Add the ingress node public key to VPN definition as additional information

Signed-off-by: Mel <mel@rnrd.eu>
author: Mel <mel@rnrd.eu> 2026-04-24 02:58:53 +0200
committer: Mel <mel@rnrd.eu> 2026-04-24 03:18:01 +0200
commit: 97e935e0ff718cbec86605bf584a5660812bdce9 (patch)
tree: 20144ba038565b3883f37d2cce1d3d56f6e0e298 /modules/vpn
parent: 73942bc6c06baa2e2ed2cd9f9da29b668f0376d9 (diff)
download: network-97e935e0ff718cbec86605bf584a5660812bdce9.tar.zst
network-97e935e0ff718cbec86605bf584a5660812bdce9.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/vpn/definition.nix b/modules/vpn/definition.nix
index 8d57593..60ea5d0 100644
--- a/modules/vpn/definition.nix
+++ b/modules/vpn/definition.nix
@@ -65,4 +65,11 @@
   # each other, even though they know that the keys don't actually match up,
   # it's not possible to see that on the outside.
   mask = "microsoft.com";
+
+  # we don't actually need this to configure the tunnel, but this is
+  # the public key of the ingress interface.
+  # when creating wireguard vpn configurations for the users, this
+  # is the public key of the server peer at `tunnel.rnrd.eu`.
+  # the matching private key of the pair is the secret `vpn/ingress-key`.
+  ingress.public = "s5yyPCJiN0uqW0jzKIbYCF7I9TthymiRzpNt466XeWk=";
 }
author	Mel <mel@rnrd.eu>	2026-04-24 02:58:53 +0200
committer	Mel <mel@rnrd.eu>	2026-04-24 03:18:01 +0200
commit	97e935e0ff718cbec86605bf584a5660812bdce9 (patch)
tree	20144ba038565b3883f37d2cce1d3d56f6e0e298 /modules/vpn
parent	73942bc6c06baa2e2ed2cd9f9da29b668f0376d9 (diff)
download	network-97e935e0ff718cbec86605bf584a5660812bdce9.tar.zst network-97e935e0ff718cbec86605bf584a5660812bdce9.zip