diff --git a/nixos/modules/monitoring/vpn/server.nix b/nixos/modules/monitoring/vpn/server.nix
index 8a1f560e0d537fbc5613b2d05ec72209811d8ae0..29430ca0b24d13723b27b23d08bee6ca8bb92a9b 100644
--- a/nixos/modules/monitoring/vpn/server.nix
+++ b/nixos/modules/monitoring/vpn/server.nix
@@ -2,6 +2,11 @@
 
 { lib, config, ... }: let
   cfg = config.services.private-storage.monitoring.vpn;
+  makePeers = peerIPs: pubKeysPath: map (x: {
+                  allowedIPs = [ "${x}/32" ];
+                  publicKey = builtins.readFile(pubKeysPath + "/${x}.pub");
+                  presharedKeyFile = toString cfg.server.presharedKeyFile;
+                }) peerIPs;
 
 in {
   options.services.private-storage.monitoring.vpn.server = {
@@ -52,6 +57,14 @@ in {
         The IP addresses to allow connections from.
       '';
     };
+    pubKeysPath = lib.mkOption {
+      type = lib.types.path;
+      example = lib.literalExample ../../../../morph/PrivateStorageSecrets/monitoringvpn;
+      default = ../../../../morph/PrivateStorageSecrets/monitoringvpn;
+      description = ''
+        The path to the directory that holds the public keys.
+      '';
+    };
   };
 
   config = lib.mkIf cfg.server.enable {
@@ -61,7 +74,7 @@ in {
       ips = [ "${cfg.server.ip}/24" ];
       listenPort = cfg.server.port;
       privateKeyFile = toString cfg.server.privateKeyFile;
-      peers = map (x: {allowedIPs = [ "${x}/32" ]; publicKey = builtins.readFile(../../../../morph/PrivateStorageSecrets/monitoringvpn + "/${x}.pub"); presharedKeyFile = toString cfg.server.presharedKeyFile;}) cfg.server.vpnClientIPs;
+      peers = makePeers cfg.server.vpnClientIPs cfg.server.pubKeysPath;
     };
   };
 }