From 58ce069ae98a74ec95db89e8dda6e1ff188c3b77 Mon Sep 17 00:00:00 2001
From: Matthew Fennell <matthew@fennell.dev>
Date: Fri, 26 Jan 2024 18:38:23 +0000
Subject: Add support for file upload

This commit adds support for XEPS 0065 and 0365 - i.e. sending files from one
account to another.
---
 README.md                     |  6 ++++++
 files/virtual_host.cfg.lua.j2 |  3 +++
 playbook.yaml                 | 20 ++++++++++++++------
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 2defa3e..cb13e3a 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,10 @@ the following DNS records:
 | -------- | ---- | ---------- | --------- |
 | A Record | @    | Static IP  | Automatic |
 
+| Type         | Host   | Target      | TTL       |
+| ------------ | ------ | ----------- | --------- |
+| CNAME Record | upload | Root domain | Automatic |
+
 See [Prosody's docs](https://prosody.im/doc/dns) for information on alternative
 arrangements.
 
@@ -51,6 +55,8 @@ on the box itself will be taken care of by the playbook):
 | XEP-0065    | TCP,UDP  | 5000 |
 | XMPP Client | TCP      | 5222 |
 | XMPP Server | TCP      | 5269 |
+| HTTP Server | TCP      | 5280 |
+| HTTP Server | TCP      | 5281 |
 
 ### Install ansible on the control node
 
diff --git a/files/virtual_host.cfg.lua.j2 b/files/virtual_host.cfg.lua.j2
index 5f0c363..26058cb 100644
--- a/files/virtual_host.cfg.lua.j2
+++ b/files/virtual_host.cfg.lua.j2
@@ -3,3 +3,6 @@
 -- SPDX-License-Identifier: AGPL-3.0-only
 
 VirtualHost "{{ virtual_host }}"
+
+Component "upload.{{ virtual_host }}" "http_file_share"
+http_file_share_expires_after = 10 * 365 * 24 * 60 * 60
diff --git a/playbook.yaml b/playbook.yaml
index 8c53a57..48b482a 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -28,19 +28,27 @@
       - WWW
       - XMPP
      become: true
-   - name: Ensure port 5000/tcp is open for XEP-0065
+   - name: Ensure tcp ports are open for other XEPs
      community.general.ufw:
       rule: allow
-      port: 5000
+      port: "{{ item }}"
       proto: tcp
       state: enabled
+     loop:
+      - 5000  # XEP-0065
+      - 5280  # XEP-0363
+      - 5281  # XEP-0363
      become: true
-   - name: Ensure port 5000/udp is open for XEP-0065
+   - name: Ensure udp ports are open for other XEPs
      community.general.ufw:
       rule: allow
-      port: 5000
+      port: "{{ item }}"
       proto: udp
       state: enabled
+     loop:
+      - 5000  # XEP-0065
+      - 5280  # XEP-0363
+      - 5281  # XEP-0363
      become: true
    - name: Ensure certbot on-renew hook is installed
      ansible.builtin.copy:
@@ -53,8 +61,8 @@
    - name: Ensure certificates are installed
      ansible.builtin.command: >-
       certbot --non-interactive --agree-tos --post-hook "/bin/true"
-      --email {{ certbot_email }} --no-eff-email --apache
-      --domains {{ virtual_host }}
+      --email {{ certbot_email }} --no-eff-email --expand --apache --keep
+      --domains {{ virtual_host }},upload.{{ virtual_host }}
      become: true
      register: certbot
      changed_when: "'Running post-hook command' in certbot.stdout"
-- 
cgit v1.2.3