From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:403:4789::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id 2MidAjUGC2XvXgEAauVa8A:P1 (envelope-from ) for ; Wed, 20 Sep 2023 16:48:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4789::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id 2MidAjUGC2XvXgEAauVa8A (envelope-from ) for ; Wed, 20 Sep 2023 16:48:21 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id AEE3C40DB2 for ; Wed, 20 Sep 2023 16:48:20 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=autistici.org header.s=stigmate header.b=uB8MeIlG; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=reject) header.from=autistici.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1695221300; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=mSvwAe/yAMVwan8WagOy9k9r84ZmMcrydK5nVvmou4E=; b=I/oWYW4I+mxhWXJBExUpW51Dz+s1GV0+IzInB/zg+Ut/0OJ/kurb8sYjk/nFg4nM7vEU2f oEpjM36QlY6UWr4SsRzSltig6Atp7un6MEscKWdH55tc7AiUdRErFA1ew6RMoFPLW8XqWi YLxBhJ9vmaM8c/koC07bef/HihHIBEqowAp6JPFx6myjxiUFXTxZpMAYaVZV/5/iOQqyUZ P85Q6XkGh5zN2BykMi13EloH2+QmwGWUU5PvPhVxAYgxZPibSAZWhI6+Kw8m6b1ehrHCOV VBSvwSpIj1p5rK4yHVJ95tFtpbKCFuoMP1AihkqTKXiPn64Ufm09ZjzeHheNfA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=autistici.org header.s=stigmate header.b=uB8MeIlG; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=reject) header.from=autistici.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1695221300; a=rsa-sha256; cv=none; b=uPNflzXIj5jmVAaTflTgHX3Af83PxfiKUODhIgoR3dcoN4YnixthgNz+hjGEkWtZI47LNp hYrczu9kUBR1ptJc3sX+Oe8jp71onzy9KtDnkbLCtL11FHt5Nck9+fbjI/j4Q37TSiBRj6 beBT0BNPy/o5Cwee7fFl3OnzRpOK9YJ/TUtbwSf8l8Hk8w3tTv8OeY/Mb6tYBjmf0RWLpn BdLDosUXf0rF3hGr4nnzKsAPxVgHXMXRvvHLiox5S2m1EL5eBlqfPWR9TnUlQBS8y6iGbQ xVyhNYnjPaz69P4/IfDKyOgriaI1kXugxEuxmnwVw3uXh4yRPrMN0H1GJYoAxQ== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qiyUe-0001QY-3P; Wed, 20 Sep 2023 10:47:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qiyUZ-0001MS-9m for guix-devel@gnu.org; Wed, 20 Sep 2023 10:47:51 -0400 Received: from confino.investici.org ([2a11:7980:1::2:0]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qiyUV-0004Q6-1t for guix-devel@gnu.org; Wed, 20 Sep 2023 10:47:49 -0400 Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4RrLwh5q6Bz111q for ; Wed, 20 Sep 2023 14:47:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1695221252; bh=mSvwAe/yAMVwan8WagOy9k9r84ZmMcrydK5nVvmou4E=; h=Date:To:From:Subject:From; b=uB8MeIlGjLSXg/wZPyEGZqiMjNPJsC0KfSax0zgo5z1mziOGnzna99P+NZBndGAF7 hJFxhCMhcVSq8Kbnjnikx0yE+WstyLn8Meuip5tuIa74RKx2gJuWk59JXHJXwBGVSH 0/BWp3NQiOfjIQDAFs8GL8wRxx/ZOX57ak7Ffqac= Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4RrLwh5Lspz1112 for ; Wed, 20 Sep 2023 14:47:32 +0000 (UTC) Content-Type: multipart/alternative; boundary="------------kDzaPcMKOxN0RvGWorPFzmLZ" Message-ID: <07894441-fd4b-a299-d138-5da88c2c42ab@autistici.org> Date: Wed, 20 Sep 2023 16:47:32 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 To: guix-devel@gnu.org Content-Language: en-US From: paul Subject: OCI-backed Guix System Services Received-SPF: pass client-ip=2a11:7980:1::2:0; envelope-from=goodoldpaul@autistici.org; helo=confino.investici.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Scanner: mx1.migadu.com X-Migadu-Spam-Score: -7.28 X-Spam-Score: -7.28 X-Migadu-Queue-Id: AEE3C40DB2 X-TUID: EkzXpjoam9Y+ This is a multi-part message in MIME format. --------------kDzaPcMKOxN0RvGWorPFzmLZ Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Dear Guixers, I was recently inspired from Nix's oci-container feature and wrote a thin wrapper around the docker CLI to enable the management of docker containers through Shepherd [0]. This enables handling of non packaged services through guix system reconfigure and herd start/stop/status . |(define(grafana-configuration config) | (oci-container-configuration (image"|grafana/grafana:10.0.1"|) (network"host") (ports `((,port."3000"))) (volumes `(("/var/lib/grafana"."/var/lib/grafana") ;; Neededbecausegrafana.iniisasymlinktoaniteminthestore. ("/gnu/store"."/gnu/store") ("/etc/grafana/grafana.ini"."/etc/grafana/grafana.ini"))))) (definegrafana-service-type (service-type(name'grafana) (extensions(list(service-extensionoci-container-service-type grafana-configuration) (service-extensionaccount-service-type (const%grafana-accounts)) (service-extensionnginx-service-type grafana-nginx-locations) (service-extensionactivation-service-type %grafana-activation))))) This is somewhat made up code, for a real world example you can have a look here [1]. In the future it probably makes sense to be able to switch the "OCI backend" to podman, for now I just wanted to figure out if it's something that would be useful to the Guix community and if the implementation looks right. To conclude, I'm not advocating for adding OCI-backed services to Guix mainstream: in my opinion they should be bootstrapped and built from source, but I believe the actual "backend" implementation for such services could be useful to have in Guix. What do you think? Thank you for the wonderful community that Guix still proves to be, giacomo [0]: https://gitlab.com/orang3/small-guix/-/blob/master/small-guix/services/docker.scm [1]: https://gitlab.com/orang3/guix-nas/-/blob/main/modules/nas/services/grafana.scm --------------kDzaPcMKOxN0RvGWorPFzmLZ Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Dear Guixers,

I was recently inspired from Nix's oci-container feature and wrote a thin wrapper around the docker CLI to enable the management of docker containers through Shepherd [0]. This enables handling of non packaged services through guix system reconfigure and herd start/stop/status . 


(define (grafana-configuration config)
  (oci-container-configuration
    (image "grafana/grafana:10.0.1")
    (network "host")
    (ports
      `((,port . "3000")))
    (volumes
      `(("/var/lib/grafana" . "/var/lib/grafana")
        ;; Needed because grafana.ini is a symlink to an item in the store.
        ("/gnu/store" . "/gnu/store")
        ("/etc/grafana/grafana.ini" . "/etc/grafana/grafana.ini")))))

(define grafana-service-type
  (service-type (name 'grafana)
                (extensions (list (service-extension oci-container-service-type
                                                     grafana-configuration)
                                  (service-extension account-service-type
                                                     (const %grafana-accounts))
                                  (service-extension nginx-service-type
                                                     grafana-nginx-locations)
                                  (service-extension activation-service-type
                                                     %grafana-activation)))))

This is somewhat made up code, for a real world example you can have a look here [1].

In the future it probably makes sense to be able to switch the "OCI backend" to podman, for now I just wanted to figure out if it's something that would be useful to the Guix community and if the implementation looks right.

To conclude, I'm not advocating for adding OCI-backed services to Guix mainstream: in my opinion they should be bootstrapped and built from source, but I believe the actual "backend" implementation for such services could be useful to have in Guix. What do you think?


Thank you for the wonderful community that Guix still proves to be,

giacomo


[0]: https://gitlab.com/orang3/small-guix/-/blob/master/small-guix/services/docker.scm

[1]: https://gitlab.com/orang3/guix-nas/-/blob/main/modules/nas/services/grafana.scm

--------------kDzaPcMKOxN0RvGWorPFzmLZ--