diff --git a/fediversity/default.nix b/fediversity/default.nix
index 96a3d5b..6a6b867 100644
--- a/fediversity/default.nix
+++ b/fediversity/default.nix
@@ -68,9 +68,13 @@ in {
                   type = types.int;
                   default = 3902;
                 };
+                domainForBucket = mkOption {
+                  type = types.functionTo types.str;
+                  default = bucket: "${bucket}.${config.fediversity.internal.garage.web.rootDomain}";
+                };
                 urlForBucket = mkOption {
                   type = types.functionTo types.str;
-                  default = bucket: "http://${bucket}.${config.fediversity.internal.garage.web.rootDomain}";
+                  default = bucket: "http://${config.fediversity.internal.garage.web.domainForBucket bucket}";
                 };
               };
             };
diff --git a/fediversity/garage.nix b/fediversity/garage.nix
index a627009..a3cbbeb 100644
--- a/fediversity/garage.nix
+++ b/fediversity/garage.nix
@@ -177,7 +177,7 @@ in
       forceSSL = true;
       enableACME = true;
       serverName = fedicfg.web.rootDomain;
-      serverAliases = lib.mapAttrsToList (bucket: _: "${bucket}.${fedicfg.web.rootDomain}") cfg.ensureBuckets; ## TODO: use wildcard certificates?
+      serverAliases = lib.mapAttrsToList (bucket: _: fedicfg.web.domainForBucket bucket) cfg.ensureBuckets; ## TODO: use wildcard certificates?
       locations."/" = {
         proxyPass = "http://localhost:3902";
         extraConfig = ''