diff --git a/configuration.nix b/configuration.nix
index 18788aa..4f9292a 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -4,14 +4,20 @@
 
 { config, pkgs, ... }:
 
+let
+  kubeMasterIP = "192.168.3.56";
+  kubeMasterHostname = "api.kube";
+  kubeMasterAPIServerPort = 6443;
+in
 {
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ./containers.nix
     ];
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
+  networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -105,12 +111,14 @@
   };
 
   fonts = {
+    fontDir.enable = true;
     enableDefaultPackages = true;
     packages = with pkgs; [
       mononoki
       ubuntu_font_family
       font-awesome
       source-han-serif
+      noto-fonts-cjk
     ];
 
     fontconfig = {
@@ -125,7 +133,11 @@
   # Enable automatic login for the user.
   services.xserver.displayManager.autoLogin.enable = true;
   services.xserver.displayManager.autoLogin.user = "liu";
-  services.jellyfin.enable = true;
+
+  services.plex = {
+    enable = true;
+    openFirewall = true;
+  };
 
   # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
   systemd.services."getty@tty1".enable = false;
@@ -139,6 +151,10 @@
   environment.systemPackages = with pkgs; [
   #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
   #  wget
+     kompose
+     kubectl
+     kubernetes
+     cloudflare-warp
   ];
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -152,13 +168,27 @@
   # List services that you want to enable:
 
   # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
+  services.openssh.enable = true;
+  services.kubernetes = {
+    roles = ["master" "node"];
+    masterAddress = kubeMasterHostname;
+    apiserverAddress = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
+    apiserver = {
+      securePort = kubeMasterAPIServerPort;
+      advertiseAddress = kubeMasterIP;
+    };
+    easyCerts = true;
 
+    # use coredns
+    addons.dns.enable = true;
+
+    # needed if you use swap
+    kubelet.extraOpts = "--fail-swap-on=false";
+  };
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 8096 ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
+  networking.firewall.enable = false;
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
diff --git a/containers.nix b/containers.nix
new file mode 100644
index 0000000..20bce2b
--- /dev/null
+++ b/containers.nix
@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  virtualisation.oci-containers.backend = "podman";
+  # virtualisation.oci-containers.containers = {
+  #   jellyfin = {
+  #     image = "docker.io/jellyfin/jellyfin:latest";
+  #     autoStart = true;
+  #     volumes = [
+  #       "jellyfin-cache:/cache:Z"
+  #       "jellyfin-config:/config:Z"
+  #       "/mnt/disk4/qbit:/media:ro,rprivate"
+  #       "/mnt/disk4/fonts:/fonts:ro"
+  #     ];
+  #     ports = [ "8096:8096/tcp" ];
+  #   };
+  #   # embyserver = {
+  #   #   image = "docker.io/emby/embyserver:latest";
+  #   #   autoStart = true;
+  #   #   volumes = [
+  #   #     "embyserver-config:/config:Z"
+  #   #     "/mnt/disk4/qbit:/media:ro,rprivate"
+  #   #   ];
+  #   #   ports = [ "8097:8096" "8921:8920" ];
+  #   #   extraOptions = [
+  #   #     "--net=host"
+  #   #     "--restart=on-failure"
+  #   #     "--device=/dev/dri:/dev/dri"
+  #   #   ];
+  #   # };
+  # };
+}
diff --git a/flake.lock b/flake.lock
index 15195c4..e1fc214 100644
--- a/flake.lock
+++ b/flake.lock
@@ -22,11 +22,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1698924604,
-        "narHash": "sha256-GCFbkl2tj8fEZBZCw3Tc0AkGo0v+YrQlohhEGJ/X4s0=",
+        "lastModified": 1699099776,
+        "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "fa804edfb7869c9fb230e174182a8a1a7e512c40",
+        "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
         "type": "github"
       },
       "original": {