From 97e935e0ff718cbec86605bf584a5660812bdce9 Mon Sep 17 00:00:00 2001
From: Mel <mel@rnrd.eu>
Date: Fri, 24 Apr 2026 02:58:53 +0200
Subject: Add the ingress node public key to VPN definition as additional
 information

Signed-off-by: Mel <mel@rnrd.eu>
---
 modules/vpn/definition.nix | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'modules')

diff --git a/modules/vpn/definition.nix b/modules/vpn/definition.nix
index 8d57593..60ea5d0 100644
--- a/modules/vpn/definition.nix
+++ b/modules/vpn/definition.nix
@@ -65,4 +65,11 @@
   # each other, even though they know that the keys don't actually match up,
   # it's not possible to see that on the outside.
   mask = "microsoft.com";
+
+  # we don't actually need this to configure the tunnel, but this is
+  # the public key of the ingress interface.
+  # when creating wireguard vpn configurations for the users, this
+  # is the public key of the server peer at `tunnel.rnrd.eu`.
+  # the matching private key of the pair is the secret `vpn/ingress-key`.
+  ingress.public = "s5yyPCJiN0uqW0jzKIbYCF7I9TthymiRzpNt466XeWk=";
 }
-- 
cgit 1.4.1