diff --git a/values/cilium/cilium-manifests/policies/allow-ingress-to-cluster.yaml b/values/cilium/cilium-manifests/policies/allow-ingress-to-cluster.yaml
new file mode 100644
index 00000000..ddbdbfb4
--- /dev/null
+++ b/values/cilium/cilium-manifests/policies/allow-ingress-to-cluster.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: "cilium.io/v2"
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: allow-ingress-to-cluster
+  namespace: default
+spec:
+  endpointSelector:
+    matchExpressions:
+      - key: reserved:ingress
+        operator: Exists
+  egress:
+    - toEntities:
+        - cluster
+  ingress:
+    - fromEntities:
+        - world
+        - cluster
+{{- end }}
diff --git a/values/headscale/values/values.yaml b/values/headscale/values/values.yaml
index e97790e4..1497c25f 100644
--- a/values/headscale/values/values.yaml
+++ b/values/headscale/values/values.yaml
@@ -302,7 +302,7 @@ configMaps:
            { "name": "slurm-agent.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
 
            { "name": "git.obx", "type": "A", "value": "10.0.1.9" },
-           { "name": "git.oceanbox.io", "type": "A", "value": "10.0.1.9" },
+           { "name": "git.oceanbox.io", "type": "A", "value": "10.0.1.3" },
 
            { "name": "kueue.dev.tos.obx", "type": "A", "value": "10.255.241.99" },