diff --git a/.gitea/workflows/ci-test.yaml b/.gitea/workflows/ci-test.yaml
index aff5d6d..bc81c44 100644
--- a/.gitea/workflows/ci-test.yaml
+++ b/.gitea/workflows/ci-test.yaml
@@ -33,6 +33,82 @@ jobs:
           token: ${{ secrets.GGITEA_TOKEN }}
           path: infra/secrets
 
+
+      - name: Install cloudflare prerequisites
+        run: |
+          apt-get install -y curl ca-certificates jq openssh-client net-tools iproute2
+      - name: Install cloudflared
+        run: |
+          # pacote .deb oficial - funcionará numa runner Ubuntu x86_64
+          curl -L -o cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
+          dpkg -i cloudflared.deb
+          cloudflared --version
+
+      - name: Install dante-server
+        run: |
+          apt-get install -y dante-server
+
+
+      - name: Configure dante-server
+        run: |
+          cat <<EOF |  tee /etc/danted.conf
+          logoutput: stderr
+          internal: 127.0.0.1 port = 1080
+          external: lo
+          method: none
+          clientmethod: none
+          client pass {
+              from: 0.0.0.0/0 to: 0.0.0.0/0
+              log: connect disconnect
+          }
+          # encaminhar tudo para o listener TCP do cloudflared
+          socks pass {
+              from: 0.0.0.0/0 to: 0.0.0.0/0
+              command: connect udpassociate bind
+              log: connect disconnect
+          }
+          EOF
+
+      - name: Start cloudflared Access TCP -> SOCKS5 (background)
+        env:
+          CF_SVC_ID: ${{ secrets.CF_SVC_ID }}
+          CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }}
+          HOSTNAME: "proxmox-ssh.fenix-dev.com"
+        run: |
+          # Inicia cloudflared access tcp/ssh com service token e listener socks local
+          # O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
+          nohup cloudflared access tcp \
+            --hostname "$HOSTNAME" \
+            --listener "tcp://127.0.0.1:1081" \
+            --service-token-id "$CF_SVC_ID" \
+            --service-token-secret "$CF_SVC_SECRET" \
+            > cloudflared.log 2>&1 &
+
+          # espera a porta do listener estar pronta (timeout 30s)
+          for i in $(seq 1 30); do
+            ss -tnl | grep -q ":1081" && break
+            sleep 1
+          done
+
+          if ! ss -tnl | grep -q ":1081"; then
+            echo "SOCKS listener not ready after 30s, printing cloudflared.log"
+            tail -n +1 cloudflared.log
+            cat cloudflared.log
+            exit 1
+          fi
+
+          echo "cloudflared socks listener ready at $SOCKS_LISTENER"
+          sleep 1
+          # opcional: ver primeiros logs
+          tail -n 50 cloudflared.log || true
+      
+      - name: Start dante-server
+        run: |
+          pkill danted || true
+          danted -f /etc/danted.conf -D > dante.log 2>&1 &
+          sleep 3
+          cat dante.log
+          
       - name: vaultwarden login
         working-directory: infra/iac
         run: |
@@ -40,7 +116,8 @@ jobs:
 
       - name: Init OpenTofu
         working-directory: infra/iac
-        run: tofu init
+        run: |
+          tofu init
 
       - name: Plan
         working-directory: infra/iac
diff --git a/main.tf b/main.tf
index f49b09a..478db8a 100644
--- a/main.tf
+++ b/main.tf
@@ -14,7 +14,7 @@ terraform {
     } 
     proxmox = {
       source = "bpg/proxmox"
-      version = "0.82.1"
+      version = "= 0.75.0"
     }
   }
   backend "consul" {
diff --git a/proxmox.tf b/proxmox.tf
index 4a4c767..3981b89 100644
--- a/proxmox.tf
+++ b/proxmox.tf
@@ -1,28 +1,77 @@
-
 provider "proxmox" {
   endpoint  = var.proxmox_server
   api_token = var.proxmox_apikey
   ssh {
     agent    = true
-    username = "terraform"
-  }
+    username = var.proxmox_username_ssh
+    socks5_server = var.proxmox_server_ssh
+    password = var.proxmox_password_ssh   
+    
+    node {
+      name    = "fenix"
+      address = "127.0.0.1"
+      port = 1081
+    }
 }
-resource "proxmox_virtual_environment_download_file" "Fedora-iso" {
-  content_type = "iso"           # tipo do arquivo
-  datastore_id = "local"         # datastore do Proxmox onde o arquivo será guardado
-  node_name    = "fenix"         # nó do Proxmox onde será armazenado
-  file_name    = "IAC-Fedora-Workstation-Live-x86_64-41-1.4.iso"
-  url          = "https://download.fedoraproject.org/pub/fedora/linux/releases/41/Workstation/x86_64/iso/Fedora-Workstation-Live-x86_64-41-1.4.iso"
 }
 
+resource "proxmox_virtual_environment_download_file" "latest_ubunto_cloud_img" {
+  content_type = "iso"
+  datastore_id = "local"
+  node_name    = "fenix"
+  url = "https://cloud-images.ubuntu.com/jammy/20250725/jammy-server-cloudimg-amd64.img"
+  file_name = "jammyservercloudimgamd64.img"
+}
+
+resource "proxmox_virtual_environment_file" "cloud_init_yaml" {
+  node_name    = "fenix"
+  datastore_id = "local-snippets"
+  content_type = "snippets"
+
+  source_raw {
+    file_name = "user-data-cloud-config.yaml"
+    data = <<-EOF
+    #cloud-config
+    users:
+      - default
+      - name: testeuser
+        groups: sudo
+        shell: /bin/bash
+        sudo: ALL=(ALL) NOPASSWD:ALL
+
+    ssh_pwauth: true
+
+    chpasswd:
+      list: |
+        testeuser:testepassword
+      expire: false
+
+    package_update: true
+    packages:
+      - qemu-guest-agent
+      - net-tools
+      - curl
+    runcmd:
+      - systemctl enable qemu-guest-agent
+      - systemctl start qemu-guest-agent
+      - echo "done" > /tmp/cloud-config.done
+    EOF
+  }
+}
+
+
 resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
-  depends_on = [proxmox_virtual_environment_download_file.Fedora-iso]
+
+  depends_on = [proxmox_virtual_environment_download_file.latest_ubunto_cloud_img, proxmox_virtual_environment_file.cloud_init_yaml]
   name      = "proxmox-kubernetes-VM-template"
   node_name = "fenix"
   vm_id     = 1002
   template  = true
   started   = false
 
+  agent {
+    enabled = true
+  }
   tags        = ["opentofu", "kubernetes", "fedora"]
   machine     = "q35"
   bios        = "seabios"
@@ -33,54 +82,50 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
   }
 
   memory {
-    dedicated = 2048
+    dedicated = 4096
   }
 
   # Configuração do disco rígido
   disk {
     datastore_id = "local-lvm"
-    interface    = "scsi0"
+    interface    = "scsi1"
     size         = 64
   }
 
+  disk {
+    datastore_id = "local-lvm"
+    file_id      = proxmox_virtual_environment_download_file.latest_ubunto_cloud_img.id
+    interface    = "scsi0"
+    file_format  = "qcow2"
+  }
+
   # Configuração da interface de rede
   network_device {
     bridge = "vmbr0"
     model  = "virtio"
   }
 
-  # Configuração do CD-ROM com a ISO
-  cdrom {
-    file_id = proxmox_virtual_environment_download_file.Fedora-iso.id
-  }
-
-
-  initialization {
-    ip_config {
-      ipv4 {
-        address = "dhcp"
-      }
+initialization {
+  ip_config {
+    ipv4 {
+    address = "dhcp"  # IP estático + máscara de rede
     }
-
   }
+  user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id
+ }
 }
 
 
-resource "proxmox_virtual_environment_vm" "VM_Kubernetes_01" {
-  name      = "VM_Kubernetes_01"
+resource "proxmox_virtual_environment_vm" "VM-Kubernetes-01" {
+  depends_on = [proxmox_virtual_environment_vm.proxmox-kubernetes-VM-template]
+  name      = "VM-Kubernetes-01"
   node_name = "fenix"
 
   clone {
     vm_id = proxmox_virtual_environment_vm.proxmox-kubernetes-VM-template.id
   }
-
   agent {
-    # NOTE: The agent is installed and enabled as part of the cloud-init configuration in the template VM, see cloud-config.tf
-    # The working agent is *required* to retrieve the VM IP addresses.
-    # If you are using a different cloud-init configuration, or a different clone source
-    # that does not have the qemu-guest-agent installed, you may need to disable the `agent` below and remove the `vm_ipv4_address` output.
-    # See https://registry.terraform.io/providers/bpg/proxmox/latest/docs/resources/virtual_environment_vm#qemu-guest-agent for more details.
-    enabled = false
+    enabled = true
   }
 }
 
diff --git a/proxmox.variables.tf b/proxmox.variables.tf
index e6995bd..b4de549 100644
--- a/proxmox.variables.tf
+++ b/proxmox.variables.tf
@@ -4,8 +4,31 @@ variable "proxmox_server" {
   sensitive   = false
 }
 
+
+variable "proxmox_server_ssh" {
+  description = "Proxmox server ssh url"
+  type = string
+  sensitive = false
+}
+
+variable "proxmox_username_ssh" {
+  description = "Proxmox server ssh username"
+  type        = string
+  sensitive   = false
+}
+
+variable "proxmox_password_ssh" {
+  description = "Proxmox server ssh password"
+  type = string
+  sensitive = true
+}
+
 variable "proxmox_apikey" {
   description = "Proxmox server api key"
   type        = string
-  sensitive   = false
-}
\ No newline at end of file
+  sensitive   = true
+}
+
+variable "node_name" {
+  default = "fenix"
+}