From 1b2b582c80bc4822f5438c0537d1b0798cc7d52b Mon Sep 17 00:00:00 2001
From: NyxErinys <NyxErinys5@gmail.com>
Date: Wed, 27 May 2026 03:27:09 -0500
Subject: [PATCH] open node ports

---
 modules/k3s/default.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/modules/k3s/default.nix b/modules/k3s/default.nix
index 4e37c91..8bce7d6 100644
--- a/modules/k3s/default.nix
+++ b/modules/k3s/default.nix
@@ -16,12 +16,16 @@ in
 
   config = mkIf cfg.enable {
     networking.firewall.allowedTCPPorts = [
-      6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
-      2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
-      2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
+      6443 # k3s, api server
+      2379 # k3s, etcd clients
+      2380 # k3s, etcd peers
+      10250 # k3s, kubelet
     ];
     networking.firewall.allowedUDPPorts = [
-      8472 # k3s, flannel: required if using multi-node for inter-node networking
+      8472 # k3s, flannel
+    ];
+    networking.firewall.allowedTCPPortRanges = [
+      { from = 30000; to = 32767; } # k3s, nodeport
     ];
 
     environment.systemPackages = with pkgs; [