From 1e75d07d566536fa8d0f53dc608b63c51469e455 Mon Sep 17 00:00:00 2001
From: Thomas Preisner <mail@tpreisner.de>
Date: Sat, 28 Dec 2024 01:42:00 +0100
Subject: [PATCH] foobar

---
 mailsystem/default.nix | 10 ++++++++++
 mailsystem/dovecot.nix |  8 +++++++-
 mailsystem/postfix.nix |  5 +++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/mailsystem/default.nix b/mailsystem/default.nix
index af2913c..afd69bc 100644
--- a/mailsystem/default.nix
+++ b/mailsystem/default.nix
@@ -103,6 +103,16 @@ in {
             '';
           };
 
+          quota = lib.mkOption {
+            type = with lib.types; nullOr types.str;
+            default = null;
+            example = "2G";
+            description = ''
+              Sets quota for the this login account. The size has to be suffixed with `k/M/G/T`.
+              Not setting a quota results in a standard quota of `100G`.
+            '';
+          };
+
           isSystemUser = lib.mkOption {
             type = lib.types.bool;
             default = false;
diff --git a/mailsystem/dovecot.nix b/mailsystem/dovecot.nix
index 4f17464..60a3d8e 100644
--- a/mailsystem/dovecot.nix
+++ b/mailsystem/dovecot.nix
@@ -19,7 +19,13 @@ with (import ./common.nix {inherit config;}); let
   systemUsers = lib.filterAttrs (user: value: value.isSystemUser) cfg.accounts;
   normalUsers = lib.filterAttrs (user: value: !value.isSystemUser) cfg.accounts;
 
-  genUserdbEntry = user: value: "${user}:::::::";
+  genUserdbEntry = user: value:
+    "${user}:::::::"
+    + (
+      if lib.isString value.quota
+      then "userdb_quota_rule=*:storage=${value.quota}"
+      else ""
+    );
   genPasswdEntry = user: value: "${user}:${"$(head -n 1 ${value.hashedPasswordFile})"}::::::";
 
   genAuthDbsScript = pkgs.writeScript "generate-dovecot-auth-dbs" ''
diff --git a/mailsystem/postfix.nix b/mailsystem/postfix.nix
index 3328aca..c1f41da 100644
--- a/mailsystem/postfix.nix
+++ b/mailsystem/postfix.nix
@@ -141,6 +141,11 @@ in {
           "reject_unauth_destination"
         ];
 
+        # quota checking # TODO: wo ist hier quota??
+        # smtpd_recipient_restrictions = [
+        #   "check_policy_service inet:localhost:12340" # XXX
+        # ];
+
         # TLS settings, inspired by https://github.com/jeaye/nix-files
         # Submission by mail clients is handled in submissionOptions
         smtpd_tls_security_level = "may";