diff --git a/cloud-init-base.yaml b/cloud-init-base.yaml
new file mode 100644
index 0000000..db29864
--- /dev/null
+++ b/cloud-init-base.yaml
@@ -0,0 +1,20 @@
+locale: "pt_PT.UTF-8"
+keyboard:
+    layout: "pt"
+    variant: "nodeadkeys"
+
+#cloud-config
+users:
+    - default
+
+ssh_pwauth: true
+
+package_update: true
+packages:
+    - qemu-guest-agent
+    - net-tools
+    - curl
+runcmd:
+    - systemctl enable qemu-guest-agent
+    - systemctl start qemu-guest-agent
+    - echo "done" > /tmp/cloud-config.done
\ No newline at end of file
diff --git a/cloud-init-vm.yaml.tftpl b/cloud-init-vm.yaml.tftpl
new file mode 100644
index 0000000..d8b55d0
--- /dev/null
+++ b/cloud-init-vm.yaml.tftpl
@@ -0,0 +1,31 @@
+#cloud-config
+package_update: true
+packages:
+%{ for pkg in each.value.extra_packages ~}
+    - ${pkg}
+%{ endfor ~}
+
+users:
+%{ if length(each.value.extra_users) > 0 ~}
+
+%{ for u in each.value.extra_users ~}
+- name: ${u.name}
+    groups: [${join(", ", u.groups)}]
+    shell: /bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+%{ endfor ~}
+
+chpasswd:
+    list: |
+    %{ for u in each.value.extra_users ~}
+        ${u.name}:${u.password}
+    %{ endfor ~}
+    expire: false
+
+%{ endif ~}
+runcmd:
+%{ if length(each.value.extra_runcmd) > 0 ~}
+%{ for cmd in each.value.extra_runcmd ~}
+    - ${cmd}
+%{ endfor ~}
+%{ endif ~}
\ No newline at end of file
diff --git a/proxmox.tf b/proxmox.tf
index d62dff9..e121ff9 100644
--- a/proxmox.tf
+++ b/proxmox.tf
@@ -30,28 +30,7 @@ resource "proxmox_virtual_environment_file" "cloud_init_yaml" {
 
   source_raw {
     file_name = "user-data-cloud-config.yaml"
-    data = <<-EOF
-    locale: "pt_PT.UTF-8"
-    keyboard:
-      layout: "pt"
-      variant: "nodeadkeys"
-
-    #cloud-config
-    users:
-      - default
-
-    ssh_pwauth: true
-
-    package_update: true
-    packages:
-      - qemu-guest-agent
-      - net-tools
-      - curl
-    runcmd:
-      - systemctl enable qemu-guest-agent
-      - systemctl start qemu-guest-agent
-      - echo "done" > /tmp/cloud-config.done
-    EOF
+    data = yamldecode(file("${path.module}/cloud-init-base.yaml"))
   }
 }
 
@@ -59,47 +38,60 @@ resource "proxmox_virtual_environment_file" "cloud_init_yaml" {
 
 # Gerar um snippet cloud-init por VM
 resource "proxmox_virtual_environment_file" "vm_user_data" {
-  for_each = { for vm in var.proxmox_k8s_vms : vm.name => vm }
+  for_each = local.merged_cloudinit
 
   node_name    = "fenix"
   datastore_id = "local-snippets"
   content_type = "snippets"
 
   source_raw {
-    file_name = "cloud-init-iac-k8s-${each.value.name}.yaml"
-    data = <<-EOF
-        #cloud-config
-        package_update: true
-        packages:
-        %{ for pkg in each.value.extra_packages ~}
-            - ${pkg}
-        %{ endfor ~}
+    file_name = "cloud-init-iac-k8s-${each.key}.yaml"
+    data      = yamlencode(each.value)
+  }
+}
 
-        users:
-        %{ if length(each.value.extra_users) > 0 ~}
-        
-        %{ for u in each.value.extra_users ~}
-        - name: ${u.name}
-            groups: [${join(", ", u.groups)}]
-            shell: /bin/bash
-            sudo: ALL=(ALL) NOPASSWD:ALL
-        %{ endfor ~}
+locals {
+  # Lê o ficheiro base (que está no mesmo módulo)
+  base_cloudinit = yamldecode(file("${path.module}/cloud-init-base.yaml"))
 
-        chpasswd:
-            list: |
-            %{ for u in each.value.extra_users ~}
-                ${u.name}:${u.password}
-            %{ endfor ~}
-            expire: false
+  # Renderiza cada ficheiro por VM
+  vm_cloudinits = {
+    for vm in var.proxmox_k8s_vms : vm.name => yamldecode(
+      templatefile("${path.module}/cloud-init-vm.yaml.tftpl", {
+        hostname       = vm.hostname
+        extra_packages = try(vm.extra_packages, [])
+        extra_users    = try(vm.extra_users, [])
+        extra_runcmd   = try(vm.extra_runcmd, [])
+      })
+    )
+  }
 
-        %{ endif ~}
-        runcmd:
-        %{ if length(each.value.extra_runcmd) > 0 ~}
-        %{ for cmd in each.value.extra_runcmd ~}
-            - ${cmd}
-        %{ endfor ~}
-        %{ endif ~}
-    EOF
+  # Função recursiva para deep merge
+  deep_merge = function("deep_merge", [map(string), map(string)], map(string), <<EOT
+    base, override = args
+    result = {}
+    for k in setunion(keys(base), keys(override)) {
+      if can(base[k]) && can(override[k]) {
+        if type(base[k]) == list && type(override[k]) == list {
+          result[k] = concat(base[k], override[k])
+        } else if type(base[k]) == map && type(override[k]) == map {
+          result[k] = deep_merge(base[k], override[k])
+        } else {
+          result[k] = override[k]
+        }
+      } else if can(override[k]) {
+        result[k] = override[k]
+      } else {
+        result[k] = base[k]
+      }
+    }
+    return result
+  EOT)
+
+  # Resultado final = deep merge do base + vm
+  merged_cloudinit = {
+    for vm_name, vm_cfg in local.vm_cloudinits :
+    vm_name => local.deep_merge(local.base_cloudinit, vm_cfg)
   }
 }