diff --git a/.gitea/workflows/deploy-k8s.yml b/.gitea/workflows/deploy-k8s.yml
index 8d966ee..279f711 100644
--- a/.gitea/workflows/deploy-k8s.yml
+++ b/.gitea/workflows/deploy-k8s.yml
@@ -29,42 +29,6 @@ jobs:
           curl -fsSL https://deb.nodesource.com/setup_18.x
           apt-get install -y sshpass
 
-      - name: Install cloudflare prerequisites
-        run: |
-          apt-get install -y curl ca-certificates jq openssh-client net-tools iproute2
-      - name: Install cloudflared
-        run: |
-          # pacote .deb oficial - funcionará numa runner Ubuntu x86_64
-          curl -L -o cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
-          dpkg -i cloudflared.deb
-          cloudflared --version
-
-      - name: Install dante-server
-        run: |
-          apt-get install -y dante-server openssl 
-          #libssl1.1
-
-
-      - name: Configure dante-server
-        run: |
-          cat <<EOF |  tee /etc/danted.conf
-          logoutput: stderr
-          internal: 127.0.0.1 port = 1080
-          external: lo
-          method: none
-          clientmethod: none
-          client pass {
-              from: 0.0.0.0/0 to: 0.0.0.0/0
-              log: connect disconnect
-          }
-          # encaminhar tudo para o listener TCP do cloudflared
-          socks pass {
-              from: 0.0.0.0/0 to: 0.0.0.0/0
-              command: connect udpassociate bind
-              log: connect disconnect
-          }
-          EOF
-
       - name: vaultwarden urls as secrets
         run: |
           echo "config"
@@ -77,47 +41,6 @@ jobs:
           echo "getting item"
           bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"  | jq -r '.notes' > "proxmox-ssh-link.txt"
           cat proxmox-ssh-link.txt
-
-      - name: Start cloudflared Access TCP -> SOCKS5 (background)
-        env:
-          CF_SVC_ID: ${{ secrets.CF_SVC_ID }}
-          CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }}
-        run: |
-          Hostname=$(cat proxmox-ssh-link.txt)
-
-          # Inicia cloudflared access tcp/ssh com service token e listener socks local
-          # O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
-          nohup cloudflared access tcp \
-            --hostname "$Hostname" \
-            --listener "tcp://127.0.0.1:1081" \
-            --service-token-id "$CF_SVC_ID" \
-            --service-token-secret "$CF_SVC_SECRET" \
-            > cloudflared.log 2>&1 &
-
-          # espera a porta do listener estar pronta (timeout 30s)
-          for i in $(seq 1 30); do
-            ss -tnl | grep -q ":1081" && break
-            sleep 1
-          done
-
-          if ! ss -tnl | grep -q ":1081"; then
-            echo "SOCKS listener not ready after 30s, printing cloudflared.log"
-            tail -n +1 cloudflared.log
-            cat cloudflared.log
-            exit 1
-          fi
-
-          echo "cloudflared socks listener ready at $SOCKS_LISTENER"
-          sleep 1
-          # opcional: ver primeiros logs
-          tail -n 50 cloudflared.log || true
-      
-      - name: Start dante-server
-        run: |
-          pkill danted || true
-          danted -f /etc/danted.conf -D > dante.log 2>&1 &
-          sleep 3 
-          cat dante.log
           
 
       - name: Cloning ansible repository
@@ -130,7 +53,6 @@ jobs:
           BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
           echo "getting item"
           bw get item "iac.ansible.hosts.ini"  --session "$BW_SESSION"  | jq -r '.notes' > "inventory.ini"
-          cat inventory.ini
         working-directory: ansible/iac
 
       - name: Install Ansible
@@ -139,5 +61,4 @@ jobs:
       - name: Run Ansible Playbook
         working-directory: ansible/iac
         run: |
-          cat inventory.ini
           ansible-playbook -i inventory.ini playbook.yml
\ No newline at end of file