services: use subdomain for ACME cert

Avoids conflicts now that I have multiple servers sharing the config

services/matrix.nix

@@ -32,7 +32,10 @@
     public = 443;
     private = 11339;
   };
+
   domain = config.networking.domain;
+  hostname = config.networking.hostName;
+  fqdn = "${hostname}.${domain}";
 in {
   options.my.services.matrix = let
     inherit (lib) types;
@@ -147,7 +150,7 @@ in {
       virtualHosts = {
         "matrix.${domain}" = {
           onlySSL = true;
-          useACMEHost = domain;
+          useACMEHost = fqdn;
 
           locations = let
             proxyToClientPort = {
@@ -181,7 +184,7 @@ in {
         "matrix.${domain}_federation" = rec {
           onlySSL = true;
           serverName = "matrix.${domain}";
-          useACMEHost = domain;
+          useACMEHost = fqdn;
 
           locations."/".return = "404";
 
@@ -205,7 +208,7 @@ in {
 
         "${domain}" = {
           forceSSL = true;
-          useACMEHost = domain;
+          useACMEHost = fqdn;
 
           locations."= /.well-known/matrix/server".extraConfig = let
             server = {"m.server" = "matrix.${domain}:${toString federationPort.public}";};
@@ -230,7 +233,7 @@ in {
         # Element Web app deployment
         #
         "chat.${domain}" = {
-          useACMEHost = domain;
+          useACMEHost = fqdn;
           forceSSL = true;
 
           root = pkgs.element-web.override {
@@ -259,6 +262,8 @@ in {
       };
     };
 
+    security.acme.certs.${fqdn}.extraDomainNames = ["chat.${domain}" "matrix.${domain}" domain];
+
     # For administration tools.
     environment.systemPackages = [pkgs.matrix-synapse];