From b4314bd9197fd5221de8f013ba73e7b3a0bd3bb7 Mon Sep 17 00:00:00 2001
From: colin <colin@uninsane.org>
Date: Wed, 7 Dec 2022 01:31:17 +0000
Subject: [PATCH] mess with XMPP stuff. ejabberd: enable mam, some other acl's
 that probably aren't used

prosody is still broken
---
 hosts/servo/services/ejabberd.nix | 43 ++++++++++++++++++++++++++++---
 hosts/servo/services/prosody.nix  |  8 +++---
 2 files changed, 44 insertions(+), 7 deletions(-)

diff --git a/hosts/servo/services/ejabberd.nix b/hosts/servo/services/ejabberd.nix
index b090ac6d..f5807e0b 100644
--- a/hosts/servo/services/ejabberd.nix
+++ b/hosts/servo/services/ejabberd.nix
@@ -1,9 +1,16 @@
 # docs:
 # - <https://docs.ejabberd.im/admin/configuration/basic>
 # example configs:
+# - <https://github.com/vkleen/machines/blob/138a2586ce185d7cf201d4e1fe898c83c4af52eb/hosts/europium/ejabberd.nix>
+# - <https://github.com/Mic92/stockholm/blob/675ef0088624c9de1cb531f318446316884a9d3d/tv/3modules/ejabberd/default.nix>
+# - <https://github.com/buffet/tararice/blob/bc5b65509f4e622313af3f1f4be690628123f1f3/programs/ejabberd.nix>
+# - <https://github.com/leo60228/dotfiles/blob/39b3abba3009bdc31413d4757ca2f882a33eec8b/files/ejabberd.yml>
+# - <https://github.com/Mic92/dotfiles/blob/ddf0f4821f554f7667fc803344657367c55fb9e6/nixos/eve/modules/ejabberd.nix>
+# - <nixpkgs:nixos/tests/xmpp/ejabberd.nix>
 # - 2013: <https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example>
 { lib, ... }:
 
+# XXX: avatar support works in MUCs but not DMs
 # lib.mkIf false
 {
   sane.impermanence.service-dirs = [
@@ -12,6 +19,8 @@
   networking.firewall.allowedTCPPorts = [
     5222  # XMPP client -> server
     5269  # XMPP server -> server
+    5280  # bosh
+    5281  # bosh (https) ??
     5443  # web services (file uploads, websockets, admin)
   ];
 
@@ -43,18 +52,31 @@
     pam_userinfotype: jid
 
     acl:
+      admin:
+        user:
+          - "colin@uninsane.org"
       local:
         user_regexp: ""
+      loopback:
+        ip:
+          - 127.0.0.0/8
+          - ::1/128
 
     access_rules:
       local:
         allow: local
-      pubsub_createnode_access:
-        allow: local
       c2s_access:
         allow: all
+      announce:
+        allow: admin
+      configure:
+        allow: admin
       muc_create:
         allow: local
+      pubsub_createnode_access:
+        allow: local
+      trusted_network:
+        allow: loopback
 
     # docs: <https://docs.ejabberd.im/admin/configuration/basic/#shaper-rules>
     shaper_rules:
@@ -116,8 +138,10 @@
     # TODO: enable mod_client_state for net optimization
     # TODO: enable mod_fail2ban
     # TODO(low): look into mod_http_fileserver for serving macros?
-    # TODO: enable mod_muc
     modules:
+      # mod_adhoc: {}
+      # mod_announce:
+      #   access: admin
       # allows users to set avatars in vCard
       # - <https://docs.ejabberd.im/admin/configuration/modules/#mod-avatar>
       mod_avatar: {}
@@ -152,6 +176,13 @@
       # mod_host_meta: {}
       mod_jidprep: {}  # probably not needed: lets clients normalize jids
       mod_last: {}  # allow other users to know when i was last online
+      mod_mam:
+        # Mnesia is limited to 2GB, better to use an SQL backend
+        # For small servers SQLite is a good fit and is very easy
+        # to configure. Uncomment this when you have SQL configured:
+        # db_type: sql
+        assume_mam_usage: true
+        default: always
       mod_muc:
         access:
           - allow
@@ -159,6 +190,8 @@
           - allow: admin
         access_create: muc_create
         access_persistent: muc_create
+        access_mam:
+          - allow
         history_size: 100  # messages to show new participants
         host: conference.xmpp.uninsane.org
         hosts:
@@ -167,6 +200,8 @@
           anonymous: false
           lang: en
           persistent: true
+          mam: true
+      mod_muc_admin: {}
       mod_offline:  # store messages for a user when they're offline (TODO: understand multi-client workflow?)
         access_max_user_messages: max_user_offline_messages
         store_groupchat: true
@@ -195,8 +230,8 @@
         hosts:
           - pubsub.xmpp.uninsane.org
         plugins:
-          - flat
           - pep
+        #   - flat
         force_node_config:
           # avoid buggy clients to make their bookmarks public
           # XXX: not sure if this is necessary: copying config from examples
diff --git a/hosts/servo/services/prosody.nix b/hosts/servo/services/prosody.nix
index 17af127b..0b0c5360 100644
--- a/hosts/servo/services/prosody.nix
+++ b/hosts/servo/services/prosody.nix
@@ -1,3 +1,5 @@
+# example configs:
+# - <https://github.com/kittywitch/nixfiles/blob/main/services/prosody.nix>
 # create users with:
 # - `sudo -u prosody prosodyctl adduser colin@uninsane.org`
 
@@ -13,7 +15,7 @@ lib.mkIf false
   networking.firewall.allowedTCPPorts = [
     5222  # XMPP client -> server
     5269  # XMPP server -> server
-    5280  # Prosody HTTP port  (necessary?)
+    5280  # bosh
     5281  # Prosody HTTPS port  (necessary?)
   ];
 
@@ -34,7 +36,7 @@ lib.mkIf false
     #   c2s_require_encryption = true
     # '';
 
-    # extraModules = [ "private" "vcard" "privacy" "compression" "component" "muc" "pep" "adhoc" "lastactivity" "admin_adhoc" "blocklist"];
+    extraModules = [ "private" "vcard" "privacy" "compression" "component" "muc" "pep" "adhoc" "lastactivity" "admin_adhoc" "blocklist"];
 
     ssl.cert = "/var/lib/acme/uninsane.org/fullchain.pem";
     ssl.key = "/var/lib/acme/uninsane.org/key.pem";
@@ -51,7 +53,7 @@ lib.mkIf false
         domain = "localhost";
         enabled = true;
       };
-      "uninsane.org" = {
+      "xmpp.uninsane.org" = {
         domain = "uninsane.org";
         enabled = true;
         ssl.cert = "/var/lib/acme/uninsane.org/fullchain.pem";