diff --git a/nixos/hosts/telperion/config/haproxy.nix b/nixos/hosts/telperion/config/haproxy.nix
new file mode 100644
index 0000000..374a192
--- /dev/null
+++ b/nixos/hosts/telperion/config/haproxy.nix
@@ -0,0 +1,48 @@
+{ ... }:
+''
+global
+  log /dev/log local0
+  log /dev/log local1 notice
+  daemon
+
+defaults
+  mode http
+  log global
+  option httplog
+  option dontlognull
+  option http-server-close
+  option redispatch
+  retries 3
+  timeout http-request 10s
+  timeout queue 20s
+  timeout connect 10s
+  timeout client 1h
+  timeout server 1h
+  timeout http-keep-alive 10s
+  timeout check 10s
+
+frontend k8s_apiserver
+  bind *:6443
+  mode tcp
+  option tcplog
+  default_backend k8s_controlplane
+
+frontend talos_apiserver
+  bind *:50000
+  mode tcp
+  option tcplog
+  default_backend talos_controlplane
+
+backend k8s_controlplane
+  option httpchk GET /healthz
+  http-check expect status 200
+  mode tcp
+  option ssl-hello-chk
+  balance roundrobin
+  server worker1 10.1.1.61:6443 check
+
+backend talos_controlplane
+  option httpchk GET /healthz
+  http-check expect status 200
+  mode tcp
+''
\ No newline at end of file
diff --git a/nixos/hosts/telperion/default.nix b/nixos/hosts/telperion/default.nix
index 942f7bd..a1164f1 100644
--- a/nixos/hosts/telperion/default.nix
+++ b/nixos/hosts/telperion/default.nix
@@ -77,6 +77,11 @@
         enable = true;
         extraConfig = import ./config/bind.nix { inherit config; };
       };
+      haproxy = {
+        enable = true;
+        config = import ./config/haproxy.nix { inherit config; };
+        tcpPorts = [ 6443 50000 ];
+      };
     };
   };
 }
diff --git a/nixos/modules/nixos/services/default.nix b/nixos/modules/nixos/services/default.nix
index ee69ac6..ad07e7d 100644
--- a/nixos/modules/nixos/services/default.nix
+++ b/nixos/modules/nixos/services/default.nix
@@ -3,6 +3,7 @@
     ./bind
     ./cockpit
     ./forgejo
+    ./haproxy
     ./nginx
     ./onepassword-connect
     ./podman
diff --git a/nixos/modules/nixos/services/haproxy/default.nix b/nixos/modules/nixos/services/haproxy/default.nix
new file mode 100644
index 0000000..2145b23
--- /dev/null
+++ b/nixos/modules/nixos/services/haproxy/default.nix
@@ -0,0 +1,38 @@
+{ lib, config, pkgs, ... }:
+with lib;
+let
+  cfg = config.mySystem.services.haproxy;
+  serviceUser = "named";
+in
+{
+  options.mySystem.services.haproxy = {
+    enable = mkEnableOption "haproxy";
+    package = mkPackageOption pkgs "haproxy" { };
+    config = mkOption {
+      type = types.str;
+    };
+    tcpPorts = mkOption {
+      type = types.listOf types.int;
+      default = [ ];
+    };
+    udpPorts = mkOption {
+      type = types.listOf types.int;
+      default = [ ];
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Open firewall for specified ports.
+    networking.firewall = {
+      allowedTCPPorts = cfg.tcpPorts;
+      allowedUDPPorts = cfg.udpPorts;
+    };
+
+    # Enable haproxy service with custom configuration
+    services.haproxy = {
+      enable = true;
+      inherit (cfg) package;
+      config = cfg.config;
+    };
+  };
+}