guix shell --container from Shepherd to run a service

Sun, 06 Apr 2025 03:31:41 -0700 

dear Guix,

my ultimate goal is to run Home Assistant (a python based service) from 
Shepherd.

packaging it seems to be too much effort, so i looked into running it in a 
`guix shell --container`. it works fine when done from the terminal:

$ su - hass
$ guix shell --manifest=manifest.scm --container --emulate-fhs --network 
--share=/srv/hass 
$ cd /srv/hass && source bin/activate && LD_LIBRARY_PATH=/lib:/lib64 hass 2>&1 
| tee /var/log/home-assistant.log

(specifications->manifest
  '("python"
    "python-virtualenv"
    "python-pytzdata"
    "autoconf"
    "openssl"
    "libxml2"
    "libxslt"
    "libjpeg"
    "libffi"
    "eudev"
    "zlib"
    "pkg-config"
    "ffmpeg"
    "gcc-toolchain"

    "git"
    ))

now, i've converted this to a Shepherd service like this:

(simple-service
 'home-assistant
 shepherd-root-service-type
 (list
  (shepherd-service
   (requirement '(file-systems networking guix-daemon))
   (provision '(home-assistant))
   (documentation "")
   ;; TODO herd stop doesn't work
   (start
    #~(lambda _
        (fork+exec-command
         (list #$(file-append guix "/bin/guix")
               "shell"
               "--manifest=manifest.scm"
               "--container"
               "--emulate-fhs"
               "--network"
               "--share=/srv/hass"
               "--"
               #$(file-append bash "/bin/bash")
               "-c" "cd /srv/hass && source bin/activate && 
LD_LIBRARY_PATH=/lib:/lib64 hass")
         #:log-file "/var/log/home-assistant.log"
         #:user  '#$(user-account-name  *hass-user*)
         #:group '#$(user-account-group *hass-user*)
         #:supplementary-groups
         '#$(user-account-supplementary-groups *hass-user*)
         #:environment-variables
         (list (string-append "HOME=/home/"
                              #$(user-account-name *hass-user*)))))))))


but this errors out:

guix shell: error: mkdir: Permission denied: 
"/tmp/guix-directory.sfpIhA/real-root"

should this work, or am i holding it wrong?

or should it be done some other way? any examples around?

if it should work, then any hints on what to look at for a fix? grepping for 
'real-root' brings up MOUNT-FILE-SYSTEMS in linux-container.scm, but i couldn't 
find anything obviously broken there.

sidenote: debugging this would be a lot easier if the error wasn't reduced to 
the above line, but instead a general error handler printed a backtrace.

-- 
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“When men yield up the privilege of thinking, the last shadow of liberty quits 
the horizon.”
        — Thomas Paine (1737–1809)

Reply via email to