diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix
index 464b021821b25838065aeda3b05ccba62d11eb5f..19e1dcbeded9fcaab7dc64752761d2cbfe9f504e 100644
--- a/morph/lib/make-monitoring.nix
+++ b/morph/lib/make-monitoring.nix
@@ -23,14 +23,6 @@
         permissions = "0400";
         action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
       };
-      "monitoringvpn-public-key" = {
-        source = "../../PrivateStorageSecrets/monitoringvpn/server.pub";
-        destination = "/run/keys/monitoringvpn/server.pub";
-        owner.user = "root";
-        owner.group = "root";
-        permissions = "0444";
-        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
-      };
       "monitoringvpn-preshared-key" = {
         source = monitoringvpnPresharedKeyPath;
         destination = "/run/keys/monitoringvpn/preshared.key";
diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix
index 1756221e0f2a1a9afa759132b2a150e8a03df70e..5ea27cd900e6b90f704a57b8d6437c8b1b92a0ee 100644
--- a/nixos/modules/monitoring/vpn/client.nix
+++ b/nixos/modules/monitoring/vpn/client.nix
@@ -14,18 +14,6 @@ in {
         File with base64 private key generated by <command>wg genkey</command>.
       '';
     };
-    publicKeyFile = lib.mkOption {
-      type = lib.types.path;
-      example = lib.literalExample /run/keys/monitoringvpn/host.pub;
-      description = ''
-        File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
-        Cannot have white space or new lines.
-        Shorthand for public and private key:
-        <command>wg genkey | tee peer_A.key | wg pubkey > peer_A.pub</command>
-        TBD the pub files must not have white space or new lines, remove with
-        them, for example <command>perl -pe 's/\s+//g'</command>
-      '';
-    };
     presharedKeyFile = lib.mkOption {
       type = lib.types.path;
       example = lib.literalExample /run/keys/monitoringvpn/preshared.key;
@@ -59,7 +47,7 @@ in {
     };
     endpointPublicKeyFile = lib.mkOption {
       type = lib.types.path;
-      example = lib.literalExample /run/keys/monitoringvpn/server.pub;
+      example = lib.literalExample ../../PrivateStorageSecrets/monitoringvpn/server.pub;
       default = ../../../../morph/PrivateStorageSecrets/monitoringvpn/server.pub;
       description = ''
         File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
@@ -75,7 +63,7 @@ in {
         {
           allowedIPs = cfg.client.allowedIPs;
           endpoint = cfg.client.endpoint;  # meaning: the server.
-          publicKey = builtins.readFile(cfg.client.endpointPublicKeyFile);
+          publicKey = lib.fileContents(cfg.client.endpointPublicKeyFile);
           presharedKeyFile = toString cfg.client.presharedKeyFile;
           persistentKeepalive = 25;
         }
diff --git a/nixos/modules/monitoring/vpn/server.nix b/nixos/modules/monitoring/vpn/server.nix
index 13a25175187a5dd8baff5a42c61b673dbf587e4c..0cc7be1ec47a7936d3e405f024725025d4f77f24 100644
--- a/nixos/modules/monitoring/vpn/server.nix
+++ b/nixos/modules/monitoring/vpn/server.nix
@@ -19,14 +19,6 @@ in {
         File with base64 private key generated by <command>wg genkey</command>.
       '';
     };
-    publicKeyFile = lib.mkOption {
-      type = lib.types.path;
-      example = lib.literalExample /run/keys/monitoringvpn/server.pub;
-      default = /run/keys/monitoringvpn/server.pub;
-      description = ''
-        File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
-      '';
-    };
     presharedKeyFile = lib.mkOption {
       type = lib.types.path;
       example = lib.literalExample /run/keys/monitoringvpn/preshared.key;