@@ -959,7 +1047,7 @@ CN	#!/command/execlineb -P
 	  -retro
 	  -novtswitch
 	  vt${vtN} :${vtN}
-	
+
 m755
 
 /kbd_mode	d	m755
@@ -969,7 +1057,23 @@ C	kbd_mode-tty1
 	kbd_mode-tty2
 	kbd_mode-tty3
 	kbd_mode-tty4
-	
+m644
+
+/ok-mount	d	m755
+/ok-mount/type	cN	bundle	m644
+/ok-mount/contents
+C	ok-sysinit
+	ok-localmount
+	mount-tmp-X11
+m644
+
+/setfont	d	m755
+/setfont/type	cN	bundle	m644
+/setfont/contents
+C	setfont-tty1
+	setfont-tty2
+	setfont-tty3
+	setfont-tty4
 m644
 
 /ok-all-but-tty	d	m755
@@ -990,7 +1094,6 @@ C	net-all
 	svscan-ccx
 	syncthing
 	tinc.ccx
-	
 m644
 
 /ok-sysinit	d	m755
@@ -999,17 +1102,15 @@ m644
 C	mount-sysinit
 	dev-coldplug
 	udev
-	
 m644
 
-/setfont	d	m755
-/setfont/type	cN	bundle	m644
-/setfont/contents
-C	setfont-tty1
-	setfont-tty2
-	setfont-tty3
-	setfont-tty4
-	
+/gettys	d	m755
+/gettys/type	cN	bundle	m644
+/gettys/contents
+C	tty1
+	tty2
+	tty3
+	tty4
 m644
 
 /net-all	d	m755
@@ -1019,25 +1120,5 @@ C	loopback
 	dhcpcd
 	unbound
 	wpa_supplicant
-	
-m644
-
-/ok-mount	d	m755
-/ok-mount/type	cN	bundle	m644
-/ok-mount/contents
-C	ok-sysinit
-	ok-localmount
-	mount-tmp-X11
-	
-m644
-
-/gettys	d	m755
-/gettys/type	cN	bundle	m644
-/gettys/contents
-C	tty1
-	tty2
-	tty3
-	tty4
-	
 m644

	carbon-config config submodule of carbon-core-system
	git clone https://ccx.te2000.cz/git/carbon-config
	Log \| Files \| Refs

M	config.aat	\|	5	+++++
M	s6-rc.aat	\|	274	+++++++++++++++++++------------------------------------------------------------
M	s6-rc.fileset	\|	271	+++++++++++++++++++++++++++++++++++++++++++++++++++----------------------------