flake.nix

@@ -85,7 +85,7 @@
           { docs = websites."docs.hacc.space"; } // websites;
 
       packages.x86_64-linux = {
-        inherit (pkgs) mattermost hacc-scripts;
+        inherit (pkgs) mattermost;
       };
     };
 

parsons/uffd.nix

@@ -43,7 +43,61 @@
     after = [ "network.target" ];
     serviceConfig.Type = "simple";
     path = [ pkgs.fish pkgs.curl pkgs.jq ];
-    script = "${pkgs.hacc-scripts}/bin/uffd-sync-mattermost-groups.fish";
+    script = (pkgs.writeTextFile {
+      name = "auamost.fish";
+      executable = true;
+      checkPhase = ''
+        ${lib.getExe pkgs.fish} -n $target
+      '';
+      text = ''
+        #!${lib.getExe pkgs.fish}
+        source /run/secrets/auamost/secrets.fish
+
+        for i in (seq 1 (count $groups))
+            set team $teams[$i]
+            set group $groups[$i]
+            set users (curl -u $uffd_token --basic https://login.infra4future.de/api/v1/getusers -d group="$group")
+            set usernames (echo "$users" | jq -c "[.[] | .loginname]")
+            for user in (echo "$users" | jq -c ".[]")
+              set id (echo "$user" | jq .id)
+              set username (echo "$user" | jq .loginname)
+              set email (echo "$user" | jq .email)
+              curl -H $mattermost_token \
+                   -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users \
+                   -d '{"email": '"$email"', "username": '"$username"', "auth_service": "gitlab", "auth_data": "'"$id"'"}'
+            end
+            set userids (curl -H $mattermost_token \
+                -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users/usernames \
+                -d "$usernames" | jq '[.[] | {user_id: .id, team_id: "'$team'"} ]')
+            curl -H $mattermost_token \
+                -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members/batch \
+                -d "$userids"
+
+            if test "$group" = "hacc"
+              continue
+            end
+
+            set current_members (curl -H $mattermost_token \
+                -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members | jq '[.[] | .user_id]')
+
+            # membership relations don't contain e.g. usernames, so fetch those, too
+            set current_users (curl -H $mattermost_token \
+                -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users/ids \
+                -d "$current_members" | jq -c '.[]')
+
+            set userids (echo "$userids" | jq -c ".[].user_id")
+            for member in $current_users
+                set id (echo $member | jq .id)
+                if not contains -i $id $userids > /dev/null then
+                  set id_unquoted (echo $member | jq -r .id)
+                  echo removing $id_unquoted (echo $member | jq '.email') from $team \($group\)
+                  curl -X DELETE -H $mattermost_token \
+                    -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members/"$id_unquoted"
+                end
+            end
+        end
+      '';
+    }).outPath;
     startAt = "*:0/15";
   };
 

pkgs/scripts/default.nix

@@ -1,16 +1,15 @@
-{ stdenvNoCC, gauche, fish }:
+{ stdenvNoCC, gauche }:
 
 stdenvNoCC.mkDerivation {
   name = "hacc-utility-scripts";
 
   src = ./.;
 
-  buildInputs = [ gauche fish ];
+  buildInputs = [ gauche ];
 
   installPhase = ''
+    chmod +x *.scm
     mkdir -p $out/bin
-    fish -n $out/bin/*.fish
+    cp *.scm $out/bin
-    cp *.{scm,fish} $out/bin
-    chmod +x $out/bin/*
   '';
 }

pkgs/scripts/uffd-sync-mattermost-groups.fish

@@ -1,47 +0,0 @@
-#!/usr/bin/env fish
-
-source /run/secrets/auamost/secrets.fish
-
-for i in (seq 1 (count $groups))
-    set team $teams[$i]
-    set group $groups[$i]
-    set users (curl -u $uffd_token --basic https://login.infra4future.de/api/v1/getusers -d group="$group")
-    set usernames (echo "$users" | jq -c "[.[] | .loginname]")
-    for user in (echo "$users" | jq -c ".[]")
-      set id (echo "$user" | jq .id)
-      set username (echo "$user" | jq .loginname)
-      set email (echo "$user" | jq .email)
-      curl -H $mattermost_token \
-           -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users \
-           -d '{"email": '"$email"', "username": '"$username"', "auth_service": "gitlab", "auth_data": "'"$id"'"}'
-    end
-    set userids (curl -H $mattermost_token \
-        -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users/usernames \
-        -d "$usernames" | jq '[.[] | {user_id: .id, team_id: "'$team'"} ]')
-    curl -H $mattermost_token \
-        -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members/batch \
-        -d "$userids"
-
-    if test "$group" = "hacc"
-      continue
-    end
-
-    set current_members (curl -H $mattermost_token \
-        -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members | jq '[.[] | .user_id]')
-
-    # membership relations don't contain e.g. usernames, so fetch those, too
-    set current_users (curl -H $mattermost_token \
-        -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users/ids \
-        -d "$current_members" | jq -c '.[]')
-
-    set userids (echo "$userids" | jq -c ".[].user_id")
-    for member in $current_users
-        set id (echo $member | jq .id)
-        if not contains -i $id $userids > /dev/null then
-          set id_unquoted (echo $member | jq -r .id)
-          echo removing $id_unquoted (echo $member | jq '.email') from $team \($group\)
-          curl -X DELETE -H $mattermost_token \
-            -H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members/"$id_unquoted"
-        end
-    end
-end

pkgs/scripts/uffd-unused-accounts-notification.scm

@@ -114,7 +114,6 @@ currently unused accounts.
 
 Options:
  -v --verbose   show which emails are being sent
-    --very-verbose also print emails to stdout
  -n --dry-run   print emails to stdout instead
  -h --help      show this help
 "))