From 9dc17a3874c85f3e4844208477d4249969f1608e Mon Sep 17 00:00:00 2001
From: colin <colin@uninsane.org>
Date: Sun, 4 Dec 2022 12:38:47 +0000
Subject: [PATCH] ejabberd: enable avatar support

haven't tested that it federates properly -- only that Dino is able to
set it.
---
 hosts/servo/services/ejabberd.nix | 23 +++++++++++++++++++++++
 hosts/servo/services/nginx.nix    | 14 ++++++++++++--
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/hosts/servo/services/ejabberd.nix b/hosts/servo/services/ejabberd.nix
index a7eae2803..6c8acef8e 100644
--- a/hosts/servo/services/ejabberd.nix
+++ b/hosts/servo/services/ejabberd.nix
@@ -20,7 +20,9 @@
   users.users.ejabberd.extraGroups = [ "nginx" ];
 
   security.acme.certs."uninsane.org".extraDomainNames = [
+    "pubsub.xmpp.uninsane.org"
     "upload.xmpp.uninsane.org"
+    "vjid.xmpp.uninsane.org"
   ];
 
   # TODO: allocate UIDs/GIDs ?
@@ -103,6 +105,11 @@
     # TODO: enable mod_muc ?
     # TODO: enable mod_offline for buffering messages to offline users/servers?
     modules:
+      # allows users to set avatars in vCard
+      # - <https://docs.ejabberd.im/admin/configuration/modules/#mod-avatar>
+      mod_avatar: {}
+      mod_caps: {}  # for mod_pubsub
+      # allows clients like Dino to discover where to upload files
       mod_disco:
         server_info:
           -
@@ -126,6 +133,22 @@
         file_mode: "0750"
         rm_on_unregister: false
       mod_ping: {}
+      # docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-vcard>
+      mod_vcard:
+        allow_return_all: true  # all users are discoverable (?)
+        host: vjid.xmpp.uninsane.org
+        hosts:
+          - vjid.xmpp.uninsane.org
+        search: true
+      mod_vcard_xupdate: {}  # needed for avatars
+      # docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-pubsub>
+      mod_pubsub:  # needed for avatars
+        host: pubsub.xmpp.uninsane.org
+        hosts:
+          - pubsub.xmpp.uninsane.org
+        plugins:
+          - flat
+          - pep
       mod_version: {}
   '';
 }
diff --git a/hosts/servo/services/nginx.nix b/hosts/servo/services/nginx.nix
index caa292bd3..41c4bbde7 100644
--- a/hosts/servo/services/nginx.nix
+++ b/hosts/servo/services/nginx.nix
@@ -313,14 +313,24 @@ in
 
   # exists only to manage certs for dovecot
   services.nginx.virtualHosts."imap.uninsane.org" = {
-    forceSSL = true;
     enableACME = true;
   };
   # exists only to manage certs for Postfix
   services.nginx.virtualHosts."mx.uninsane.org" = {
-    forceSSL = true;
     enableACME = true;
   };
+
+  # exists so the XMPP server's cert can obtain altNames for all its resources
+  services.nginx.virtualHosts."pubsub.xmpp.uninsane.org" = {
+    useACMEHost = "uninsane.org";
+  };
+  services.nginx.virtualHosts."upload.xmpp.uninsane.org" = {
+    useACMEHost = "uninsane.org";
+  };
+  services.nginx.virtualHosts."vjid.xmpp.uninsane.org" = {
+    useACMEHost = "uninsane.org";
+  };
+
   services.nginx.virtualHosts."nixcache.uninsane.org" = {
     addSSL = true;
     enableACME = true;