Create privileged transport components

This commit allows transport servers to define the relevant components on the
XMPP server. Transports are configured by adding the following config to the
inventory's variables:

transports:
 - subdomain: a-example-legacy-network
   secret: a-long-randomly-generated-secret
 - subdomain: another-example-legacy-network
   secret: another-long-randomly-generated-secret

These are iterated over and a privileged component is created for each.

2 files changed, 26 insertions, 0 deletions

diff --git a/files/prosody.cfg.lua.j2 b/files/prosody.cfg.lua.j2
index ae00b46..5f76dc8 100644
--- a/files/prosody.cfg.lua.j2
+++ b/files/prosody.cfg.lua.j2
@@ -73,6 +73,11 @@ modules_enabled = {
     "s2s_bidi";
 {% endif %}
 
+{% if is_transport_server %}
+    -- Privileged components
+    "privilege";
+{% endif %}
+
 }
 
 modules_disabled = {
diff --git a/files/virtual_host.cfg.lua.j2 b/files/virtual_host.cfg.lua.j2
index 4b79710..8763082 100644
--- a/files/virtual_host.cfg.lua.j2
+++ b/files/virtual_host.cfg.lua.j2
@@ -55,6 +55,19 @@ http_external_url = "https://{{ virtual_host }}/"
 site_name = "{{ virtual_host }}"
 {% endif %}
 
+privileged_entities = {
+{% for transport in transports %}
+    ["{{ transport.subdomain }}.{{ virtual_host }}"] = {
+        roster = "both";
+        message = "outgoing";
+        iq = {
+            ["http://jabber.org/protocol/pubsub"] = "both";
+            ["http://jabber.org/protocol/pubsub#owner"] = "set";
+        };
+    }
+{% endfor %}
+}
+
 Component "upload.{{ virtual_host }}" "http_file_share"
 http_file_share_size_limit = 300 * 1024 * 1024
 http_file_share_global_quota = 5 * 1024 * 1024 * 1024
@@ -91,3 +104,11 @@ muc_room_default_public_jids = true
 {% if not is_transport_server %}
 muc_rtbl_jid = "xmppbl.org"
 {% endif %}
+
+{% for transport in transports %}
+Component "{{ transport.subdomain }}.{{ virtual_host }}"
+component_secret = "{{ transport.secret }}"
+modules_enabled = {
+    "privilege";
+}
+{% endfor %}