Re: guix shell --container from Shepherd to run a service

Sun, 06 Apr 2025 08:04:17 -0700 

> I have no idea it this is the cause, but the immediate difference I see
> between the terminal (working) and shepherd service (not working) is the
> current working directory. In the former case it would be ~hass, in the
> latter case it would be /. Guix shell defaults to making CWD available
> in the container, so it in the service case (I am guessing) mounts /
> onto / of the containers which might mess up some permissions.
> 
> You might try setting #:directory if you need the $HOME accessible, or
> pass --no-cwd if you do not.


excellent tips Tomas, thank you!

i think the essential part was specifying #:directory "/srv/hass".

FTR, this is what i ended up with:

(simple-service
 'home-assistant
 shepherd-root-service-type
 (list
  (shepherd-service
   (requirement '(file-systems networking guix-daemon))
   (provision '(home-assistant))
   (documentation "")
   ;; TODO herd stop doesn't work. it leaves the process
   ;; running without any errors.
   (start
    #~(lambda _
        (fork+exec-command
         (list #$(file-append guix "/bin/guix")
               "shell"
               "--manifest=/srv/hass/manifest.scm"
               "--container"
               "--emulate-fhs"
               "--network"
               "--share=/srv/hass"
               "--no-cwd"
               "--expose=/gnu"
               "--expose=/run/current-system"
               "--"
               #$(file-append bash "/bin/bash")
               "-c" "cd /srv/hass && source bin/activate && 
LD_LIBRARY_PATH=/lib:/lib64 hass --config=/srv/hass/config")
         #:log-file "/var/log/home-assistant.log"
         #:user  '#$(user-account-name  *hass-user*)
         #:group '#$(user-account-group *hass-user*)
         #:directory "/srv/hass"
         #:supplementary-groups
         '#$(user-account-supplementary-groups *hass-user*)
         #:environment-variables
         (list (string-append "HOME=/home/"
                              #$(user-account-name *hass-user*)))))))))

notice that --expose=/gnu was needed, and possibly 
--expose=/run/current-system, too, but i didn't double check every change.

this way the `guix shell` call will get the versions from the hass user's pull 
state; i.e. i can independently decide when to upgrade the guix environment of 
the hass user and process.

it's a relatively painless escape hatch to run even a non-trivial service 
without packaging the app and writing the necessary service code.

-- 
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“An extreme optimist is a man who believes that humanity will probably survive 
even if it doesn't take his advice.”
        — John McCarthy (1927–2011), father of Lisp

Reply via email to