From 8342cee86a8195a898cfdff443156e53ad7ccbbe Mon Sep 17 00:00:00 2001
From: Matthew Fennell <matthew@fennell.dev>
Date: Sun, 21 Sep 2025 22:13:14 +0100
Subject: Create privileged transport components

This commit allows transport servers to define the relevant components on the
XMPP server. Transports are configured by adding the following config to the
inventory's variables:

transports:
 - subdomain: a-example-legacy-network
   secret: a-long-randomly-generated-secret
 - subdomain: another-example-legacy-network
   secret: another-long-randomly-generated-secret

These are iterated over and a privileged component is created for each.
---
 files/prosody.cfg.lua.j2      |  5 +++++
 files/virtual_host.cfg.lua.j2 | 21 +++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/files/prosody.cfg.lua.j2 b/files/prosody.cfg.lua.j2
index ae00b46..5f76dc8 100644
--- a/files/prosody.cfg.lua.j2
+++ b/files/prosody.cfg.lua.j2
@@ -73,6 +73,11 @@ modules_enabled = {
     "s2s_bidi";
 {% endif %}
 
+{% if is_transport_server %}
+    -- Privileged components
+    "privilege";
+{% endif %}
+
 }
 
 modules_disabled = {
diff --git a/files/virtual_host.cfg.lua.j2 b/files/virtual_host.cfg.lua.j2
index 4b79710..8763082 100644
--- a/files/virtual_host.cfg.lua.j2
+++ b/files/virtual_host.cfg.lua.j2
@@ -55,6 +55,19 @@ http_external_url = "https://{{ virtual_host }}/"
 site_name = "{{ virtual_host }}"
 {% endif %}
 
+privileged_entities = {
+{% for transport in transports %}
+    ["{{ transport.subdomain }}.{{ virtual_host }}"] = {
+        roster = "both";
+        message = "outgoing";
+        iq = {
+            ["http://jabber.org/protocol/pubsub"] = "both";
+            ["http://jabber.org/protocol/pubsub#owner"] = "set";
+        };
+    }
+{% endfor %}
+}
+
 Component "upload.{{ virtual_host }}" "http_file_share"
 http_file_share_size_limit = 300 * 1024 * 1024
 http_file_share_global_quota = 5 * 1024 * 1024 * 1024
@@ -91,3 +104,11 @@ muc_room_default_public_jids = true
 {% if not is_transport_server %}
 muc_rtbl_jid = "xmppbl.org"
 {% endif %}
+
+{% for transport in transports %}
+Component "{{ transport.subdomain }}.{{ virtual_host }}"
+component_secret = "{{ transport.secret }}"
+modules_enabled = {
+    "privilege";
+}
+{% endfor %}
-- 
cgit v1.2.3