Add Atheme XMLRPC integration for Convos authentication

Enable XMLRPC in Atheme for Convos to authenticate users via NickServ:
- Load misc/httpd and transport/xmlrpc modules in Atheme config
- Configure httpd on port 8080 with www_root for health checks
- Remove netcat health server (conflicted with Atheme httpd)
- Remove unused 6667 port from magnet-atheme fly.toml

Configure Convos to use Atheme auth plugin:
- Enable Convos::Plugin::Auth::Atheme plugin
- Set XMLRPC URL to magnet-atheme.internal:8080/xmlrpc
- Set IRC URL for registration commands
- Set email domain to irc.perl.org

Author: perigrin

atheme/Dockerfile

@@ -57,6 +57,7 @@ RUN chmod +x /app/entrypoint.sh
 # Container starts as root for Tailscale, drops to atheme user for services
 WORKDIR /opt/atheme/var
 
-EXPOSE 6667
+# Atheme httpd serves XMLRPC for Convos authentication
+EXPOSE 8080
 
 CMD ["/app/entrypoint.sh"]

atheme/atheme.conf.template

@@ -87,6 +87,10 @@ memoserv {
 /* Protocol module */
 loadmodule "protocol/solanum";
 
+/* HTTP server and XMLRPC for Convos authentication integration */
+loadmodule "misc/httpd";
+loadmodule "transport/xmlrpc";
+
 /* Backend modules */
 loadmodule "backend/opensex";
 
@@ -172,3 +176,10 @@ operclass "sra" {
 operator "perigrin" {
     operclass = "sra";
 };
+
+/* HTTP server for XMLRPC integration with Convos */
+httpd {
+    host = "0.0.0.0";
+    port = 8080;
+    www_root = "/opt/atheme/www";
+};

atheme/entrypoint.sh

@@ -60,10 +60,10 @@ echo "Atheme configuration instantiated successfully"
 echo "Tailscale hostname: ${HOSTNAME}"
 echo "Services password: ${SERVICES_PASSWORD}"
 
-# Simple HTTP health endpoint
-(while true; do
-    echo -e "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\n\r\nAtheme Services Health OK" | nc -l -p 8080
-done) &
+# Create www_root directory for Atheme httpd health endpoint
+mkdir -p /opt/atheme/www
+echo "OK" > /opt/atheme/www/health
+chown -R atheme:atheme /opt/atheme/www
 
 # Cleanup function - only called when health check fails
 cleanup() {

servers/magnet-atheme/fly.toml

@@ -44,9 +44,3 @@ primary_region = "ord"
     timeout = "10s"
     path = "/health"
 
-[[services]]
-  internal_port = 6667
-  protocol = "tcp"
-
-  [[services.ports]]
-    port = 6667

servers/magnet-convos/fly.toml

@@ -23,6 +23,15 @@ primary_region = 'ord'
   # Default theme for landing page and new users
   CONVOS_DEFAULT_THEME = "magnet"
   CONVOS_DEFAULT_SCHEME = "light"
+  # Atheme authentication integration
+  # Enable the Atheme auth plugin for NickServ-based authentication
+  CONVOS_PLUGINS = "Convos::Plugin::Auth::Atheme"
+  # XMLRPC endpoint for login authentication
+  CONVOS_AUTH_ATHEME_URL = "http://magnet-atheme.internal:8080/xmlrpc"
+  # IRC server for NickServ registration commands
+  CONVOS_AUTH_ATHEME_IRC_URL = "irc://magnet-irc.flycast:16667"
+  # Domain for user email addresses
+  CONVOS_AUTH_ATHEME_DOMAIN = "irc.perl.org"
 
 [mounts]
   source = "convos_data"