diff --git a/nix/kubernetes/keys/package/bootstrap-script/package.nix b/nix/kubernetes/keys/package/bootstrap-script/package.nix
index 9190b7af..eacc1fcc 100644
--- a/nix/kubernetes/keys/package/bootstrap-script/package.nix
+++ b/nix/kubernetes/keys/package/bootstrap-script/package.nix
@@ -29,7 +29,7 @@ let
       [
         ./files/manifests/initial_clusterrole.yaml
         "${k8s.cilium-manifest}/cilium.yaml"
-        ./files/manifests/coredns.yaml
+        "${k8s.coredns-manifest}/coredns.yaml"
         ./files/manifests/flux_namespace.yaml
         ./files/manifests/flux.yaml
         ./files/manifests/flux_instance.yaml
diff --git a/nix/kubernetes/keys/package/coredns-manifest/package.nix b/nix/kubernetes/keys/package/coredns-manifest/package.nix
new file mode 100644
index 00000000..ef904072
--- /dev/null
+++ b/nix/kubernetes/keys/package/coredns-manifest/package.nix
@@ -0,0 +1,45 @@
+# unpackPhase
+# patchPhase
+# configurePhase
+# buildPhase
+# checkPhase
+# installPhase
+# fixupPhase
+# installCheckPhase
+# distPhase
+{
+  stdenv,
+  fetchFromGitHub,
+  kubernetes-helm,
+  ...
+}:
+stdenv.mkDerivation (
+  finalAttrs:
+  let
+    version = "1.45.0";
+  in
+  {
+    name = "coredns-manifest";
+    nativeBuildInputs = [
+      kubernetes-helm
+    ];
+    buildInputs = [ ];
+
+    src = fetchFromGitHub {
+      owner = "coredns";
+      repo = "helm";
+      tag = "coredns-${version}";
+      hash = "sha256-9YHd/jB33JXvySzx/p9DaP+/2p5ucyLjues4DNtOkmU=";
+    };
+
+    buildPhase = ''
+      helm template --dry-run=client coredns $src/charts/coredns --namespace kube-system \
+           | tee $NIX_BUILD_TOP/coredns.yaml
+    '';
+
+    installPhase = ''
+      mkdir -p "$out"
+      cp $NIX_BUILD_TOP/coredns.yaml $out/
+    '';
+  }
+)
diff --git a/nix/kubernetes/keys/scope.nix b/nix/kubernetes/keys/scope.nix
index 784b20cb..60650acc 100644
--- a/nix/kubernetes/keys/scope.nix
+++ b/nix/kubernetes/keys/scope.nix
@@ -208,6 +208,7 @@ makeScope newScope (
     );
     encryption_config = (callPackage ./package/k8s-encryption-key/package.nix additional_vars);
     cilium-manifest = (callPackage ./package/cilium-manifest/package.nix additional_vars);
+    coredns-manifest = (callPackage ./package/coredns-manifest/package.nix additional_vars);
     all_keys = (callPackage ./package/k8s-keys/package.nix additional_vars);
     deploy_script = (callPackage ./package/deploy-script/package.nix additional_vars);
     bootstrap_script = (callPackage ./package/bootstrap-script/package.nix additional_vars);