diff --git a/flake.nix b/flake.nix
index 298e898..cc616e1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,6 +18,7 @@
             export BW_SESSION=$(bw unlock --raw)
             export VERCEL_API_TOKEN=$(bw list items --search "Vercel API" | jq -r '.[0].notes')
             export HCLOUD_TOKEN=$(bw list items --search "Hetzner" | jq -r '.[0].fields[] | select(.name | contains("API")) | .value')
+            export TF_VAR_tailscale_key=$(bw list items --search "Tailscale Key" | jq -r '.[0].notes')
             # alias terraform='terraform -chdir=terraform'
           '';
         nativeBuildInputs = [
@@ -30,6 +31,8 @@
           pkgs.python39Packages.python-lsp-server
           pkgs.k9s
           pkgs.flyctl
+          pkgs.terraform-ls
+          pkgs.cilium-cli
         ];
         buildInputs = [ ];
       };
diff --git a/terraform/hcloud-kubernetes-cluster.tf b/terraform/hcloud-kubernetes-cluster.tf
index 2eff329..7845199 100644
--- a/terraform/hcloud-kubernetes-cluster.tf
+++ b/terraform/hcloud-kubernetes-cluster.tf
@@ -1,4 +1,31 @@
 resource "hcloud_network" "kube-network" {
   name     = "kube-network"
+  ip_range = "10.0.0.0/8"
+}
+
+resource "hcloud_network_subnet" "kube-subnet" {
+  network_id = hcloud_network.kube-network.id
+  type = "cloud"
+  network_zone = "eu-central"
   ip_range = "10.0.1.0/24"
 }
+
+# resource "hcloud_server" "server" {
+#   name        = "control-plane"
+#   server_type = "cx21"
+#   image       = "ubuntu-22.04"
+#   location    = "nbg1"
+
+#   network {
+#     network_id = hcloud_network.kube-network.id
+#     ip         = "10.0.1.1"
+#   }
+
+#   depends_on = [
+#     hcloud_network_subnet.kube-subnet
+#   ]
+
+#   user_data = templatefile("${path.module}/templates/cloud-init-tailscale.tpl", {
+# 	tailscale_key = var.tailscale_key
+#   })
+# }
diff --git a/terraform/main.tf b/terraform/main.tf
index d1cea13..6dbfcf6 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -32,5 +32,8 @@ provider "aws" {
 }
 
 provider "hcloud" {
-
+}
+
+variable "tailscale_key" {
+  type = string
 }
diff --git a/terraform/templates/cloud-init-tailscale.tpl b/terraform/templates/cloud-init-tailscale.tpl
new file mode 100644
index 0000000..15178dc
--- /dev/null
+++ b/terraform/templates/cloud-init-tailscale.tpl
@@ -0,0 +1,11 @@
+#cloud-config
+---
+apt:
+  sources:
+    tailscale.list:
+      source: deb https://pkgs.tailscale.com/stable/ubuntu jammy main
+      keyid: 2596A99EAAB33821893C0A79458CA832957F5868
+packages:
+  - tailscale
+runcmd:
+  - [ tailscale, up, -auth-key, ${tailscale_key}, -ssh ]
\ No newline at end of file