Add MTA-STS configuration

templates/nginx/mta-sts.j2

@@ -0,0 +1,14 @@
+server {
+    listen 80;
+    server_name mta-sts.{{ item.name }};
+    include snippets/letsencrypt.conf;
+    location / { return 301 https://$http_host$request_uri; }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name mta-sts.{{ item.name }};
+    ssl_certificate /var/lib/dehydrated/certs/mta-sts.{{ item.name }}/fullchain.pem;
+    ssl_certificate_key /var/lib/dehydrated/certs/mta-sts.{{ item.name }}/privkey.pem;
+    location /.well-known { alias /var/www/html; }
+}

templates/nginx/mta-sts.txt.j2

@@ -0,0 +1,6 @@
+version: STSv1
+mode: enforce
+max_age: 10368000
+{% for mx in item.mx_server %}
+mx: {{ mx }}
+{% endfor %}