opencloud-eu · flash7777 · Jun 4, 2026
diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go
@@ -394,6 +394,7 @@ func loadMiddlewares(logger log.Logger, cfg *config.Config,
 			middleware.TraceProvider(traceProvider),
 			middleware.WithRevaGatewaySelector(gatewaySelector),
 			middleware.RoleQuotas(cfg.RoleQuotas),
+			middleware.DefaultUsersQuota(cfg.DefaultUsersQuota),
 		),
 	)
 }
diff --git a/services/proxy/pkg/config/config.go b/services/proxy/pkg/config/config.go
@@ -24,6 +24,7 @@ type Config struct {
 	GrpcClient    client.Client         `yaml:"-"`
 
 	RoleQuotas                    map[string]uint64   `yaml:"role_quotas"`
+	DefaultUsersQuota             uint64              `yaml:"default_users_quota" env:"PROXY_USERS_DEFAULT_QUOTA" desc:"The default quota in bytes for personal spaces of new users. A value of 0 means unlimited. This quota is used as a fallback when no role-specific quota is configured." introductionVersion:"7.2.0"`
 	Policies                      []Policy            `yaml:"policies"`
 	AdditionalPolicies            []Policy            `yaml:"additional_policies"`
 	OIDC                          OIDC                `yaml:"oidc"`

diff --git a/services/proxy/pkg/middleware/create_home.go b/services/proxy/pkg/middleware/create_home.go
@@ -32,6 +32,7 @@ func CreateHome(optionSetters ...Option) func(next http.Handler) http.Handler {
 			tracer:              tracer,
 			revaGatewaySelector: options.RevaGatewaySelector,
 			roleQuotas:          options.RoleQuotas,
+			defaultUsersQuota:   options.DefaultUsersQuota,
 		}
 	}
 }
@@ -42,6 +43,7 @@ type createHome struct {
 	tracer              trace.Tracer
 	revaGatewaySelector pool.Selectable[gateway.GatewayAPIClient]
 	roleQuotas          map[string]uint64
+	defaultUsersQuota   uint64
 }
 
 func (m createHome) ServeHTTP(w http.ResponseWriter, req *http.Request) {
@@ -71,6 +73,8 @@ func (m createHome) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		}
 		if limit, hasLimit := m.checkRoleQuotaLimit(roleIDs); hasLimit {
 			createHomeReq.Opaque = utils.AppendPlainToOpaque(nil, "quota", strconv.FormatUint(limit, 10))
+		} else if m.defaultUsersQuota > 0 {
+			createHomeReq.Opaque = utils.AppendPlainToOpaque(nil, "quota", strconv.FormatUint(m.defaultUsersQuota, 10))
 		}
 	}
 

diff --git a/services/proxy/pkg/middleware/options.go b/services/proxy/pkg/middleware/options.go
@@ -70,6 +70,8 @@ type Options struct {
 	// RoleQuotas hold userid:quota mappings. These will be used when provisioning new users.
 	// The users will get as much quota as is set for their role.
 	RoleQuotas map[string]uint64
+	// DefaultUsersQuota is the fallback quota for personal spaces when no role-specific quota is set.
+	DefaultUsersQuota uint64
 	// TraceProvider sets the tracing provider.
 	TraceProvider trace.TracerProvider
 	// SkipUserInfo prevents the oidc middleware from querying the userinfo endpoint and read any claims directly from the access token instead
@@ -242,6 +244,13 @@ func RoleQuotas(roleQuotas map[string]uint64) Option {
 	}
 }
 
+// DefaultUsersQuota sets the default quota for personal spaces when no role-specific quota is configured.
+func DefaultUsersQuota(quota uint64) Option {
+	return func(o *Options) {
+		o.DefaultUsersQuota = quota
+	}
+}
+
 // TraceProvider sets the tracing provider.
 func TraceProvider(tp trace.TracerProvider) Option {
 	return func(o *Options) {