diff --git a/hosts/xerneas.nix b/hosts/xerneas.nix
index 974d87e..e69dd92 100644
--- a/hosts/xerneas.nix
+++ b/hosts/xerneas.nix
@@ -10,11 +10,15 @@
       ../types/server.nix
     ];
   config = lib.mkMerge [
-    {networking.interfaces.enp0s31f6.ipv4.addresses = [ { address = "172.16.1.252"; prefixLength = 12; } ]; }
-    #(iface.bridge "lan0" "172.16.1.252/12" "172.16.1.1" "phy0" "d8:9e:f3:1b:7f:8a")
-    #(iface.dhcp "phy1" "98:b7:85:01:39:1a")
-    #(iface.dhcp "phy2" "98:b7:85:01:39:1b")
-    #(iface.dhcp "phy3" "98:b7:85:01:39:1c")
-    #(iface.dhcp "phy4" "98:b7:85:01:39:1d")
+    {
+      networking = {
+        interfaces.br0.ipv4.addresses = [ { address = "172.16.1.252"; prefixLength = 12; } ];
+	bridges.br0 = { interfaces = ["enp0s31f6"]; };
+	bridges.private0 = { interfaces = ["enp4s0"]; };
+	bridges.private1 = { interfaces = ["enp5s0"]; };
+	bridges.private2 = { interfaces = ["enp6s0"]; };
+	bridges.dmz0 = { interfaces = ["enp7s0"]; };
+      };
+    }
   ];
 }
diff --git a/modules/k3s-agent.nix b/modules/k3s-agent.nix
new file mode 100644
index 0000000..4895fef
--- /dev/null
+++ b/modules/k3s-agent.nix
@@ -0,0 +1,51 @@
+{config, numbers, pkgs, lib, ...}:
+
+with lib;
+
+in
+
+{
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    tokenFile = "/etc/k3s.token";
+    serverAddr =
+        "https://172.16.17.1:6443";
+    extraFlags = (
+    " --flannel-backend=wireguard-native"+
+    " --disable=traefik"+
+    " --disable=servicelb"+
+    " --disable=local-storage"+
+    " --tls-san=k8s.cascade.strudelline.net"+
+    " --kubelet-arg=config=/etc/rancher/k3s/kubelet.config}"+
+    " --kubelet-arg=allowed-unsafe-sysctls=net.*"+
+    " --embedded-registry"+
+    " --nonroot-devices"+
+    "");
+  };
+  
+  environment.etc = {
+    "rancher/k3s/kubelet.config".text = ''
+      apiVersion: kubelet.config.k8s.io/v1beta1
+      kind: KubeletConfiguration
+      maxPods: 250
+    '';
+    "rancher/k3s/registries.yaml".text = ''
+      mirrors:
+        "*":
+    '';
+  };
+
+  networking.firewall.allowedUDPPorts = [
+    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250
+  ];
+  networking.firewall.allowedUDPPortRanges = [
+    { from = 5000; to = 32767; }
+  ];
+  networking.firewall.allowedTCPPorts = [
+    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250
+  ];
+  networking.firewall.allowedTCPPortRanges = [
+    { from = 5000; to = 32767; }
+  ];
+}
diff --git a/types/server.nix b/types/server.nix
index 5b0ed00..e6e03a0 100644
--- a/types/server.nix
+++ b/types/server.nix
@@ -10,5 +10,5 @@
     ../modules/serial-console.nix
   ];
 
-  system.stateVersion = "24.05";
+  hardware.enableRedistributableFirmware = true;
 }