nginx: generate certificates for custom domains and subdomains

3 files changed, 17 insertions, 0 deletions

diff --git a/default.nix b/default.nix
index bf86e19..f46f1a4 100644
--- a/default.nix
+++ b/default.nix
@@ -44,6 +44,13 @@ in
       description = "The domains that this mail server serves.";
     };
 
+    certificateDomains = mkOption {
+      type = types.listOf types.str;
+      example = [ "imap.example.com" "pop3.example.com" ];
+      default = [];
+      description = "Secondary domains and subdomains for which it is necessary to generate a certificate.";
+    };
+
     messageSizeLimit = mkOption {
       type = types.int;
       example = 52428800;
diff --git a/docs/options.rst b/docs/options.rst
index 253690d..b3c2ef9 100644
--- a/docs/options.rst
+++ b/docs/options.rst
@@ -595,6 +595,15 @@ certificate is valid for 10 years.
 - Default: ``/var/certs``
 
 
+mailserver.certificateDomains
+-----------------------------
+
+Secondary domains and subdomains for which it is necessary to generate a certificate.
+
+- Type: ``list of strings``
+- Default: ``[]``
+
+
 mailserver.certificateFile
 --------------------------
 
diff --git a/mail-server/nginx.nix b/mail-server/nginx.nix
index c9cb454..1590c5f 100644
--- a/mail-server/nginx.nix
+++ b/mail-server/nginx.nix
@@ -29,6 +29,7 @@ in
       enable = true;
       virtualHosts."${cfg.fqdn}" = {
         serverName = cfg.fqdn;
+        serverAliases = cfg.certificateDomains;
         forceSSL = true;
         enableACME = true;
         acmeRoot = acmeRoot;