From 1161ab94042f59e133c626cf2df2f3f20a914954 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 4 Jan 2026 22:27:46 -0500
Subject: [PATCH] Temporarily disable the firewall for debugging.

---
 nix/kubernetes/keys/scope.nix             | 2 ++
 nix/kubernetes/roles/firewall/default.nix | 8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/nix/kubernetes/keys/scope.nix b/nix/kubernetes/keys/scope.nix
index 47ee352c..1414f6e2 100644
--- a/nix/kubernetes/keys/scope.nix
+++ b/nix/kubernetes/keys/scope.nix
@@ -259,6 +259,8 @@ makeScope newScope (
               };
             };
 
+            "policyEnforcementMode" = "never";
+
             # TODO: Read and maybe apply https://docs.cilium.io/en/stable/operations/performance/tuning/
 
             # --set hostFirewall.enabled=true
diff --git a/nix/kubernetes/roles/firewall/default.nix b/nix/kubernetes/roles/firewall/default.nix
index b983de65..3630b5c7 100644
--- a/nix/kubernetes/roles/firewall/default.nix
+++ b/nix/kubernetes/roles/firewall/default.nix
@@ -53,9 +53,9 @@
     # Check logs for blocked connections:
     # journalctl -k or dmesg
 
-    networking.nftables.tables."my-fw" = {
-      family = "inet";
-      content = (builtins.readFile ./files/my-fw.nft);
-    };
+    # networking.nftables.tables."my-fw" = {
+    #   family = "inet";
+    #   content = (builtins.readFile ./files/my-fw.nft);
+    # };
   };
 }