mirror of
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git
synced 2025-01-14 16:26:27 +01:00
implement qutoas
This commit is contained in:
parent
2d0648e0f4
commit
eeb7fd64af
4 changed files with 24 additions and 1 deletions
10
default.nix
10
default.nix
|
@ -78,6 +78,16 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
quota = mkOption {
|
||||||
|
type = with types; nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = "2G";
|
||||||
|
description = ''
|
||||||
|
Per user quota rules. Accepted sizes are `xx k/M/G/T` with the
|
||||||
|
obvious meaning. Leave blank for the standard quota `100G`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
sieveScript = mkOption {
|
sieveScript = mkOption {
|
||||||
type = with types; nullOr lines;
|
type = with types; nullOr lines;
|
||||||
default = null;
|
default = null;
|
||||||
|
|
|
@ -20,7 +20,10 @@ let
|
||||||
cfg = config.mailserver;
|
cfg = config.mailserver;
|
||||||
# passwd :: [ String ]
|
# passwd :: [ String ]
|
||||||
passwd = lib.mapAttrsToList
|
passwd = lib.mapAttrsToList
|
||||||
(name: value: "${name}:${value.hashedPassword}:${builtins.toString cfg.vmailUID}:${builtins.toString cfg.vmailUID}::${cfg.mailDirectory}:/run/current-system/sw/bin/nologin:")
|
(name: value: "${name}:${value.hashedPassword}:${builtins.toString cfg.vmailUID}:${builtins.toString cfg.vmailUID}::${cfg.mailDirectory}:/run/current-system/sw/bin/nologin:"
|
||||||
|
+ (if lib.isString value.quota
|
||||||
|
then "userdb_quota_rule=*:storage=${value.quota}"
|
||||||
|
else ""))
|
||||||
cfg.loginAccounts;
|
cfg.loginAccounts;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -41,6 +44,7 @@ in
|
||||||
else if cfg.certificateScheme == 3
|
else if cfg.certificateScheme == 3
|
||||||
then "/var/lib/acme/${cfg.fqdn}/key.pem"
|
then "/var/lib/acme/${cfg.fqdn}/key.pem"
|
||||||
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
|
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
|
||||||
|
|
||||||
# passwdFile :: PATH
|
# passwdFile :: PATH
|
||||||
passwdFile = builtins.toFile "passwd" (lib.concatStringsSep "\n" passwd);
|
passwdFile = builtins.toFile "passwd" (lib.concatStringsSep "\n" passwd);
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,6 +32,7 @@ in
|
||||||
enableImap = enableImap;
|
enableImap = enableImap;
|
||||||
enablePop3 = enablePop3;
|
enablePop3 = enablePop3;
|
||||||
enablePAM = false;
|
enablePAM = false;
|
||||||
|
enableQuota = true;
|
||||||
mailGroup = vmailGroupName;
|
mailGroup = vmailGroupName;
|
||||||
mailUser = vmailUserName;
|
mailUser = vmailUserName;
|
||||||
mailLocation = dovecot_maildir;
|
mailLocation = dovecot_maildir;
|
||||||
|
@ -80,6 +81,11 @@ in
|
||||||
args = ${passwdFile}
|
args = ${passwdFile}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
userdb {
|
||||||
|
driver = passwd-file
|
||||||
|
args = ${passwdFile}
|
||||||
|
}
|
||||||
|
|
||||||
service auth {
|
service auth {
|
||||||
unix_listener /var/lib/postfix/queue/private/auth {
|
unix_listener /var/lib/postfix/queue/private/auth {
|
||||||
mode = 0660
|
mode = 0660
|
||||||
|
|
|
@ -124,6 +124,9 @@ in
|
||||||
smtpd_sasl_auth_enable = yes
|
smtpd_sasl_auth_enable = yes
|
||||||
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
||||||
|
|
||||||
|
# quota
|
||||||
|
smtpd_recipient_restrictions = check_policy_service inet:mailstore.example.com:12340
|
||||||
|
|
||||||
# TLS settings, inspired by https://github.com/jeaye/nix-files
|
# TLS settings, inspired by https://github.com/jeaye/nix-files
|
||||||
# Submission by mail clients is handled in submissionOptions
|
# Submission by mail clients is handled in submissionOptions
|
||||||
smtpd_tls_security_level = may
|
smtpd_tls_security_level = may
|
||||||
|
|
Loading…
Reference in a new issue