From 1880125b7c35f2823a45baa5b4a8e3f8764729b8 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 3 Jan 2026 08:34:27 -0800
Subject: simplify wireguard public key settings

---
 machines/argonath.nix   |  2 ++
 machines/bree.nix       |  2 ++
 machines/rivendell.nix  |  2 ++
 modules/host-config.nix |  4 ++++
 profiles/wireguard.nix  | 13 +++++++++----
 5 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/machines/argonath.nix b/machines/argonath.nix
index 1677600..748ba78 100644
--- a/machines/argonath.nix
+++ b/machines/argonath.nix
@@ -15,6 +15,8 @@
 
   networking.hostName = "argonath";
 
+  wgPublicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w=";
+
   age.secrets.acme-cloudflare-env.file = ../secrets/acme-cloudflare-env.age;
 
   system.stateVersion = "25.05"; # Did you read the comment?
diff --git a/machines/bree.nix b/machines/bree.nix
index a76252f..f20d612 100644
--- a/machines/bree.nix
+++ b/machines/bree.nix
@@ -21,6 +21,8 @@
   networking.useDHCP = lib.mkDefault true;
   systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
 
+  wgPublicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
+
   age.secrets.disk-unlock-key.file = ../secrets/bree/disk-unlock-key.age;
   age.secrets.disk-passphrase.file = ../secrets/bree/disk-passphrase.age;
 
diff --git a/machines/rivendell.nix b/machines/rivendell.nix
index f1e1dd5..7d51604 100644
--- a/machines/rivendell.nix
+++ b/machines/rivendell.nix
@@ -34,6 +34,8 @@
   networking.useDHCP = lib.mkDefault true;
   systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
 
+  wgPublicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
+
   services = {
     website = {
       enable = true;
diff --git a/modules/host-config.nix b/modules/host-config.nix
index 5bb5e94..7aa4ecb 100644
--- a/modules/host-config.nix
+++ b/modules/host-config.nix
@@ -5,5 +5,9 @@
       type = lib.types.attrs;
       default = { };
     };
+    wgPublicKey = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+    };
   };
 }
diff --git a/profiles/wireguard.nix b/profiles/wireguard.nix
index a080693..9c9b134 100644
--- a/profiles/wireguard.nix
+++ b/profiles/wireguard.nix
@@ -1,20 +1,25 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  hostConfigurations,
+  ...
+}:
 
 let
   wgHosts = {
     bree = {
       ip = 40;
-      publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
+      publicKey = hostConfigurations.bree.wgPublicKey;
       endpoint = "192.168.1.50";
     };
     argonath = {
       ip = 51;
-      publicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w=";
+      publicKey = hostConfigurations.argonath.wgPublicKey;
       endpoint = "157.230.146.234";
     };
     rivendell = {
       ip = 60;
-      publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
+      publicKey = hostConfigurations.rivendell.wgPublicKey;
       endpoint = "192.168.1.114";
     };
   };
-- 
cgit v1.2.3