From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 83i8CF72IV/1awAA0tVLHw (envelope-from ) for ; Wed, 29 Jul 2020 22:21:18 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id eGNmBF72IV9KYwAAB5/wlQ (envelope-from ) for ; Wed, 29 Jul 2020 22:21:18 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9508C9404CA for ; Wed, 29 Jul 2020 22:21:17 +0000 (UTC) Received: from localhost ([::1]:43952 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k0uRo-00065V-LJ for larch@yhetil.org; Wed, 29 Jul 2020 18:21:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56664) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k0uP2-0002Gd-P7 for help-guix@gnu.org; Wed, 29 Jul 2020 18:18:24 -0400 Received: from mail-ej1-x644.google.com ([2a00:1450:4864:20::644]:44106) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1k0uP0-0001l6-Vg for help-guix@gnu.org; Wed, 29 Jul 2020 18:18:24 -0400 Received: by mail-ej1-x644.google.com with SMTP id bo3so3290273ejb.11 for ; Wed, 29 Jul 2020 15:18:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=5MkTBIAqawpuhlr13OVRNNwsZy64zHMwuYitFyDkuTY=; b=uC6FrqA6AjiyuyGGaOiGKNe9ovIySET3izubVCBCga/htaEWB1uQGnlsubTXtjg1tD O6H92A1T6bX1vccRTouLjLCg6W5GfpQ6Id6g8KEK4JX5XoEHOYmiyphixBC8Y78guFwF 8Y7rVI07AaxLd4UvACg8ABEmwsLy9VfcvuwRZdkbZIdLyKvpQIaP5q4KqBRygPcVWI+P q5/TIIQkYFrFWN7fMWzzLfFWhVfURqbhjv3Z04VP3+0w7HvYLWgzdqCrWreVAtAg50GH wjTpZ/QqKIlBkojtVieQwbokGtGh9Px5XGpttusSSeLqbGXlQP+54clsKyyLXxjZm3Rc B+vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=5MkTBIAqawpuhlr13OVRNNwsZy64zHMwuYitFyDkuTY=; b=n/VkG7X8Y6b2JiidZ1TXzmYXUtqRCNFZnZpX3LRMH8IRIUgWqsgj+ueS4Rz2cejq5m LnEo4CjcnAOhXyhDcCpEIhMb0Y09IqRt/oaS/B4SpWNxsiedb0pJZjcy3GtdHYWBZ1Mj 5nhaibXwenrf7VWDFXgQNvRx7v6x7wVa8CqjkkIBT22NqFK0YXcPZbXin4EIKI/SzEzN wDLZMDiJB0YeVJxAkvOKAkTaOKyHkvlJ5yUoRQgMt15jwlqr8VXqNJeDXJQZhDfafN+l Tn2w80dZywt2SaeDQG4n4JWR1uQlIATN4LX42l/E5RQwTiawMvTXoXAsOk8MSeydMMoO IwQw== X-Gm-Message-State: AOAM531M2K3KAGuB2vGcFVx6z2Cq0gQa8HDm6lGanbB+2rAKLqTMxyn4 OCvyhZtbtMNDR8zCKrrK945sJ1HrTPZjSCpUvYcAvClO X-Google-Smtp-Source: ABdhPJxdGxezBfQMl+cYFf0xq3+f0zB/HX/UbgQvG3wEwZ4c/o5xNIuwEUi3ZhiY6dG8hbgD+RqatFHbmf/JyBgxWRU= X-Received: by 2002:a17:906:2490:: with SMTP id e16mr462476ejb.386.1596061100557; Wed, 29 Jul 2020 15:18:20 -0700 (PDT) MIME-Version: 1.0 From: conjaroy Date: Wed, 29 Jul 2020 18:17:44 -0400 Message-ID: Subject: Is anyone using `guix system container` in production? To: help-guix@gnu.org Received-SPF: pass client-ip=2a00:1450:4864:20::644; envelope-from=conjaroy@gmail.com; helo=mail-ej1-x644.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (body hash did not verify) header.d=gmail.com header.s=20161025 header.b=uC6FrqA6; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Spam-Score: 1.09 X-TUID: Xl3am8aFnVr5 I'm interested in deploying several system containers to a single cloud VPS, and I had originally planned to build those via `guix system docker-image`. Although Docker has some nice CLI tools for starting/stopping/listing active containers, it occurs to me that an alternative (`guix system container`) has at least one significant advantage: containers come online in seconds, as opposed to the minutes it takes to build and import a Docker image (or tens of minutes, if the build host is a VM without /dev/kvm.) It might also be the case that using /gnu/store for all containers is more disk-space-efficient than creating self-contained Docker images for each one. So I was wondering if anyone has experience running long-lived containers built via `guix system container` in a production setting. Since I'm running Guix on a foreign distro (Debian 10), it seems reasonable to build a systemd service around the container script, but there may be pitfalls I haven't considered: # build container script and register it as a gc root with a well-known name. guix build --root=/home/guix/my-awesome-container $(guix system container -d my-awesome-container.scm) cat << EOF > /etc/systemd/system/my-awesome-container.service [Unit] Description=My Awesome Container [Service] ExecStart=/home/guix/my-awesome-container TimeoutStopSec=30 StandardOutput=syslog StandardError=syslog [Install] WantedBy=multi-user.target EOF