Docker image format with services

[Jack Hill <jackhill@jackhill.us>]

Hi Guix,

I have a need to build some Docker images (well, really OCI-compliant 
images) to run some service on computing systems that I don't manage. I 
thought I would use `guix system image` to build these images. In order to 
get a feel for it, I'm testing it out with the docker service running on 
my Guix System (commit 50dd91bc30634c75c0001cfd38bbcc2fbbeb894e).

So far, I've created an image from this file with `guix system image filename.scm`:

```
(use-modules (gnu)
              (gnu image)
              (gnu system image))
(use-service-modules databases ssh)
(use-package-modules databases linux)

(define container-os
   (operating-system
    (host-name "container")
    (timezone "America/New_York")
    (kernel linux-libre)
    (bootloader (bootloader-configuration
                 (bootloader grub-efi-bootloader)
                 (targets '("/dev/sdX"))))
    (file-systems '())
    (packages %base-packages)
    (users (cons* (user-account
                   (name "jackhill")
                   (comment "Jack Hill")
                   (group "users")
                   (supplementary-groups '("wheel" )))
                  %base-user-accounts))
    (services
     (cons* (service openssh-service-type
                     (openssh-configuration
                      (port-number 2222)
                      (password-authentication? #f)
                      (authorized-keys
                       `(("jackhill" ,(local-file 
"/home/jackhill/.ssh/id_ed25519.pub"))))))
            (service postgresql-service-type
                     (postgresql-configuration
                      (postgresql postgresql-14)
                      (config-file
                       (postgresql-config-file
                        (log-destination "stderr")
                        (hba-file
                         (plain-file "pg_hba.conf"
                                     "
local all all trust
host all all 172.17.0.1/32 trust"))
                        (extra-config
                         '(("listen_addresses" "*")
                           ("log_directory"    "/var/log/postgresql")))))))
            (service postgresql-role-service-type
                     (postgresql-role-configuration
                      (roles
                       (list (postgresql-role
                              (name "test")
                              (create-database? #t))))))
            %base-services))))

(define container-image
   (image
    (format 'docker)
    (operating-system container-os)
    (shared-network? #t)))

container-image
```

I then load that into docker: `docker load < /gnu/store/…tar.gz`, and run 
it with `docker run guix`.

So far, so good. However, ssh-daemon and postgres don't start. If I then 
get a shell in the running container with `docker exec -ti … /bin/sh`, I 
can see that `herd status` reports that those services are stopped. Trying 
to start either service fails:

```
sh-5.1# herd start ssh-daemon
herd: exception caught while executing 'start' on service 'loopback':
Throw to key `%exception' with args `("#<&netlink-response-error errno: 1>")'.
sh-5.1# herd start postgres
herd: exception caught while executing 'start' on service 'loopback':
Throw to key `%exception' with args `("#<&netlink-response-error errno: 1>")'.
```

What's going on here? Is this a disagreement between shepherd and docker 
about who's in charge of the networking? What's the right way to create a 
docker system image that can run services?

Or, alternatively, is system image the way to go here? I haven't yet 
explored running these services from a `guix pack` produced image, but I 
suppose that could work as well?

Thanks!
Jack