Solved bugs, restructured and added new functionality for clients/personal computers

roles/client-ssh/README.md

@@ -0,0 +1,33 @@
+# SSH Agent 🔐
+
+## Description
+
+This Ansible role ensures a functional and persistent SSH Agent setup on Arch Linux (Manjaro) systems running GNOME with Wayland. It manages SSH configuration by cloning a remote Git repository into the user's `~/.ssh` directory and sets up a systemd user service to start the SSH agent automatically at login.
+
+To understand the broader context of SSH, read more on [Wikipedia – SSH](https://en.wikipedia.org/wiki/Secure_Shell) or visit the official [OpenSSH project](https://www.openssh.com/).
+
+This role was designed and validated in the context of [this discussion](https://chatgpt.com/share/67ed0e25-7240-800f-9ab2-9fffc569bc20) on configuring SSH agents for KeePassXC compatibility under Wayland sessions.
+
+## Overview
+
+This role is intended for Manjaro/Arch systems where `gnome-keyring` no longer reliably manages `ssh-agent` due to changes in behavior under Wayland. It works by deploying a `systemd --user` service, making SSH Agent integration predictable and independent of graphical environment quirks.
+
+## Purpose
+
+The purpose of this role is to automate the provisioning of SSH agent capabilities and synchronize the `.ssh` directory from a Git repository. This enables users to access private repositories or authenticate with remote servers immediately after login.
+
+## Features
+
+- **Clones a remote SSH config repository** into `~/.ssh` using the `client-git` role.
+- **Deploys and enables a systemd user service** for `ssh-agent`.
+- **Ensures environment compatibility** by injecting the `SSH_AUTH_SOCK` variable into either `.bash_profile` or `.profile`.
+- **Fails gracefully** with an optional debug message if the Git repository is unreachable.
+- **KeePassXC ready**: Ensures compatibility with password managers that support SSH agent integration.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

roles/client-ssh/meta/main.yml

@@ -0,0 +1,29 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Persistent SSH agent setup for GNOME Wayland sessions with SSH configuration pulled from Git."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: | 
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - ssh
+    - agent
+    - systemd
+    - gnome
+    - wayland
+    - archlinux
+    - keepassxc
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+
+dependencies:
+  - client-git

roles/client-ssh/tasks/main.yml

@@ -0,0 +1,55 @@
+- name: pull ssh repository from {{ssh_configuration_repository}}
+  git:
+    repo: "{{ssh_configuration_repository}}"
+    dest: "$HOME/.ssh"
+    update: yes
+  register: git_result
+  ignore_errors: true
+  become: false
+
+- name: Warn if repo is not reachable
+  debug:
+    msg: "Warning: Repository is not reachable."
+  when: git_result.failed and enable_debug | bool
+
+- name: Ensure systemd user directory exists
+  file:
+    path: "$HOME/.config/systemd/user"
+    state: directory
+    mode: "0700"
+  become: false
+
+- name: Deploy ssh-agent systemd unit file
+  template:
+    src: ssh-agent.service.j2
+    dest: "$HOME/.config/systemd/user/ssh-agent.service"
+    mode: "0644"
+  become: false
+
+- name: Enable and start ssh-agent service
+  systemd:
+    name: ssh-agent.service
+    scope: user
+    enabled: true
+    state: started
+    daemon_reload: true
+  become: false
+
+- name: Set SSH_AUTH_SOCK in bash_profile or profile
+  block:
+    - name: Choose profile file
+      set_fact:
+        profile_file: "$HOME/.bash_profile"
+      when: ansible_facts.env.HOME is defined and lookup('file', ansible_env.HOME + '/.bash_profile', errors='ignore') is defined
+
+    - name: Fallback to .profile if .bash_profile not found
+      set_fact:
+        profile_file: "$HOME/.profile"
+      when: profile_file is not defined
+
+    - name: Ensure SSH_AUTH_SOCK is set in profile
+      lineinfile:
+        path: "{{ profile_file }}"
+        line: 'export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"'
+        insertafter: EOF
+        state: present

roles/client-ssh/templates/ssh-agent.service.j2

@@ -0,0 +1,11 @@
+[Unit]
+Description=User SSH Agent
+Before=default.target
+
+[Service]
+Type=simple
+Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
+ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
+
+[Install]
+WantedBy=default.target