Ray Miller <[email protected]> writes: > I haven't thought about how you'd integrate this with your Guix configuration, > but my approach would be to make ~/.config/searxng world-readable and > mount it read-only into the container without the `U` option that changes the > ownership. Then I would create a podman volume for the cache and mount > that with the `U` option instead of mounting a directory. Apart from creating > the cache volume if it does not exist, your Guix configuration does not need > to touch this volume so it should not matter that the ownership changes. > > I would be interested to hear if this approach works for you.
Thanks! I don't understand exactly what you mean, especially regarding :U, but I
got it working by looking at the other mount options after you pointed me in
that direction.
I cannot use :ro as it fails, but I was able to use :O which copies the source
to another location before mounting. For the settings, this seems like the
correct solution. Changes done within SearXNG won't be reflected out, but that
is pretty much what I want anyway.
So I mount the settings with :O and use a home-files-service-type, and I mount
the cache with default settings, and use home-activation-service-type to create
the folder only if it does not already exist.
I'm content with this solution for now :)
Btw, here's the errors when mounting the settings as :ro
2025-10-18 19:31:07 chown: /etc/searxng/settings.yml: Read-only file system
2025-10-18 19:31:07 chown: /etc/searxng: Read-only file system
2025-10-18 19:31:07 chown: /etc/searxng: Read-only file system
2025-10-18 19:31:07 ...
2025-10-18 19:31:07 ... INFORMATION
2025-10-18 19:31:07 ... "/etc/searxng/settings.yml" does not exist,
creating from template...
2025-10-18 19:31:07 ...
2025-10-18 19:31:07 cp: can't create '/etc/searxng/settings.yml': File
exists
2025-10-18 19:31:07 sed: /etc/searxng/settings.yml: No such file or
directory
2025-10-18 19:31:07 !!!
2025-10-18 19:31:07 !!! ERROR
2025-10-18 19:31:07 !!! "/etc/searxng/settings.yml" is not a valid file,
exiting...
2025-10-18 19:31:07 !!!
And this is what my service looks like atm:
(define-module (sijo home services searxng)
#:use-module (gnu home services shepherd)
#:use-module (gnu home services)
#:use-module (gnu packages containers)
#:use-module (guix gexp)
#:use-module (sijo utils))
(define searxng-home-shepherd-service
(shepherd-service
(provision '(searxng))
(requirement '())
(start #~(make-forkexec-constructor
(list #$(file-append podman "/bin/podman")
"run"
"--name" "searxng"
"--replace"
"--publish" "8888:8080"
;; Mounting with :O cause the folder to be copied first,
so
;; the container will not take ownership, nor modify, the
;; folder/file on the host.
"--volume" (string-append #$(home "/.config/searxng/")
":/etc/searxng/:O")
"--volume" (string-append #$(home "/.cache/searxng/")
":/var/cache/searxng/")
"docker.io/searxng/searxng:2025.10.13-c34bb6128")
#:log-file (string-append
(or (getenv "XDG_STATE_HOME")
(format #f "~a/.local/state"
(getenv "HOME")))
"/log/searxng.log")))
(stop #~(make-kill-destructor))
(auto-start? #t)
(documentation "searxng")))
(define-public searxng-home-service-type
(service-type
(name 'searxng-home-service-type)
(extensions
(list
(service-extension home-files-service-type
(const
`((".config/searxng/settings.yml" ,(local-file
"dotfiles/searxng/settings.yml" "searxng-settings.yml")))))
;; Create the cache folder. SearXNG will take ownership of this
;; directory, so we are not allowed to manipulate it after the
container
;; has started. We thus only create it once and then stay out of the
way.
(service-extension home-activation-service-type
(const
#~(begin
(let ((cache (string-append (getenv "HOME")
"/.cache/searxng/")))
(unless (file-exists? cache)
(mkdir-p cache))))))
(service-extension home-profile-service-type
(const
(list podman)))
(service-extension home-shepherd-service-type
(const
(list searxng-home-shepherd-service)))))
(default-value '())
(description "searxng")))
signature.asc
Description: PGP signature
