christian
/
nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nginx: generate certificates for custom domains and subdomains

This commit is contained in:
Izorkin 2018-11-16 14:11:31 +03:00 committed by Izorkin
parent 7c7ed5ce06
commit f3d967f830
No known key found for this signature in database
GPG Key ID: 1436C1B3F3679F09
3 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
default.nix
View File

@ -44,6 +44,13 @@ in
description = "The domains that this mail server serves."; description = "The domains that this mail server serves.";
}; };
certificateDomains = mkOption {
type = types.listOf types.str;
example = [ "imap.example.com" "pop3.example.com" ];
default = [];
description = "Secondary domains and subdomains for which it is necessary to generate a certificate.";
};
messageSizeLimit = mkOption { messageSizeLimit = mkOption {
type = types.int; type = types.int;
example = 52428800; example = 52428800;

9
docs/options.rst
View File

@ -595,6 +595,15 @@ certificate is valid for 10 years.
- Default: ``/var/certs`` - Default: ``/var/certs``
mailserver.certificateDomains
-----------------------------
Secondary domains and subdomains for which it is necessary to generate a certificate.
- Type: ``list of strings``
- Default: ``[]``
mailserver.certificateFile mailserver.certificateFile
-------------------------- --------------------------

1
mail-server/nginx.nix
View File

@ -29,6 +29,7 @@ in
enable = true; enable = true;
virtualHosts."${cfg.fqdn}" = { virtualHosts."${cfg.fqdn}" = {
serverName = cfg.fqdn; serverName = cfg.fqdn;
serverAliases = cfg.certificateDomains;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
acmeRoot = acmeRoot; acmeRoot = acmeRoot;