diff --git a/nixos/modules/services/misc/plex.nix b/nixos/modules/services/misc/plex.nix
index 48d3c05785cee7..f6bf2dee986516 100644
--- a/nixos/modules/services/misc/plex.nix
+++ b/nixos/modules/services/misc/plex.nix
@@ -19,6 +19,14 @@ in
         description = "The directory where Plex stores its data files.";
       };
 
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Open ports in the firewall for the media server
+        '';
+      };
+
       user = mkOption {
         type = types.str;
         default = "plex";
@@ -141,6 +149,11 @@ in
       };
     };
 
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ 32400 3005 8324 32469 ];
+      allowedUDPPorts = [ 1900 5353 32410 32412 32413 32414 ];
+    };
+
     users.extraUsers = mkIf (cfg.user == "plex") {
       plex = {
         group = cfg.group;