From 243f091a49e0d4b66f55025b9956befe4b6782a9 Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Mon, 11 Nov 2024 01:12:22 +0100
Subject: [PATCH] pkgs/scripts: move auamost into hacc-scripts

we've had this for ages, and since I started with the new scripts
directory under pkgs (and anticipated we'll write more), it seems like a
good idea to move that script there and have them all in one place.
Certainly better than having it as one extremely long string inside Nix.
---
 flake.nix                                     |  2 +-
 parsons/uffd.nix                              | 56 +------------------
 pkgs/scripts/default.nix                      |  9 +--
 pkgs/scripts/uffd-sync-mattermost-groups.fish | 47 ++++++++++++++++
 4 files changed, 54 insertions(+), 60 deletions(-)
 create mode 100644 pkgs/scripts/uffd-sync-mattermost-groups.fish

diff --git a/flake.nix b/flake.nix
index 69d7b82..c7f172e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -85,7 +85,7 @@
           { docs = websites."docs.hacc.space"; } // websites;
 
       packages.x86_64-linux = {
-        inherit (pkgs) mattermost;
+        inherit (pkgs) mattermost hacc-scripts;
       };
     };
 
diff --git a/parsons/uffd.nix b/parsons/uffd.nix
index 5b03c6e..66adec4 100644
--- a/parsons/uffd.nix
+++ b/parsons/uffd.nix
@@ -43,61 +43,7 @@
     after = [ "network.target" ];
     serviceConfig.Type = "simple";
     path = [ pkgs.fish pkgs.curl pkgs.jq ];
-    script = (pkgs.writeTextFile {
-      name = "auamost.fish";
-      executable = true;
-      checkPhase = ''
-        ${lib.getExe pkgs.fish} -n $target
-      '';
-      text = ''
-        #!${lib.getExe pkgs.fish}
-        source /run/secrets/auamost/secrets.fish
-
-        for i in (seq 1 (count $groups))
-            set team $teams[$i]
-            set group $groups[$i]
-            set users (curl -u $uffd_token --basic https://login.infra4future.de/api/v1/getusers -d group="$group")
-            set usernames (echo "$users" | jq -c "[.[] | .loginname]")
-            for user in (echo "$users" | jq -c ".[]")
-              set id (echo "$user" | jq .id)
-              set username (echo "$user" | jq .loginname)
-              set email (echo "$user" | jq .email)
-              curl -H $mattermost_token \
-                   -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users \
-                   -d '{"email": '"$email"', "username": '"$username"', "auth_service": "gitlab", "auth_data": "'"$id"'"}'
-            end
-            set userids (curl -H $mattermost_token \
-                -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users/usernames \
-                -d "$usernames" | jq '[.[] | {user_id: .id, team_id: "'$team'"} ]')
-            curl -H $mattermost_token \
-                -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members/batch \
-                -d "$userids"
-
-            if test "$group" = "hacc"
-              continue
-            end
-
-            set current_members (curl -H $mattermost_token \
-                -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members | jq '[.[] | .user_id]')
-
-            # membership relations don't contain e.g. usernames, so fetch those, too
-            set current_users (curl -H $mattermost_token \
-                -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users/ids \
-                -d "$current_members" | jq -c '.[]')
-
-            set userids (echo "$userids" | jq -c ".[].user_id")
-            for member in $current_users
-                set id (echo $member | jq .id)
-                if not contains -i $id $userids > /dev/null then
-                  set id_unquoted (echo $member | jq -r .id)
-                  echo removing $id_unquoted (echo $member | jq '.email') from $team \($group\)
-                  curl -X DELETE -H $mattermost_token \
-                    -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members/"$id_unquoted"
-                end
-            end
-        end
-      '';
-    }).outPath;
+    script = "${pkgs.hacc-scripts}/bin/uffd-sync-mattermost-groups.fish";
     startAt = "*:0/15";
   };
 
diff --git a/pkgs/scripts/default.nix b/pkgs/scripts/default.nix
index 8cb017f..34d951e 100644
--- a/pkgs/scripts/default.nix
+++ b/pkgs/scripts/default.nix
@@ -1,15 +1,16 @@
-{ stdenvNoCC, gauche }:
+{ stdenvNoCC, gauche, fish }:
 
 stdenvNoCC.mkDerivation {
   name = "hacc-utility-scripts";
 
   src = ./.;
 
-  buildInputs = [ gauche ];
+  buildInputs = [ gauche fish ];
 
   installPhase = ''
-    chmod +x *.scm
     mkdir -p $out/bin
-    cp *.scm $out/bin
+    fish -n $out/bin/*.fish
+    cp *.{scm,fish} $out/bin
+    chmod +x $out/bin/*
   '';
 }
diff --git a/pkgs/scripts/uffd-sync-mattermost-groups.fish b/pkgs/scripts/uffd-sync-mattermost-groups.fish
new file mode 100644
index 0000000..b9439aa
--- /dev/null
+++ b/pkgs/scripts/uffd-sync-mattermost-groups.fish
@@ -0,0 +1,47 @@
+#!/usr/bin/env fish
+
+source /run/secrets/auamost/secrets.fish
+
+for i in (seq 1 (count $groups))
+    set team $teams[$i]
+    set group $groups[$i]
+    set users (curl -u $uffd_token --basic https://login.infra4future.de/api/v1/getusers -d group="$group")
+    set usernames (echo "$users" | jq -c "[.[] | .loginname]")
+    for user in (echo "$users" | jq -c ".[]")
+      set id (echo "$user" | jq .id)
+      set username (echo "$user" | jq .loginname)
+      set email (echo "$user" | jq .email)
+      curl -H $mattermost_token \
+           -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users \
+           -d '{"email": '"$email"', "username": '"$username"', "auth_service": "gitlab", "auth_data": "'"$id"'"}'
+    end
+    set userids (curl -H $mattermost_token \
+        -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users/usernames \
+        -d "$usernames" | jq '[.[] | {user_id: .id, team_id: "'$team'"} ]')
+    curl -H $mattermost_token \
+        -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members/batch \
+        -d "$userids"
+
+    if test "$group" = "hacc"
+      continue
+    end
+
+    set current_members (curl -H $mattermost_token \
+        -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members | jq '[.[] | .user_id]')
+
+    # membership relations don't contain e.g. usernames, so fetch those, too
+    set current_users (curl -H $mattermost_token \
+        -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users/ids \
+        -d "$current_members" | jq -c '.[]')
+
+    set userids (echo "$userids" | jq -c ".[].user_id")
+    for member in $current_users
+        set id (echo $member | jq .id)
+        if not contains -i $id $userids > /dev/null then
+          set id_unquoted (echo $member | jq -r .id)
+          echo removing $id_unquoted (echo $member | jq '.email') from $team \($group\)
+          curl -X DELETE -H $mattermost_token \
+            -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members/"$id_unquoted"
+        end
+    end
+end