implement qutoas

2017-12-22 16:58:35 +01:00 · 2017-12-22 16:58:35 +01:00 · eeb7fd64af
commit eeb7fd64af
parent 2d0648e0f4
4 changed files with 24 additions and 1 deletions
--- a/default.nix
+++ b/default.nix
@ -78,6 +78,16 @@ in
            '';
          };

+          quota = mkOption {
+            type = with types; nullOr types.str;
+            default = null;
+            example = "2G";
+            description = ''
+              Per user quota rules. Accepted sizes are `xx k/M/G/T` with the
+              obvious meaning. Leave blank for the standard quota `100G`.
+            '';
+          };
+
          sieveScript = mkOption {
            type = with types; nullOr lines;
            default = null;
--- a/mail-server/common.nix
+++ b/mail-server/common.nix
@ -20,7 +20,10 @@ let
  cfg = config.mailserver;
  # passwd :: [ String ]
  passwd = lib.mapAttrsToList
-    (name: value: "${name}:${value.hashedPassword}:${builtins.toString cfg.vmailUID}:${builtins.toString cfg.vmailUID}::${cfg.mailDirectory}:/run/current-system/sw/bin/nologin:")
+    (name: value: "${name}:${value.hashedPassword}:${builtins.toString cfg.vmailUID}:${builtins.toString cfg.vmailUID}::${cfg.mailDirectory}:/run/current-system/sw/bin/nologin:"
+     + (if lib.isString value.quota
+            then "userdb_quota_rule=*:storage=${value.quota}"
+            else ""))
            cfg.loginAccounts;
 in
 {
@ -41,6 +44,7 @@ in
              else if cfg.certificateScheme == 3
                   then "/var/lib/acme/${cfg.fqdn}/key.pem"
                   else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
+
  # passwdFile :: PATH
  passwdFile = builtins.toFile "passwd" (lib.concatStringsSep "\n" passwd);
 }
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -32,6 +32,7 @@ in
      enableImap = enableImap;
      enablePop3 = enablePop3;
      enablePAM = false;
+      enableQuota = true;
      mailGroup = vmailGroupName;
      mailUser = vmailUserName;
      mailLocation = dovecot_maildir;
@ -80,6 +81,11 @@ in
          args = ${passwdFile}
        }

+        userdb {
+          driver = passwd-file
+          args = ${passwdFile}
+        }
+
        service auth {
          unix_listener /var/lib/postfix/queue/private/auth {
            mode = 0660
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@ -124,6 +124,9 @@ in
        smtpd_sasl_auth_enable = yes
        smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

+        # quota
+        smtpd_recipient_restrictions = check_policy_service inet:mailstore.example.com:12340
+
        # TLS settings, inspired by https://github.com/jeaye/nix-files
        # Submission by mail clients is handled in submissionOptions
        smtpd_tls_security_level = may