Merge pull request #916 from pitchum/fix-1516-separate-xmpp-vhosts

[enh] Setup all XMPP components for each "parent" domains
2024-09-03 20:06:10 +02:00 · 2020-04-27 18:03:51 +02:00 · 2020-04-27 18:03:51 +02:00 · 2e51a80132
commit 2e51a80132
parent f91eeff9dd ceab9bd1b3
6 changed files with 76 additions and 61 deletions
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
@ -406,6 +406,10 @@ domain:
        list:
            action_help: List domains
            api: GET /domains
+            arguments:
+                --exclude-subdomains:
+                    help: Filter out domains that are obviously subdomains of other declared domains
+                    action: store_true

        ### domain_add()
        add:
--- a/data/hooks/conf_regen/12-metronome
+++ b/data/hooks/conf_regen/12-metronome
@ -43,16 +43,16 @@ do_post_regen() {

  # retrieve variables
  main_domain=$(cat /etc/yunohost/current_host)
-  domain_list=$(yunohost domain list --output-as plain --quiet)
+  domain_list=$(yunohost domain list --exclude-subdomains --output-as plain --quiet)

  # create metronome directories for domains
  for domain in $domain_list; do
    mkdir -p "/var/lib/metronome/${domain//./%2e}/pep"
+    # http_upload directory must be writable by metronome and readable by nginx
+    mkdir -p  "/var/xmpp-upload/${domain}/upload"
+    chmod g+s "/var/xmpp-upload/${domain}/upload"
+    chown -R metronome:www-data "/var/xmpp-upload/${domain}"
  done
-  # http_upload directory must be writable by metronome and readable by nginx
-  mkdir -p  "/var/xmpp-upload/${main_domain}/upload"
-  chmod g+s "/var/xmpp-upload/${main_domain}/upload"
-  chown -R metronome:www-data "/var/xmpp-upload/${main_domain}"

  # fix some permissions
  chown -R metronome: /var/lib/metronome/
--- a/data/templates/metronome/domain.tpl.cfg.lua
+++ b/data/templates/metronome/domain.tpl.cfg.lua
@ -1,4 +1,5 @@
 VirtualHost "{{ domain }}"
+  enable = true
  ssl = {
        key = "/etc/yunohost/certs/{{ domain }}/key.pem";
        certificate = "/etc/yunohost/certs/{{ domain }}/crt.pem";
@ -13,3 +14,58 @@ VirtualHost "{{ domain }}"
       namefield     = "cn",
       },
  }
+
+  -- Discovery items
+  disco_items = {
+    { "muc.{{ domain }}" },
+    { "pubsub.{{ domain }}" },
+    { "jabber.{{ domain }}" },
+    { "vjud.{{ domain }}" },
+    { "xmpp-upload.{{ domain }}" },
+  };
+
+--  contact_info = {
+--    abuse = { "mailto:abuse@{{ domain }}", "xmpp:admin@{{ domain }}" };
+--    admin = { "mailto:root@{{ domain }}", "xmpp:admin@{{ domain }}" };
+--  };
+
+------ Components ------
+-- You can specify components to add hosts that provide special services,
+-- like multi-user conferences, and transports.
+
+---Set up a MUC (multi-user chat) room server
+Component "muc.{{ domain }}" "muc"
+  name = "{{ domain }} Chatrooms"
+
+  modules_enabled = {
+    "muc_limits";
+    "muc_log";
+    "muc_log_mam";
+    "muc_log_http";
+    "muc_vcard";
+  }
+
+  muc_event_rate = 0.5
+  muc_burst_factor = 10
+
+---Set up a PubSub server
+Component "pubsub.{{ domain }}" "pubsub"
+  name = "{{ domain }} Publish/Subscribe"
+
+  unrestricted_node_creation = true -- Anyone can create a PubSub node (from any server)
+
+---Set up a HTTP Upload service
+Component "xmpp-upload.{{ domain }}" "http_upload"
+  name = "{{ domain }} Sharing Service"
+
+  http_file_path = "/var/xmpp-upload/{{ domain }}/upload"
+  http_external_url = "https://xmpp-upload.{{ domain }}:443"
+  http_file_base_path = "/upload"
+  http_file_size_limit = 6*1024*1024
+  http_file_quota = 60*1024*1024
+  http_upload_file_size_limit = 100 * 1024 * 1024 -- bytes
+  http_upload_quota = 10 * 1024 * 1024 * 1024 -- bytes
+
+---Set up a VJUD service
+Component "vjud.{{ domain }}" "vjud"
+  vjud_disco_name = "{{ domain }} User Directory"
--- a/data/templates/metronome/metronome.cfg.lua
+++ b/data/templates/metronome/metronome.cfg.lua
@ -81,14 +81,6 @@ http_interfaces = { "127.0.0.1", "::1" }
 -- Enable IPv6
 use_ipv6 = true

-- Discovery items
-disco_items = {
-	{ "muc.{{ main_domain }}" },
-	{ "pubsub.{{ main_domain }}" },
-	{ "xmpp-upload.{{ main_domain }}" },
-	{ "vjud.{{ main_domain }}" }
-};
-
 -- BOSH configuration (mod_bosh)
 consider_bosh_secure = true
 cross_domain_bosh = true
@ -119,45 +111,6 @@ log = {
 Component "localhost" "http"
 	modules_enabled = { "bosh" }

---Set up a MUC (multi-user chat) room server
-Component "muc.{{ main_domain }}" "muc"
-	name = "{{ main_domain }} Chatrooms"
-
-	modules_enabled = {
-		"muc_limits";
-		"muc_log";
-		"muc_log_mam";
-		"muc_log_http";
-		"muc_vcard";
-    }
-
-	muc_event_rate = 0.5
-	muc_burst_factor = 10
-
---Set up a PubSub server
-Component "pubsub.{{ main_domain }}" "pubsub"
-	name = "{{ main_domain }} Publish/Subscribe"
-
-	unrestricted_node_creation = true -- Anyone can create a PubSub node (from any server)
-
---Set up a HTTP Upload service
-Component "xmpp-upload.{{ main_domain }}" "http_upload"
-	name = "{{ main_domain }} Sharing Service"
-
-	http_file_path = "/var/xmpp-upload/{{ main_domain }}/upload"
-	http_external_url = "https://xmpp-upload.{{ main_domain }}:443"
-	http_file_base_path = "/upload"
-	http_file_size_limit = 6*1024*1024
-	http_file_quota = 60*1024*1024
-	http_upload_file_size_limit = 100 * 1024 * 1024 -- bytes
-	http_upload_quota = 10 * 1024 * 1024 * 1024 -- bytes
-
-
---Set up a VJUD service
-Component "vjud.{{ main_domain }}" "vjud"
-	ud_disco_name = "{{ main_domain }} User Directory"
-
-
 ----------- Virtual hosts -----------
 -- You need to add a VirtualHost entry for each domain you wish Metronome to serve.
 -- Settings under each VirtualHost entry apply *only* to that host.
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@ -592,9 +592,9 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
    # Set the domain
    csr.get_subject().CN = domain

-    from yunohost.domain import _get_maindomain
-    if domain == _get_maindomain():
-        # Include xmpp-upload subdomain in subject alternate names
+    from yunohost.domain import domain_list
+    # For "parent" domains, include xmpp-upload subdomain in subject alternate names
+    if domain in domain_list(exclude_subdomains=True)["domains"]:
        subdomain = "xmpp-upload." + domain
        try:
            _dns_ip_match_public_ip(get_public_ip(), subdomain)
--- a/src/yunohost/domain.py
+++ b/src/yunohost/domain.py
@ -41,24 +41,26 @@ from yunohost.hook import hook_callback
 logger = getActionLogger('yunohost.domain')


-def domain_list():
+def domain_list(exclude_subdomains=False):
    """
    List domains

    Keyword argument:
-        filter -- LDAP filter used to search
-        offset -- Starting number for domain fetching
-        limit -- Maximum number of domain fetched
+        exclude_subdomains -- Filter out domains that are subdomains of other declared domains

    """
    from yunohost.utils.ldap import _get_ldap_interface

    ldap = _get_ldap_interface()
-    result = ldap.search('ou=domains,dc=yunohost,dc=org', 'virtualdomain=*', ['virtualdomain'])
+    result = [entry['virtualdomain'][0] for entry in ldap.search('ou=domains,dc=yunohost,dc=org', 'virtualdomain=*', ['virtualdomain'])]

    result_list = []
    for domain in result:
-        result_list.append(domain['virtualdomain'][0])
+        if exclude_subdomains:
+            parent_domain = domain.split(".", 1)[1]
+            if parent_domain in result:
+                continue
+        result_list.append(domain)

    return {'domains': result_list}