Skynet/misc_nixos-mailserver
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

implement qutoas

Browse source
This commit is contained in:
Robin Raymond 2017-12-22 16:58:35 +01:00
parent 2d0648e0f4
commit eeb7fd64af
4 changed files with 24 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
default.nix
View file

@ -78,6 +78,16 @@ in
''; '';
}; };
quota = mkOption {
type = with types; nullOr types.str;
default = null;
example = "2G";
description = ''
Per user quota rules. Accepted sizes are `xx k/M/G/T` with the
obvious meaning. Leave blank for the standard quota `100G`.
'';
};
sieveScript = mkOption { sieveScript = mkOption {
type = with types; nullOr lines; type = with types; nullOr lines;
default = null; default = null;

6
mail-server/common.nix
View file

@ -20,7 +20,10 @@ let
cfg = config.mailserver; cfg = config.mailserver;
# passwd :: [ String ] # passwd :: [ String ]
passwd = lib.mapAttrsToList passwd = lib.mapAttrsToList
(name: value: "${name}:${value.hashedPassword}:${builtins.toString cfg.vmailUID}:${builtins.toString cfg.vmailUID}::${cfg.mailDirectory}:/run/current-system/sw/bin/nologin:") (name: value: "${name}:${value.hashedPassword}:${builtins.toString cfg.vmailUID}:${builtins.toString cfg.vmailUID}::${cfg.mailDirectory}:/run/current-system/sw/bin/nologin:"
+ (if lib.isString value.quota
then "userdb_quota_rule=*:storage=${value.quota}"
else ""))
cfg.loginAccounts; cfg.loginAccounts;
in in
{ {
@ -41,6 +44,7 @@ in
else if cfg.certificateScheme == 3 else if cfg.certificateScheme == 3
then "/var/lib/acme/${cfg.fqdn}/key.pem" then "/var/lib/acme/${cfg.fqdn}/key.pem"
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }"; else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
# passwdFile :: PATH # passwdFile :: PATH
passwdFile = builtins.toFile "passwd" (lib.concatStringsSep "\n" passwd); passwdFile = builtins.toFile "passwd" (lib.concatStringsSep "\n" passwd);
} }

6
mail-server/dovecot.nix
View file

@ -32,6 +32,7 @@ in
enableImap = enableImap; enableImap = enableImap;
enablePop3 = enablePop3; enablePop3 = enablePop3;
enablePAM = false; enablePAM = false;
enableQuota = true;
mailGroup = vmailGroupName; mailGroup = vmailGroupName;
mailUser = vmailUserName; mailUser = vmailUserName;
mailLocation = dovecot_maildir; mailLocation = dovecot_maildir;
@ -80,6 +81,11 @@ in
args = ${passwdFile} args = ${passwdFile}
} }
userdb {
driver = passwd-file
args = ${passwdFile}
}
service auth { service auth {
unix_listener /var/lib/postfix/queue/private/auth { unix_listener /var/lib/postfix/queue/private/auth {
mode = 0660 mode = 0660

3
mail-server/postfix.nix
View file

@ -124,6 +124,9 @@ in
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
# quota
smtpd_recipient_restrictions = check_policy_service inet:mailstore.example.com:12340
# TLS settings, inspired by https://github.com/jeaye/nix-files # TLS settings, inspired by https://github.com/jeaye/nix-files
# Submission by mail clients is handled in submissionOptions # Submission by mail clients is handled in submissionOptions
smtpd_tls_security_level = may smtpd_tls_security_level = may