From 7b663f98136a5ed6f2d81b2c0bf4082820c478b5 Mon Sep 17 00:00:00 2001
From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Date: Mon, 2 Oct 2023 20:57:29 +0200
Subject: [PATCH] Fix automatic updates

According to the operating-system-file fileld of
unattended-upgrade-configuration in the manual, automatic updates
don't work when "/run/current-system/configuration.scm [...] refers to
extra files (SSH public keys, extra configuration files, etc.) via
local-file and similar constructs.".

So we need these files in the store and to point to them to make the
automatic updates work.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
---
 mumble-vm-system.scm.tmpl | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/mumble-vm-system.scm.tmpl b/mumble-vm-system.scm.tmpl
index 81b9622..dceefce 100644
--- a/mumble-vm-system.scm.tmpl
+++ b/mumble-vm-system.scm.tmpl
@@ -30,6 +30,34 @@
 
 (define enable-wireguard? (string=? "yes" "ENABLE_WIREGUARD"))
 
+(define mumble-vm-config
+  (package
+    (name "mumble-vm-config")
+    (version "0.1")
+    ;; TODO: Make that tarball reproducible
+    (source (local-file "mumble-vm.tar.xz"))
+    (build-system copy-build-system)
+    (arguments
+     (list
+     #:install-plan
+     #~(list
+        '("first-boot.sh" "share/mumble-vm/configs/")
+        '("guix-commit.txt" "share/mumble-vm/configs/")
+        '("index.html" "share/mumble-vm/configs/")
+        '("mumble-vm-machine.scm" "share/mumble-vm/configs/")
+        '("mumble-vm-system.scm" "share/mumble-vm/configs/")
+        '("id_ed25519.pub" "share/mumble-vm/configs/")
+        '("Makefile" "share/mumble-vm/configs/")
+        '("signing-key.pub" "share/mumble-vm/configs/")
+        '(#$source
+          "share/mumble-vm/configs/mumble-vm.tar.xz")
+        '("wireguard-post-up.sh" "share/mumble-vm/configs/"))))
+    (synopsis "Full machine configuration.")
+    (description
+     "This contains all the configuration files of this machine. This is
+needed for unattended upgrades to work.")
+    (home-page "DOMAIN")
+    (license license:gpl3+)))
 (define website
   (package
     (name "website")
@@ -138,6 +166,7 @@ the services after that.")
            htop
            iftop
            `(,isc-bind "utils")
+           mumble-vm-config
            net-tools
            nmon
            openssh-sans-x
@@ -238,7 +267,12 @@ https://DOMAIN/
                  `(("root" , (local-file "id_ed25519.pub"))
                    ("gnutoo" ,(local-file "id_ed25519.pub"))))))
       ;; Unattended Upgrades
-      (service unattended-upgrade-service-type))
+      (service
+       unattended-upgrade-service-type
+       (unattended-upgrade-configuration
+        (operating-system-file (string-append "/run/current-system/profile"
+                                              "/share/mumble-vm/configs/"
+                                              "mumble-vm-system.scm")))))
      (if enable-wireguard?
          (list
           (service wireguard-service-type