From c726b5a631330dfc86ef167df550f37f44fde046 Mon Sep 17 00:00:00 2001
From: Jan-Bulthuis <git@bulthuis.dev>
Date: Sat, 17 Jan 2026 13:32:26 +0100
Subject: [PATCH] feat: Move to Cilium

---
 hosts/vm-k1s/configuration.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/hosts/vm-k1s/configuration.nix b/hosts/vm-k1s/configuration.nix
index 474edf3..d41841b 100644
--- a/hosts/vm-k1s/configuration.nix
+++ b/hosts/vm-k1s/configuration.nix
@@ -33,6 +33,8 @@
     enable = true;
     extraFlags = [
       "--cluster-domain ${inputs.secrets.lab.k3s.clusterDomain}"
+      "--flannel-backend=none"
+      "--disable-network-policy"
     ];
     disable = [
       # "coredns" # CoreDNS is required for Flux to be able to bootstrap the cluster (Flux needs to resolve the git repo)
@@ -41,6 +43,7 @@
       "local-storage"
       "metrics-server"
       "runtimes"
+      # "kube-proxy" # TODO: Move to cilium
     ];
     manifests = {
       git-ssh-key = {
@@ -57,6 +60,17 @@
       };
     };
     autoDeployCharts = {
+      cilium = {
+        name = "cilium";
+        repo = "oci://quay.io/cilium/charts/cilium";
+        version = "1.18.6";
+        hash = "";
+        createNamespace = true;
+        targetNamespace = "cilium-system";
+        values = {
+          operator.replicas = 1;
+        };
+      };
       flux-operator = {
         name = "flux-operator";
         repo = "oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator";
@@ -152,11 +166,13 @@
 
   environment.variables = {
     KUBECONFIG = "/etc/rancher/k3s/k3s.yaml";
+    CILIUM_NAMESPACE = "cilium-system";
   };
 
   environment.systemPackages = with pkgs; [
     fluxcd
     k9s
+    cilium-cli
   ];
 
   # Use correct disko profile