From 4c89072b3c323fc49984ca3fdd29cf24dff73b06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Wed, 20 Aug 2025 11:48:39 +0200
Subject: [PATCH] fix: Allow egress to cache.nixos.org

---
 .../ncps/manifests/policies/allow-cache-nixos.yaml   | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 values/ncps/manifests/policies/allow-cache-nixos.yaml

diff --git a/values/ncps/manifests/policies/allow-cache-nixos.yaml b/values/ncps/manifests/policies/allow-cache-nixos.yaml
new file mode 100644
index 00000000..90fb8002
--- /dev/null
+++ b/values/ncps/manifests/policies/allow-cache-nixos.yaml
@@ -0,0 +1,12 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-cache-nixos
+  namespace: ncps
+spec:
+  egress:
+    - toFQDNs:
+        - matchPattern: 'cache.nixos.org'
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: nix-cache