prevent guix pull from trying to process example
Add generic support for lower-able objects, with example.
Remove tests that broke `guix pull`
The unit tests are running for guix pull, for some reason. And they
fail because they are not in the load path. I don't know how to include
the tests without breaking guix pull, so I'm removing them until I
Add module and syntax for declaring mount namespaces
This commit adds the (aqwari namespace) module, which provides the
(bind "/" (list nss-certs tzdata util-linux iproute))
(bind "/etc/hosts" #~(plain-file "hosts" "127.0.0.1 localhost\n"))
It allows you to compose a new mount namespace as a series of bindings
to directories in the root namespace, or resources in the GNU store,
which will get built on-demand. The same directory can be bound to
multiple resources, which will result in the creation of a union mount
The namespace is a run-time concept, so this expression actually builds a
directory tree and an `exec` binary which creates an anonymous instance
of the described namespace, occupied by a single process; itself. It
can then execv(2) into a program provided on its commandline.
The `exec` binary is statically compiled and has no dependencies other
than the linux kernel. It can be run multiple times, and will create
a new namespace each time. Once the process exits, the namespace will
My initial intent is to use this to create a root file system from which
I can run an s6 supervision tree that will run various network servers
on my PC and on my remote servers. I can build it with Guix and ship a
`guix pack` tarball to machines that don't have Guix.
A secondary goal is to explore mount namespaces as an alternative to
guix profiles. There are some very real usability obstacles to that,
first and foremost the problem that the creation of mount namespaces
requires elevated privileges on most Linux distributions.
small updates, remove example
Fix build errors, some refactoring.
We can now define s6-service directories and supervision trees. The
(log (... execline expression ...))
(run (... execline expression ...))
(env (("key1" "val1") ("key2" "val2")))
(data (("file1" "content1") ("file2" "content2")))
(finish (... execline expression ...)))
is lowered to the directory
- run # execlineb script from "run" field
- finish # execlineb script from "finish" field
- notification-fd # 5
- run # execlineb script from "log" field
- file1 # content1
- file2 # content2
- key1 # val1
- key2 # val2
And the function
(s6-svscan "name" svc1 svc2 ...)
produces the computed file
- svc1 -> /gnu/store/...-s6-service-svc1
- svc2 -> /gnu/store/...-s6-service-svc2
What remains to be done:
Test how G-expressions can be provided in the high-level expressions.
(run (execline (#$bird/bin/bird -c "data/bird.conf" -f))))
Would replace #$bird in the runs script with /gnu/store/...-bird and
automatically add the `bird` package as a dependency for the service.
Currently run scripts are quoted S-expressions that are converted to a
string during compilation, and the `execline` macro doesn't exist.
Define a helper function for creating a full-fledged profile that is suitable
as a supervision tree:
$out/service - the s6-svscan supervision tree
$out/etc/profile - define PATH for s6 utilities, coreutils, and so on
Determine what would be needed to make this profile friendly to
chroot/pivot-root. The use of absolute symlinks prevents it, currently,
and there also needs to be a writable `supervise` subdirectory in each
Checkpoint. Not in a working state, but getting there.
This is an attempt to declaratively define s6 service directories
as S-expressions that get converted to the actual directories, and
to define supervision trees as a collection of those directories.
example/router.scm is an example that defines a service to run BIRD under
s6, and put it in a directory together with a service to initialize a
The end goal is to be able to construct a guix profile containing the
service/ - a directory of s6 service directories
bin/ - a union of all paths needed to supervise /service
etc/profile - environment variables for s6-svscan
Then, s6-svscan can be run from shepherd or systemd or whatever init
system is in use, to monitor the service/ directory. It would be nice
to make it use bind mounts instead of symlinks, because then I could
put s6-svscan in a mount namespace rooted at the profile. But that's
not a hard requirement.
The current code does not quite work, and I am having some difficulty
debugging it and still getting familiar with the guix codebase and
concepts. Currently I'm hitting what seems to be a trivial error in the
build-side code of the s6-service-compiler's G-expression, but
I can't figure out where the error is, and stack traces aren't helping.