|
| 1 | +# Polykey Agent: Service and Programs Module Documentation |
| 2 | + |
| 3 | +This guide introduces and explains the newly added `services` and `programs` |
| 4 | +modules for managing the Polykey Agent using `systemd`. These modules were |
| 5 | +introduced as part of a broader effort to improve automation, reliability, and |
| 6 | +user experience across both user-level and system-wide contexts. |
| 7 | + |
| 8 | +--- |
| 9 | + |
| 10 | +## Background |
| 11 | + |
| 12 | +The Polykey Agent is a long-lived background process that facilitates secure |
| 13 | +secret management and distributed key infrastructure. Traditionally, users had |
| 14 | +to manually start the agent from the terminal. To streamline this, two modules |
| 15 | +were introduced: |
| 16 | + |
| 17 | +- `programs`: Configures **user-level services** for personal development and |
| 18 | + desktop use. |
| 19 | +- `services`: Configures **system-level services** for shared machines and |
| 20 | + server environments. |
| 21 | + |
| 22 | +These modules utilize `systemd`, a service manager used in most Linux |
| 23 | +distributions. |
| 24 | + |
| 25 | +--- |
| 26 | + |
| 27 | +## What is `systemd`? |
| 28 | + |
| 29 | +`systemd` is the default init and service manager in most Linux distros. It |
| 30 | +allows you to: |
| 31 | + |
| 32 | +- Start, stop, and restart background services. |
| 33 | +- Automatically launch services at boot or login. |
| 34 | +- View logs and monitor service health. |
| 35 | + |
| 36 | +`systemd` uses unit files (like `.service`) to define how services behave. |
| 37 | + |
| 38 | +--- |
| 39 | + |
| 40 | +## Key Concepts |
| 41 | + |
| 42 | +### User vs System Services |
| 43 | + |
| 44 | +| Mode | Controlled By | Suitable For | Config Path | |
| 45 | +| ---------- | ------------- | ------------------------------- | ------------------------- | |
| 46 | +| **User** | Regular user | Local development, personal use | `~/.config/systemd/user/` | |
| 47 | +| **System** | Root/admin | Shared systems, production use | `/etc/systemd/system/` | |
| 48 | + |
| 49 | +The new modules are designed to target both these contexts. |
| 50 | + |
| 51 | +--- |
| 52 | + |
| 53 | +## Programs Module (User Services) |
| 54 | + |
| 55 | +The `programs` module sets up a user-level `systemd` service that: |
| 56 | + |
| 57 | +- Starts the agent on login. |
| 58 | +- Runs the agent under the current user. |
| 59 | +- Stores logs in the user's journal. |
| 60 | + |
| 61 | +### Setup Instructions (User Mode) |
| 62 | + |
| 63 | +1. Ensure the Polykey binary is installed and accessible via `$PATH`. |
| 64 | +2. Copy the service file to: |
| 65 | + |
| 66 | + ```sh |
| 67 | + mkdir -p ~/.config/systemd/user |
| 68 | + cp polykey-agent.service ~/.config/systemd/user/ |
| 69 | + ``` |
| 70 | + |
| 71 | +3. Enable and start the service: |
| 72 | + |
| 73 | + ```sh |
| 74 | + systemctl --user daemon-reload |
| 75 | + systemctl --user enable polykey-agent |
| 76 | + systemctl --user start polykey-agent |
| 77 | + ``` |
| 78 | + |
| 79 | +4. Verify it's running: |
| 80 | + |
| 81 | + ```sh |
| 82 | + systemctl --user status polykey-agent |
| 83 | + journalctl --user -u polykey-agent |
| 84 | + ``` |
| 85 | + |
| 86 | +--- |
| 87 | + |
| 88 | +## Services Module (System Services) |
| 89 | + |
| 90 | +The `services` module sets up a root-owned service that: |
| 91 | + |
| 92 | +- Runs globally for all users. |
| 93 | +- Is launched at boot. |
| 94 | +- Is managed from `/etc/systemd/system/`. |
| 95 | + |
| 96 | +### Setup Instructions (System Mode) |
| 97 | + |
| 98 | +1. Copy the service file to: |
| 99 | + |
| 100 | + ```sh |
| 101 | + sudo cp polykey-agent.service /etc/systemd/system/ |
| 102 | + ``` |
| 103 | + |
| 104 | +2. Enable and start the service: |
| 105 | + |
| 106 | + ```sh |
| 107 | + sudo systemctl daemon-reload |
| 108 | + sudo systemctl enable polykey-agent |
| 109 | + sudo systemctl start polykey-agent |
| 110 | + ``` |
| 111 | + |
| 112 | +3. Check status: |
| 113 | + |
| 114 | + ```sh |
| 115 | + sudo systemctl status polykey-agent |
| 116 | + sudo journalctl -u polykey-agent |
| 117 | + ``` |
| 118 | + |
| 119 | +--- |
| 120 | + |
| 121 | +## Configuration Details |
| 122 | + |
| 123 | +The service files can be customized: |
| 124 | + |
| 125 | +- `ExecStart` can point to any valid Polykey binary. |
| 126 | +- `Environment` variables like `NODE_ENV`, `POLYKEY_DATA_PATH` can be passed in. |
| 127 | +- Restart policies and timeouts can be modified. |
| 128 | + |
| 129 | +To override a system service without editing the base file: |
| 130 | + |
| 131 | +```sh |
| 132 | +sudo systemctl edit polykey-agent |
| 133 | +``` |
| 134 | + |
| 135 | +--- |
| 136 | + |
| 137 | +## Handling Secrets & Recovery Codes |
| 138 | + |
| 139 | +The new modules support secure handling of recovery codes and agent secrets: |
| 140 | + |
| 141 | +- Set environment variables or use configuration files in the home directory. |
| 142 | +- Avoid running agents as root unless necessary. |
| 143 | +- For system mode, ensure secrets are stored in restricted root-only paths. |
| 144 | + |
| 145 | +--- |
| 146 | + |
| 147 | +## Troubleshooting |
| 148 | + |
| 149 | +- **"Service not found"**: |
| 150 | + |
| 151 | + - Run `daemon-reload` after copying or editing unit files. |
| 152 | + |
| 153 | +- **"Permission denied"**: |
| 154 | + |
| 155 | + - Ensure system-level services are started with `sudo`. |
| 156 | + |
| 157 | +- **Service not starting**: |
| 158 | + |
| 159 | + - Run `journalctl -u polykey-agent` for logs. |
| 160 | + |
| 161 | +- **User services not auto-starting**: |
| 162 | + |
| 163 | + - Check that `linger` is enabled for the user: |
| 164 | + |
| 165 | + ```sh |
| 166 | + sudo loginctl enable-linger $USER |
| 167 | + ``` |
| 168 | + |
| 169 | +--- |
| 170 | + |
| 171 | +## Use Cases |
| 172 | + |
| 173 | +- **Developers**: Enable `programs` to automatically start the agent at login. |
| 174 | +- **Sysadmins**: Deploy `services` module for always-on availability of the |
| 175 | + agent across all users. |
| 176 | +- **Security-sensitive installations**: Customize environment securely and |
| 177 | + inspect logs via `journalctl`. |
| 178 | + |
| 179 | +--- |
| 180 | + |
| 181 | +## Next Steps |
| 182 | + |
| 183 | +- Finalize documentation with visual diagrams (systemd flow, unit layering). |
| 184 | +- Incorporate examples of overriding default behavior. |
| 185 | +- Validate this guide on different distros (e.g. Ubuntu, Fedora, Arch). |
| 186 | + |
| 187 | +--- |
| 188 | + |
| 189 | +## Related References |
| 190 | + |
| 191 | +- [systemd documentation](https://www.freedesktop.org/wiki/Software/systemd/) |
| 192 | +- [Polykey PR #138](https://github.com/MatrixAI/Polykey-CLI/pull/138) |
| 193 | +- [CLI Installation Guide](./installation.md) |
0 commit comments