Fix automatic updates

According to the operating-system-file fileld of
unattended-upgrade-configuration in the manual, automatic updates
don't work when "/run/current-system/configuration.scm [...] refers to
extra files (SSH public keys, extra configuration files, etc.) via
local-file and similar constructs.".

So we need these files in the store and to point to them to make the
automatic updates work.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

.gitignore

@@ -2,6 +2,8 @@
 \#*\#
 guix-commit.txt
 guix-installer-vm.img
+guix-installer-vm.tar
+guix-installer-vm.tar.xz
 id_ed25519
 id_ed25519.pub
 signing-key.pub

Makefile

@@ -27,13 +27,24 @@ guix-commit.txt: Makefile
 		guix describe | grep '^    commit:' | awk '{print $$2}' > $@ ; \
 	fi
 
-IMAGE_SOURCE = \
+TARBALL_SOURCE = \
+	first-boot.sh \
 	guix-commit.txt \
 	guix-installer-vm-system.scm \
 	id_ed25519.pub \
 	Makefile \
 	signing-key.pub
 
+guix-installer-vm.tar: $(TARBALL_SOURCE)
+	tar --exclude "id_ed25519" -cf $@ $(TARBALL_SOURCE)
+
+guix-installer-vm.tar.xz: guix-installer-vm.tar
+	xz -f -9e --verbose $<
+
+IMAGE_SOURCE = \
+	$(TARBALL_SOURCE) \
+	guix-installer-vm.tar.xz
+
 guix-installer-vm.img: $(IMAGE_SOURCE)
 	install \
 		`guix system image \

guix-installer-vm-system.scm

@@ -30,6 +30,32 @@
   #:use-module (guix utils)
   #:export (guix-installer-vm-operating-system))
 
+(define guix-installer-vm-config
+  (package
+    (name "guix-installer-vm-config")
+    (version "0.1")
+    ;; TODO: Make that tarball reproducible
+    (source (local-file "guix-installer-vm.tar.xz"))
+    (build-system copy-build-system)
+    (arguments
+     (list
+     #:install-plan
+     #~(list
+        '("first-boot.sh" "share/guix-installer-vm/configs/")
+        '("guix-commit.txt" "share/guix-installer-vm/configs/")
+        '("guix-installer-vm-system.scm" "share/guix-installer-vm/configs/")
+        '("id_ed25519.pub" "share/guix-installer-vm/configs/")
+        '("Makefile" "share/guix-installer-vm/configs/")
+        '("signing-key.pub" "share/guix-installer-vm/configs/")
+        '(#$source
+          "share/guix-installer-vm/configs/guix-installer-vm.tar.xz"))))
+    (synopsis "Full machine configuration.")
+    (description
+     "This contains all the configuration files of this machine. This is
+needed for unattended upgrades to work.")
+    (home-page "DOMAIN")
+    (license license:gpl3+)))
+
 (define first-boot-script
   (package
     (name "first-boot-script")
@@ -70,6 +96,7 @@
    (host-name "guix-installer-vm")
    (timezone "Europe/Paris")
    (packages (append (list first-boot-script
+                           guix-installer-vm-config
                            htop
                            net-tools
                            nss-certs
@@ -122,7 +149,13 @@
                  `(("root" , (local-file "id_ed25519.pub"))
                    ("gnutoo" ,(local-file "id_ed25519.pub"))))))
       ;; Unattended Upgrades
-      (service unattended-upgrade-service-type))
+      (service
+       unattended-upgrade-service-type
+       (unattended-upgrade-configuration
+        (operating-system-file
+         (string-append "/run/current-system/profile"
+                        "/share/guix-installer-vm/configs/"
+                        "guix-installer-vm-system.scm")))))
      (modify-services
       %base-services
       (guix-service-type config => (guix-configuration