> Does every service have hooks for possible extensions? What if a new service doesn't fit existing extension hooks?

No, only few services define service extensions.

It's more common for services to be configured solely via their configuration struct.

See the following for docs:

* https://guix.gnu.org/manual/en/html_node/Service-Composition...

* https://guix.gnu.org/manual/en/html_node/Service-Types-and-S...

This is less flexible-by-default than NixOS module, where any module can modify any other module. That is by design. The Guix developers see NixOS's approach as failing the principle-of-least-authority, where any arbitrary module (even those imported via flakes) can add a root SSH key.

I use NixOS, but it's an interesting tradeoff.

Shepherd doesn't include this as it is quite lean and extensible (service start/stop hooks are functions that can do anything) but Guix includes a Linux container implementation and an abstraction built on top for use by services. The long term vision is to use an object capability security model so, rather than "locking down", a service can only interact with the resources to which it has been passed a reference. No ambient authority, no confused deputies.

GNU Shepherd itself doesn't implement sandboxing, but you can use the least-authority-wrapper to do namespaces. There are other tools to do more comphrensive sandboxing, which Shepherd can use, e.g. nsjail.

least-authority-wrapper: https://codeberg.org/guix/guix/src/commit/e3fbaeee1386fd447f...

Correct, and it's Linux-only and more hardcore FOSS (i .e. they don't have any blessed way to use non-free software).

I'm not sure why it's being sold as an alternative to Nix/NixOS

Guix is a reimagining of the concepts of Nix with Guile/Scheme instead of the Nix language, so they are very similar in overall feel, but differ in the details (e.g. GNU Shepherd vs systemd).

As for learning curve, I find Nix substantially easier, since the language is much simpler (JSON-like with lazy-functions) and doesn't need all that weirdness that result from using Scheme as configuration language (lots of quoting, module system, etc.)

As someone who has tried both, I found the learning curve for Guix much more pleasant than for Nix. With Nix, the community is for sure a lot larger, and more things are available (notably it is a lot faster, too). But I could never get everything clear in my head, how it hangs together, and the community seemed very much more fragmented than with Guix. I think the Guix documentation and manual, as well as the CLI and secondary docs written in people's blogs, were much easier to get a handle on than with Nix. Flakes are a great example, I still have no idea what a flake is, they are still an experimental feature, and I have no idea how I should think about them. I've been using NixOS full time for 3 years by the way.

I also think the shepherd alone is almost a killer app relative to something like systemd. I had to write a service myself for restarting ssh tunnels, and I could even do "advanced" things like templated configuration, almost trivially. It felt like a superpower, relative to systemd services.

    nix.settings.experimental-features = [ "nix-command" "flakes" ];

   nix run github:user/project?ref=v0.2.0rc1

Reproducibility, just like Nix.

You can be certain that, if you've managed to get a piece of software running with Guix, you can also get it running identically on any other machine.