From 7abedc9bcee6e112af5a8483e144becc1430f16e Mon Sep 17 00:00:00 2001
From: gilgamezh <mail@gilgamezh.me>
Date: Sat, 17 Jan 2026 12:21:35 +0100
Subject: [PATCH] media: add wireguard preshared key support

---
 custom_helm_charts/gluetun/README.md             | 1 +
 custom_helm_charts/gluetun/templates/secret.yaml | 1 +
 custom_helm_charts/gluetun/values.yaml           | 6 ++++++
 helm-values/gluetun_values.yaml                  | 5 +++++
 4 files changed, 13 insertions(+)

diff --git a/custom_helm_charts/gluetun/README.md b/custom_helm_charts/gluetun/README.md
index 529d5f9..2038ab3 100644
--- a/custom_helm_charts/gluetun/README.md
+++ b/custom_helm_charts/gluetun/README.md
@@ -9,6 +9,7 @@ AirVPN WireGuard values:
   - `env.WIREGUARD_ADDRESSES` -> WireGuard tunnel address(es) (IPv4 /32 and optional IPv6)
   - `env.SERVER_HOSTNAMES` -> stable AirVPN server hostname
 - Create a Secret named `gluetun-wireguard` with key `WIREGUARD_PRIVATE_KEY` from your AirVPN WireGuard config (do not commit the key).
+  - Add `WIREGUARD_PRESHARED_KEY` from the same AirVPN WireGuard config.
   - `helm-values/gluetun_values.yaml` sets `secret.create: false` so the chart does not create a placeholder secret.
 
 Validation:
diff --git a/custom_helm_charts/gluetun/templates/secret.yaml b/custom_helm_charts/gluetun/templates/secret.yaml
index 8755aeb..a665716 100644
--- a/custom_helm_charts/gluetun/templates/secret.yaml
+++ b/custom_helm_charts/gluetun/templates/secret.yaml
@@ -11,4 +11,5 @@ metadata:
 type: Opaque
 stringData:
   WIREGUARD_PRIVATE_KEY: {{ .Values.secret.privateKey | quote }}
+  WIREGUARD_PRESHARED_KEY: {{ .Values.secret.presharedKey | quote }}
 {{- end }}
diff --git a/custom_helm_charts/gluetun/values.yaml b/custom_helm_charts/gluetun/values.yaml
index fce833f..47e411f 100644
--- a/custom_helm_charts/gluetun/values.yaml
+++ b/custom_helm_charts/gluetun/values.yaml
@@ -15,6 +15,11 @@ env:
       secretKeyRef:
         name: gluetun-wireguard
         key: WIREGUARD_PRIVATE_KEY
+  - name: WIREGUARD_PRESHARED_KEY
+    valueFrom:
+      secretKeyRef:
+        name: gluetun-wireguard
+        key: WIREGUARD_PRESHARED_KEY
   - name: WIREGUARD_ADDRESSES
     value: "REPLACE_ME"
   - name: SERVER_HOSTNAMES
@@ -32,6 +37,7 @@ secret:
   create: true
   name: gluetun-wireguard
   privateKey: "REPLACE_ME"
+  presharedKey: "REPLACE_ME"
 
 service:
   type: ClusterIP
diff --git a/helm-values/gluetun_values.yaml b/helm-values/gluetun_values.yaml
index 9d5f003..2b6a1b6 100644
--- a/helm-values/gluetun_values.yaml
+++ b/helm-values/gluetun_values.yaml
@@ -15,6 +15,11 @@ env:
       secretKeyRef:
         name: gluetun-wireguard
         key: WIREGUARD_PRIVATE_KEY
+  - name: WIREGUARD_PRESHARED_KEY
+    valueFrom:
+      secretKeyRef:
+        name: gluetun-wireguard
+        key: WIREGUARD_PRESHARED_KEY
   - name: WIREGUARD_ADDRESSES
     value: "10.160.17.207/32,fd7d:76ee:e68f:a993:61d7:a5fe:f834:90e1/128"
   - name: SERVER_HOSTNAMES