nginx: generate certificates for custom domains and subdomains

default.nix

@@ -44,6 +44,13 @@ in
       description = "The domains that this mail server serves.";
     };
 
+    certificateDomains = mkOption {
+      type = types.listOf types.str;
+      example = [ "imap.example.com" "pop3.example.com" ];
+      default = [];
+      description = "Secondary domains and subdomains for which it is necessary to generate a certificate.";
+    };
+
     messageSizeLimit = mkOption {
       type = types.int;
       example = 52428800;

docs/options.rst

@@ -595,6 +595,15 @@ certificate is valid for 10 years.
 - Default: ``/var/certs``
 
 
+mailserver.certificateDomains
+-----------------------------
+
+Secondary domains and subdomains for which it is necessary to generate a certificate.
+
+- Type: ``list of strings``
+- Default: ``[]``
+
+
 mailserver.certificateFile
 --------------------------
 

mail-server/nginx.nix

@@ -29,6 +29,7 @@ in
       enable = true;
       virtualHosts."${cfg.fqdn}" = {
         serverName = cfg.fqdn;
+        serverAliases = cfg.certificateDomains;
         forceSSL = true;
         enableACME = true;
         acmeRoot = acmeRoot;