From fb66651b6964bed79c010d0b8be99d29413ebcb2 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 4 Jan 2026 22:27:00 -0500
Subject: [PATCH] Enable gateway support.

---
 .../keys/package/bootstrap-script/package.nix | 29 +++++++++++++++++++
 nix/kubernetes/keys/scope.nix                 |  4 +++
 2 files changed, 33 insertions(+)

diff --git a/nix/kubernetes/keys/package/bootstrap-script/package.nix b/nix/kubernetes/keys/package/bootstrap-script/package.nix
index eacc1fcc..2ae16d0f 100644
--- a/nix/kubernetes/keys/package/bootstrap-script/package.nix
+++ b/nix/kubernetes/keys/package/bootstrap-script/package.nix
@@ -28,6 +28,9 @@ let
     lib.concatMapStringsSep "," lib.escapeShellArg (
       [
         ./files/manifests/initial_clusterrole.yaml
+      ]
+      ++ gateway_crds
+      ++ [
         "${k8s.cilium-manifest}/cilium.yaml"
         "${k8s.coredns-manifest}/coredns.yaml"
         ./files/manifests/flux_namespace.yaml
@@ -43,6 +46,32 @@ let
     )
   );
   apply_manifests = "kubectl --kubeconfig=${k8s.client-configs.admin}/admin.kubeconfig apply --server-side --force-conflicts -f ${manifests}";
+  gateway_crds = [
+    (builtins.fetchurl {
+      url = "https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.2.0/config/crd/standard/gateway.networking.k8s.io_gatewayclasses.yaml";
+      sha256 = "0vf8c3kzlf7p6bf92gmdrzjc22fr2dwkrzvvbnxlsb43knv1nbzl";
+    })
+    (builtins.fetchurl {
+      url = "https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.2.0/config/crd/standard/gateway.networking.k8s.io_gateways.yaml";
+      sha256 = "1dqwlsypcb5f37y7x48rrv27yfgkizcx2alqd2nngijl1qzir3wa";
+    })
+    (builtins.fetchurl {
+      url = "https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.2.0/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml";
+      sha256 = "05llfw6y66438r8kqy7krhyymyalkzxsaxjpa2zxzjk6z5mggbzq";
+    })
+    (builtins.fetchurl {
+      url = "https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.2.0/config/crd/standard/gateway.networking.k8s.io_referencegrants.yaml";
+      sha256 = "0a9q0vhqcazfrni3ajcq8vm2b254vcjbgmkchsdq9l6cbpvx79jd";
+    })
+    (builtins.fetchurl {
+      url = "https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.2.0/config/crd/standard/gateway.networking.k8s.io_grpcroutes.yaml";
+      sha256 = "19hwvdwdj0sc5fihdskw492g52ail3kjjzm6vpflvp2vlqam629p";
+    })
+    (builtins.fetchurl {
+      url = "https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.2.0/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml";
+      sha256 = "0b5pjihyzyyi4inz3avlkzvvccsynj9wsmx6znld04jmmvwpgxc9";
+    })
+  ];
 in
 stdenv.mkDerivation (finalAttrs: {
   name = "bootstrap-script";
diff --git a/nix/kubernetes/keys/scope.nix b/nix/kubernetes/keys/scope.nix
index 350947f5..47ee352c 100644
--- a/nix/kubernetes/keys/scope.nix
+++ b/nix/kubernetes/keys/scope.nix
@@ -253,6 +253,10 @@ makeScope newScope (
               "ui" = {
                 "enabled" = true;
               };
+
+              "gatewayAPI" = {
+                "enabled" = true;
+              };
             };
 
             # TODO: Read and maybe apply https://docs.cilium.io/en/stable/operations/performance/tuning/