1 files changed, 53 insertions, 0 deletions

diff --git a/labernix/modules/services/postfix/restrictions.nix b/labernix/modules/services/postfix/restrictions.nix
new file mode 100644
index 00000000..fbb47f10
--- /dev/null
+++ b/labernix/modules/services/postfix/restrictions.nix
@@ -0,0 +1,53 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  mkRestriction = name: specificDescription: {
+    option.${name} = mkOption {
+      default = null;
+      type = types.nullOr types.list;
+      description = ''
+        A list of restrictions to apply or <option>null</option> to use the
+        built-in default value from Postfix.
+        ${specificDescription}
+      '';
+    };
+    config = let
+      cfg = config.labernix.postfix.restrictions.${name};
+    in mkIf (cfg != null) ''
+      smtpd_${name}_restrictions = ${concatStringsSep ", " cfg}
+    '';
+  };
+  restrictions = mapAttrsToList mkRestriction {
+    client = mkRestriction ''
+      SMTP server access restrictions in the context of a client SMTP connection
+      request.
+    '';
+    data = mkRestriction ''
+      Access restrictions that the Postfix SMTP server applies in the context of
+      the SMTP DATA command.
+    '';
+    end_of_data = mkRestriction ''
+      Access restrictions that the Postfix SMTP server applies in the context of
+      the SMTP END-OF-DATA command.
+    '';
+    etrn = mkRestriction ''
+      SMTP server access restrictions in the context of a client ETRN request.
+    '';
+    helo = mkRestriction ''
+      Restrictions that the Postfix SMTP server applies in the context of the
+      SMTP HELO command.
+    '';
+    recipient = mkRestriction ''
+      Access restrictions that the Postfix SMTP server applies in the context of
+      the RCPT TO command.
+    '';
+    sender = mkRestriction ''
+      Restrictions that the Postfix SMTP server applies in the context of the
+      MAIL FROM command.
+    '';
+  };
+in {
+  options.labernix.postfix.restrictions = mapAttrs mkRestriction restrictions;
+}