diff --git a/hosts/k3s-nixos-01/hardware-configuration.nix b/hosts/k3s-nixos-01/hardware-configuration.nix
new file mode 100644
index 0000000..5562553
--- /dev/null
+++ b/hosts/k3s-nixos-01/hardware-configuration.nix
@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/bbb0f278-7e0c-490b-be43-cc01d6b4d19b";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/5936-8FC5";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/k3s-nixos-01/k3s.nix b/hosts/k3s-nixos-01/k3s.nix
new file mode 100644
index 0000000..ea1f917
--- /dev/null
+++ b/hosts/k3s-nixos-01/k3s.nix
@@ -0,0 +1,70 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    k3s
+  ];
+
+  environment.sessionVariables = {
+    KUBECONFIG = "$HOME/.kube/config";
+  };
+
+  services.k3s = {
+    enable = true;
+    role = "server";
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = no;
+      PermitRootLogin = "no";
+    };
+  };
+
+  systemd.services.cloudflared-connector = {
+    description = "Cloudflare Tunnel Connector";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token XXXXXXXXXXXXXXXXXXXXXXXXXXXX";
+      Restart = "always";
+      User = "cloudflared";
+      Group = "cloudflared";
+    };
+  };
+
+  users.users.cloudflared = {
+    group = "cloudflared";
+    isSystemUser = true;
+  };
+  users.groups.cloudflared = { };
+
+  networking = {
+    useDHCP = false;
+    dhcpcd.enable = false;
+
+    defaultGateway = "192.168.1.254";
+    nameservers = [
+      "1.1.1.1"
+      "8.8.8.8"
+    ];
+
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        6443
+        10250
+        22
+      ];
+      allowedUDPPorts = [ 8472 ];
+    };
+
+    interfaces.enp0s25.ipv4.addresses = [
+      {
+        address = "192.168.1.89";
+        prefixLength = 24;
+      }
+    ];
+  };
+}
diff --git a/hosts/k3s-nixos-02/k3s.nix b/hosts/k3s-nixos-02/k3s.nix
new file mode 100644
index 0000000..99f475e
--- /dev/null
+++ b/hosts/k3s-nixos-02/k3s.nix
@@ -0,0 +1,31 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    k3s
+  ];
+
+  environment.sessionVariables = {
+    KUBECONFIG = "$HOME/.kube/config";
+  };
+
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    serverAddr = "https://192.168.1.89:6443";
+    tokenFile = "/var/lib/rancher/k3s/agent/token";
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 10250 22 ];
+    allowedUDPPorts = [ 8472 ];
+  };
+}