diff --git a/flake.nix b/flake.nix
index 96a5eee..91851f0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -154,6 +154,7 @@
 
         loki = loki-stable;
         loki-stable = lokiStable [ ];
+        loki-k3s = lokiStable [ ./nixos_modules/k3s.nix ];
         loki-unstable = lokiUnstable [ ];
 
       };
diff --git a/nixos_modules/k3s.nix b/nixos_modules/k3s.nix
index 7583288..43320e6 100644
--- a/nixos_modules/k3s.nix
+++ b/nixos_modules/k3s.nix
@@ -2,4 +2,16 @@
   services.k3s = {
     enable = true;
   };
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      6443 # Kubernetes API
+    ];
+    allowedTCPPortRanges = [
+      {
+        from = 9000;
+        to = 15000;
+      }
+    ];
+  };
 }