[bug#76081,v16,4/4] home: Add home-oci-service-type.
Commit Message
* gnu/home/service/containers.scm: New file;
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (OCI backed services): Document it.
Change-Id: I8ce5b301e8032d0a7b2a9ca46752738cdee1f030
---
doc/guix.texi | 114 +++++++++++++++++++++++++++++++
gnu/home/services/containers.scm | 49 +++++++++++++
gnu/local.mk | 1 +
3 files changed, 164 insertions(+)
create mode 100644 gnu/home/services/containers.scm
Comments
Hi Giacomo,
Not sure if anything can be done with your provider, but I'm still
receiving all your email in the Gmail SPAM, flagged because:
> This message isn't authenticated and the sender can't be verified. Use
> caution when clicking links, downloading attachments, or replying with
> personal information.
Hi,
Merged at least, with commit 57386498b61.
Thanks for your patience.
Hello,
Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
> Merged at least, with commit 57386498b61.
It seems that this (probably cc07ecd7ccc52540113414eaebafc0fb218ef9ff)
broke ‘guix pull’:
https://mail.gnu.org/archive/html/help-guix/2025-08/msg00127.html
https://ci.guix.gnu.org/eval/2081166
Presumably something is opening a connection to the store from the
top-level.
(Commit cc07ecd7ccc52540113414eaebafc0fb218ef9ff also uses @@, which
should really be avoided, because it breaks encapsulation and is not
even guaranteed to work, due to inlining.)
Ludo’.
Hi,
Ludovic Courtès <ludo@gnu.org> writes:
> Hello,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
>
>> Merged at least, with commit 57386498b61.
>
> It seems that this (probably cc07ecd7ccc52540113414eaebafc0fb218ef9ff)
> broke ‘guix pull’:
>
> https://mail.gnu.org/archive/html/help-guix/2025-08/msg00127.html
> https://ci.guix.gnu.org/eval/2081166
>
> Presumably something is opening a connection to the store from the
> top-level.
Thanks for sharing this idea. That seems likely as for example
%oci-tarball is defined at the top level in terms of
lower-oci-image-state, which calls run-with-store.
> (Commit cc07ecd7ccc52540113414eaebafc0fb218ef9ff also uses @@, which
> should really be avoided, because it breaks encapsulation and is not
> even guaranteed to work, due to inlining.)
We use this trick in a few tests for "white box testing" (reaching to
internals that shouldn't be part of the public API). Sometimes with the
(set! some-symbol some-symbol) trick to avoid inlining in the source
module. Maybe that was the idea here?
@@ -53002,6 +53002,120 @@ Miscellaneous Home Services
documentation of the system service (@pxref{Miscellaneous Services,
@code{readymedia-service-type}}).
+@subsubheading OCI backed services
+
+@cindex OCI-backed, for Home
+The @code{(gnu home services containers)} module provides the following service:
+
+@defvar home-oci-service-type
+This is the type of the service that allows to manage your OCI containers with
+the same consistent interface you use for your other Home Shepherd services.
+@end defvar
+
+This service is a direct mapping of the @code{oci-service-type} system
+service (@pxref{Miscellaneous Services, OCI backed services}). You can
+use it like this:
+
+@lisp
+(use-modules (gnu services containers)
+ (gnu home services containers))
+
+(simple-service 'home-oci-provisioning
+ home-oci-service-type
+ (oci-extension
+ (volumes
+ (list
+ (oci-volume-configuration (name "prometheus"))
+ (oci-volume-configuration (name "grafana"))))
+ (networks
+ (list
+ (oci-network-configuration (name "monitoring"))))
+ (containers
+ (list
+ (oci-container-configuration
+ (network "monitoring")
+ (image
+ (oci-image
+ (repository "guile")
+ (tag "3")
+ (value (specifications->manifest '("guile")))
+ (pack-options '(#:symlinks (("/bin/guile" -> "bin/guile"))
+ #:max-layers 2))))
+ (entrypoint "/bin/guile")
+ (command
+ '("-c" "(display \"hello!\n\")")))
+ (oci-container-configuration
+ (image "prom/prometheus")
+ (network "monitoring")
+ (ports
+ '(("9000" . "9000")
+ ("9090" . "9090")))
+ (volumes
+ (list
+ '(("prometheus" . "/var/lib/prometheus")))))
+ (oci-container-configuration
+ (image "grafana/grafana:10.0.1")
+ (network "monitoring")
+ (volumes
+ '(("grafana:/var/lib/grafana"))))))))
+
+@end lisp
+
+You may specify a custom configuration by providing a
+@code{oci-configuration} record, exactly like for
+@code{oci-service-type}, but wrapping it in @code{for-home}:
+
+@lisp
+(use-modules (gnu services)
+ (gnu services containers)
+ (gnu home services containers))
+
+(service home-oci-service-type
+ (for-home
+ (oci-configuration
+ (runtime 'podman)
+ (verbose? #t))))
+
+(simple-service 'home-oci-provisioning
+ home-oci-service-type
+ (oci-extension
+ (volumes
+ (list
+ (oci-volume-configuration (name "prometheus"))
+ (oci-volume-configuration (name "grafana"))))
+ (networks
+ (list
+ (oci-network-configuration (name "monitoring"))))
+ (containers
+ (list
+ (oci-container-configuration
+ (network "monitoring")
+ (image
+ (oci-image
+ (repository "guile")
+ (tag "3")
+ (value (specifications->manifest '("guile")))
+ (pack-options '(#:symlinks (("/bin/guile" -> "bin/guile"))
+ #:max-layers 2))))
+ (entrypoint "/bin/guile")
+ (command
+ '("-c" "(display \"hello!\n\")")))
+ (oci-container-configuration
+ (image "prom/prometheus")
+ (network "monitoring")
+ (ports
+ '(("9000" . "9000")
+ ("9090" . "9090")))
+ (volumes
+ (list
+ '(("prometheus" . "/var/lib/prometheus")))))
+ (oci-container-configuration
+ (image "grafana/grafana:10.0.1")
+ (network "monitoring")
+ (volumes
+ '(("grafana:/var/lib/grafana"))))))))
+@end lisp
+
@node Invoking guix home
@section Invoking @command{guix home}
new file mode 100644
@@ -0,0 +1,49 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 Giacomo Leidi <goodoldpaul@autistici.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu home services containers)
+ #:use-module (gnu home services)
+ #:use-module (gnu home services shepherd)
+ #:use-module (gnu services)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services containers)
+ #:use-module (guix gexp)
+ #:use-module (guix packages)
+ #:use-module (srfi srfi-1)
+ #:export (home-oci-service-type))
+
+(define home-oci-service-type
+ (service-type
+ (inherit (system->home-service-type oci-service-type))
+ (extensions
+ (list
+ (service-extension home-profile-service-type
+ (lambda (config)
+ (let ((runtime-cli
+ (oci-configuration-runtime-cli config))
+ (runtime
+ (oci-configuration-runtime config)))
+ (oci-service-profile runtime runtime-cli))))
+ (service-extension home-shepherd-service-type
+ oci-configuration->shepherd-services)))
+ (extend
+ (lambda (config extension)
+ (for-home
+ (oci-configuration
+ (inherit (oci-configuration-extend config extension))))))
+ (default-value (for-home (oci-configuration)))))
@@ -105,6 +105,7 @@ GNU_SYSTEM_MODULES = \
%D%/home/services.scm \
%D%/home/services/admin.scm \
%D%/home/services/backup.scm \
+ %D%/home/services/containers.scm \
%D%/home/services/desktop.scm \
%D%/home/services/dict.scm \
%D%/home/services/dotfiles.scm \