diff --git a/group_vars/lb.yml b/group_vars/lb.yml
index b741dd0..e57a709 100644
--- a/group_vars/lb.yml
+++ b/group_vars/lb.yml
@@ -11,6 +11,7 @@ haproxy:
           - 192.168.20.21
           - 192.168.20.22
           - 192.168.20.23
+          - 192.168.20.24
       # - src:
       #     - kubernetes-dashboard.badjnet.home
       #     - traefik.badjnet.home
@@ -28,6 +29,7 @@ haproxy:
           - 192.168.20.21:30022
           - 192.168.20.22:30022
           - 192.168.20.23:30022
+          - 192.168.20.24:30022
 
 letsencrypt:
   domains:
diff --git a/hosts b/hosts
index 49958bb..a4cb54a 100644
--- a/hosts
+++ b/hosts
@@ -45,14 +45,22 @@ all:
           hosts:
             k3s-s0:
               ansible_host: 192.168.20.20
+              platform: raspberrypi
         k3s-agent:
           hosts:
             k3s-w0:
               ansible_host: 192.168.20.21
+              platform: raspberrypi
             k3s-w1:
               ansible_host: 192.168.20.22
+              platform: raspberrypi
             k3s-w2:
               ansible_host: 192.168.20.23
+              platform: raspberrypi
+            k3s-w3:
+              ansible_host: 192.168.20.24
+              platform: lxc
+              k3s_extra_args: --node-taint kubernetes.io/arch=amd64:PreferNoSchedule
     debian:
       hosts:
         ubiquiti:
diff --git a/roles/k3s-agent/defaults/main.yml b/roles/k3s-agent/defaults/main.yml
new file mode 100644
index 0000000..230db01
--- /dev/null
+++ b/roles/k3s-agent/defaults/main.yml
@@ -0,0 +1 @@
+k3s_extra_args: ""
\ No newline at end of file
diff --git a/roles/k3s-agent/templates/k3s.service b/roles/k3s-agent/templates/k3s.service
index 9a09a8b..328942b 100644
--- a/roles/k3s-agent/templates/k3s.service
+++ b/roles/k3s-agent/templates/k3s.service
@@ -6,7 +6,7 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s agent --server https://{{ hostvars[groups['k3s-server'][0]]['ansible_facts']['default_ipv4']['address'] }}:6443 --token {{ hostvars[groups['k3s-server'][0]]['token'] }} {{ k3s.extra_agent_args | default("") }}
+ExecStart=/usr/local/bin/k3s agent --server https://{{ hostvars[groups['k3s-server'][0]]['ansible_facts']['default_ipv4']['address'] }}:6443 --token {{ hostvars[groups['k3s-server'][0]]['token'] }} {{ k3s.extra_agent_args | default("") }} {{ k3s_extra_args }}
 KillMode=process
 Delegate=yes
 # Having non-zero Limit*s causes performance problems due to accounting overhead
diff --git a/roles/k3s-server/defaults/main.yml b/roles/k3s-server/defaults/main.yml
new file mode 100644
index 0000000..230db01
--- /dev/null
+++ b/roles/k3s-server/defaults/main.yml
@@ -0,0 +1 @@
+k3s_extra_args: ""
\ No newline at end of file
diff --git a/roles/k3s-server/templates/k3s.service b/roles/k3s-server/templates/k3s.service
index e8de128..7676c45 100644
--- a/roles/k3s-server/templates/k3s.service
+++ b/roles/k3s-server/templates/k3s.service
@@ -7,7 +7,7 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s server {{ k3s.extra_server_args | default("") }}
+ExecStart=/usr/local/bin/k3s server {{ k3s.extra_server_args | default("") }} {{ k3s_extra_args }}
 KillMode=process
 Delegate=yes
 # Having non-zero Limit*s causes performance problems due to accounting overhead
diff --git a/roles/k3s/defaults/main.yml b/roles/k3s/defaults/main.yml
new file mode 100644
index 0000000..527a2e3
--- /dev/null
+++ b/roles/k3s/defaults/main.yml
@@ -0,0 +1 @@
+platform: lxc
\ No newline at end of file
diff --git a/roles/k3s/files/rc.local b/roles/k3s/files/rc.local
new file mode 100644
index 0000000..daa6c77
--- /dev/null
+++ b/roles/k3s/files/rc.local
@@ -0,0 +1,10 @@
+#!/bin/sh -e
+
+# Kubeadm 1.15 needs /dev/kmsg to be there, but it's not in lxc, but we can just use /dev/console instead
+# see: https://github.com/kubernetes-sigs/kind/issues/662
+if [ ! -e /dev/kmsg ]; then
+    ln -s /dev/console /dev/kmsg
+fi
+
+# https://medium.com/@kvaps/run-kubernetes-in-lxc-container-f04aa94b6c9c
+mount --make-rshared /
diff --git a/roles/k3s/tasks/lxc.yml b/roles/k3s/tasks/lxc.yml
new file mode 100644
index 0000000..3762cbf
--- /dev/null
+++ b/roles/k3s/tasks/lxc.yml
@@ -0,0 +1,16 @@
+- name: Download amd64 k3s binary
+  get_url:
+    url: https://github.com/k3s-io/k3s/releases/download/{{ k3s.version }}/k3s
+    checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s.version }}/sha256sum-amd64.txt
+    dest: /usr/local/bin/k3s
+    owner: root
+    group: root
+    mode: 0755
+  notify: reboot
+
+- name: Configure /etc/rc.local
+  copy:
+    src: rc.local
+    dest: /etc/rc.local
+    mode: +x
+  notify: reboot
\ No newline at end of file
diff --git a/roles/k3s/tasks/main.yml b/roles/k3s/tasks/main.yml
index 88e7c62..a7f3e3c 100644
--- a/roles/k3s/tasks/main.yml
+++ b/roles/k3s/tasks/main.yml
@@ -1,21 +1,7 @@
-- name: Download k3s binary
-  get_url:
-    url: https://github.com/k3s-io/k3s/releases/download/{{ k3s.version }}/k3s-arm64
-    checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s.version }}/sha256sum-arm64.txt
-    dest: /usr/local/bin/k3s
-    owner: root
-    group: root
-    mode: 0755
-  notify: reboot
+- name: Install required packages
+  apt:
+    name:
+      - open-iscsi
+      - nfs-common
 
-- name: Configure poe hat fan speed control udev rules
-  copy:
-    src: 50-rpi-fan.rules
-    dest: /etc/udev/rules.d/50-rpi-fan.rules
-  notify: reboot
-
-- name: Configure kernel command line parameters
-  copy:
-    src: cmdline.txt
-    dest: /boot/firmware/cmdline.txt
-  notify: reboot
+- include_tasks: '{{ platform }}.yml'
diff --git a/roles/k3s/tasks/raspberrypi.yml b/roles/k3s/tasks/raspberrypi.yml
new file mode 100644
index 0000000..9475c60
--- /dev/null
+++ b/roles/k3s/tasks/raspberrypi.yml
@@ -0,0 +1,21 @@
+- name: Download arm64 k3s binary
+  get_url:
+    url: https://github.com/k3s-io/k3s/releases/download/{{ k3s.version }}/k3s-arm64
+    checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s.version }}/sha256sum-arm64.txt
+    dest: /usr/local/bin/k3s
+    owner: root
+    group: root
+    mode: 0755
+  notify: reboot
+
+- name: Configure poe hat fan speed control udev rules
+  copy:
+    src: 50-rpi-fan.rules
+    dest: /etc/udev/rules.d/50-rpi-fan.rules
+  notify: reboot
+
+- name: Configure kernel command line parameters
+  copy:
+    src: cmdline.txt
+    dest: /boot/firmware/cmdline.txt
+  notify: reboot
diff --git a/roles/proxmox/tasks/main.yml b/roles/proxmox/tasks/main.yml
index 9b74808..2eb3e56 100644
--- a/roles/proxmox/tasks/main.yml
+++ b/roles/proxmox/tasks/main.yml
@@ -34,6 +34,13 @@
     line: 'acl:1:/:{{ item.key }}@pam:Administrator:'
   with_dict: '{{ users }}'
 
+- name: Enable ipv4 packet forwarding
+  lineinfile:
+    path: /etc/sysctl.conf
+    regexp: '^#?net.ipv4.ip_forward='
+    line: net.ipv4.ip_forward=1
+  notify: update grub
+
 # - name: Force quorum to always be reached
 #   lineinfile:
 #     path: /etc/pve/corosync.conf