From 4432d28c098d85184bab20ad9f98851b1810b698 Mon Sep 17 00:00:00 2001
From: Gabriel <gabriel@skazki.fr>
Date: Thu, 4 Feb 2021 20:21:49 +0100
Subject: [PATCH 1/3] [muc subdomain] add to domain's certificate the alt
 subdomain muc

---
 data/templates/nginx/server.tpl.conf |  2 +-
 src/yunohost/certificate.py          | 31 ++++++++++++++++------------
 2 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index 8bd689a92..8a57dda55 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
 server {
     listen 80;
     listen [::]:80;
-    server_name {{ domain }} xmpp-upload.{{ domain }};
+    server_name {{ domain }} xmpp-upload.{{ domain }} muc.{{ domain }};
 
     access_by_lua_file /usr/share/ssowat/access.lua;
 
diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py
index c48af2c07..f97cb42e5 100644
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@@ -659,34 +659,39 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
     csr.get_subject().CN = domain
 
     from yunohost.domain import domain_list
-
-    # For "parent" domains, include xmpp-upload subdomain in subject alternate names
+    # For "parent" domains, include xmpp-upload and muc subdomains in subject
+    # alternate names
     if domain in domain_list(exclude_subdomains=True)["domains"]:
-        subdomain = "xmpp-upload." + domain
         xmpp_records = (
             Diagnoser.get_cached_report(
                 "dnsrecords", item={"domain": domain, "category": "xmpp"}
             ).get("data")
             or {}
         )
-        if xmpp_records.get("CNAME:xmpp-upload") == "OK":
+        sanlist = []
+        for sub in ('xmpp-upload', 'muc'):
+            subdomain = sub + "." + domain
+            if xmpp_records.get("CNAME:" + sub) == "OK":
+                sanlist.append(("DNS:" + subdomain))
+            else:
+                logger.warning(
+                    m18n.n(
+                        "certmanager_warning_subdomain_dns_record",
+                        subdomain=subdomain,
+                        domain=domain,
+                    )
+                )
+
+        if sanlist:
             csr.add_extensions(
                 [
                     crypto.X509Extension(
                         "subjectAltName".encode("utf8"),
                         False,
-                        ("DNS:" + subdomain).encode("utf8"),
+                        (", ".join(sanlist)).encode("utf-8"),
                     )
                 ]
             )
-        else:
-            logger.warning(
-                m18n.n(
-                    "certmanager_warning_subdomain_dns_record",
-                    subdomain=subdomain,
-                    domain=domain,
-                )
-            )
 
     # Set the key
     with open(key_file, "rt") as f:

From 1fb42bb8aff46cfd41347a5016b9a0ae3c6a53a6 Mon Sep 17 00:00:00 2001
From: Gabriel <gabriel@skazki.fr>
Date: Tue, 9 Feb 2021 18:54:31 +0100
Subject: [PATCH 2/3] [muc subdomain] forbid admin to add a muc subdomain
 (reserved to xmpp)

---
 src/yunohost/domain.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py
index c51039559..f28753311 100644
--- a/src/yunohost/domain.py
+++ b/src/yunohost/domain.py
@@ -103,6 +103,9 @@ def domain_add(operation_logger, domain, dyndns=False):
     if domain.startswith("xmpp-upload."):
         raise YunohostError("domain_cannot_add_xmpp_upload")
 
+    if domain.startswith("muc."):
+        raise YunohostError("domain_cannot_add_muc_upload")
+
     ldap = _get_ldap_interface()
 
     try:

From dbf19b585c898d5af84f9cde9a7998bf450b4680 Mon Sep 17 00:00:00 2001
From: Gabriel <gabriel@skazki.fr>
Date: Tue, 23 Feb 2021 20:17:53 +0100
Subject: [PATCH 3/3] [locales] add "domain_cannot_add_muc_upload" string to
 en.json

---
 locales/en.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/locales/en.json b/locales/en.json
index 0acd2b734..88b3d6a9b 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -269,6 +269,7 @@
     "diagnosis_processes_killed_by_oom_reaper": "Some processes were recently killed by the system because it ran out of memory. This is typically symptomatic of a lack of memory on the system or of a process that ate up to much memory. Summary of the processes killed:\n{kills_summary}",
     "domain_cannot_remove_main": "You cannot remove '{domain:s}' since it's the main domain, you first need to set another domain as the main domain using 'yunohost domain main-domain -n <another-domain>'; here is the list of candidate domains: {other_domains:s}",
     "domain_cannot_add_xmpp_upload": "You cannot add domains starting with 'xmpp-upload.'. This kind of name is reserved for the XMPP upload feature integrated in YunoHost.",
+    "domain_cannot_add_muc_upload": "You cannot add domains starting with 'muc.'. This kind of name is reserved for the XMPP multi-users chat feature integrated in YunoHost.",
     "domain_cannot_remove_main_add_new_one": "You cannot remove '{domain:s}' since it's the main domain and your only domain, you need to first add another domain using 'yunohost domain add <another-domain.com>', then set is as the main domain using 'yunohost domain main-domain -n <another-domain.com>' and then you can remove the domain '{domain:s}' using 'yunohost domain remove {domain:s}'.'",
     "domain_cert_gen_failed": "Could not generate certificate",
     "domain_created": "Domain created",