diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b2fa2b1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,9 @@
+# File di stato locali
+*.tfstate
+*.tfstate.*
+
+# Cartella che contiene i plugin
+.terraform/
+
+# File di crash
+crash.log
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
new file mode 100644
index 0000000..c234021
--- /dev/null
+++ b/.terraform.lock.hcl
@@ -0,0 +1,24 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/telmate/proxmox" {
+  version     = "3.0.1-rc2"
+  constraints = "3.0.1-rc2"
+  hashes = [
+    "h1:FoQkRJvBaRnfmHbDQAuwdvd9sSoFM+UKDkX5UBg6fdc=",
+    "zh:0158ecead8265f79ca069fcb7e9c07283545f90a09abe8a28a5944c2c9b8dc89",
+    "zh:04731d141b77b0072bf650ee91670594f3ec93cf01c2612a5a3eecbda01e745e",
+    "zh:06460b2b32b06684f3ce8416d328868cdc26f88c1e0379522fdf797ba7072ccf",
+    "zh:15e9ece8a8106e32fa842f84494952298a24883b6dc164acdc375594ed4c3840",
+    "zh:2ff19ed9d1b36d4890b3c036fa027f831889535e9e9c6bf7aa185423e620d93c",
+    "zh:45efb6d48df0cab681677fa58557b964cbaec6b5a5acc5ff19f446760670c4ea",
+    "zh:554351399ef605a708653d7d716ecc36d39e85088c37435b7f391a841e1bee93",
+    "zh:5b78fe1f4e796cb56cbc6fc7e43e95d2ad0f46f86cb2a4795c617c73681f5374",
+    "zh:61a379c5380f69d474b8a22fedd68f34e7df57ab24fdfcd0336a3a88e9d1706a",
+    "zh:73cf31280728ee48b645c537de89881788c6e6aa6a9a2a9a09ec4510f594db2e",
+    "zh:85e2f22617fa1450deeaefffe6d455f26054ab8a9a6a1eb1a5c50b51703304ec",
+    "zh:a0cc2bd9581fcddc1f64692c9c431c652e4e0edc035a357aa1279788a8d580d0",
+    "zh:b99a25084d77075dce5b32604953e4266fc8cdda9ec00cbb06f886331743b492",
+    "zh:bcaace9bec999f869ecc308075c98139a5762b4a4f45541c7b59aa3df4f7484d",
+  ]
+}
diff --git a/cloud-init-control-plane.yaml b/cloud-init-control-plane.yaml
new file mode 100644
index 0000000..bafdbe3
--- /dev/null
+++ b/cloud-init-control-plane.yaml
@@ -0,0 +1,35 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+packages:
+  - apt-transport-https
+  - ca-certificates
+  - curl
+  - containerd
+
+runcmd:
+  # Disabilita swap (richiesto da kubelet)
+  - swapoff -a
+  - sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
+
+  # Carica moduli del kernel e imposta sysctl
+  - modprobe overlay
+  - modprobe br_netfilter
+  - echo "net.bridge.bridge-nf-call-iptables  = 1" >> /etc/sysctl.conf
+  - echo "net.ipv4.ip_forward                 = 1" >> /etc/sysctl.conf
+  - sysctl -p
+
+  # Installa Kubernetes
+  - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+  - echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
+  - apt-get update
+  - apt-get install -y kubelet=${k8s_version} kubeadm=${k8s_version} kubectl=${k8s_version}
+  - apt-mark hold kubelet kubeadm kubectl
+
+  # Inizializza il cluster con kubeadm
+  - kubeadm init --pod-network-cidr=${pod_network_cidr} --apiserver-advertise-address=${advertise_ip}
+
+  # Configura kubectl per l'utente 'ubuntu' (o il tuo utente di default nel template)
+  - mkdir -p /home/ubuntu/.kube
+  - cp -i /etc/kubernetes/admin.conf /home/ubuntu/.kube/config
+  - chown -R ubuntu:ubuntu /home/ubuntu/.kube
diff --git a/cloud-init-script.yaml b/cloud-init-script.yaml
new file mode 100644
index 0000000..392b74e
--- /dev/null
+++ b/cloud-init-script.yaml
@@ -0,0 +1,25 @@
+#cloud-config
+runcmd:
+  - swapoff -a
+  - sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
+  - apt-get update -y
+  - apt-get install -y apt-transport-https ca-certificates curl containerd
+  - modprobe overlay
+  - modprobe br_netfilter
+  - |
+    cat <<EOF | tee /etc/sysctl.d/99-kubernetes-cri.conf
+    net.bridge.bridge-nf-call-iptables  = 1
+    net.ipv4.ip_forward                 = 1
+    net.bridge.bridge-nf-call-ip6tables = 1
+    EOF
+  - sysctl --system
+  - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+  - echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
+  - apt-get update -y
+%{ if is_control_plane ~}
+  - apt-get install -y kubelet=${k8s_version} kubeadm=${k8s_version} kubectl=${k8s_version}
+  - apt-mark hold kubelet kubeadm kubectl
+%{ else ~}
+  - apt-get install -y kubelet=${k8s_version} kubeadm=${k8s_version}
+  - apt-mark hold kubelet kubeadm
+%{ endif ~}
diff --git a/cloud-init-worker.yaml b/cloud-init-worker.yaml
new file mode 100644
index 0000000..06ff5b8
--- /dev/null
+++ b/cloud-init-worker.yaml
@@ -0,0 +1,27 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+packages:
+  - apt-transport-https
+  - ca-certificates
+  - curl
+  - containerd
+
+runcmd:
+  # Disabilita swap
+  - swapoff -a
+  - sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
+
+  # Carica moduli del kernel e imposta sysctl
+  - modprobe overlay
+  - modprobe br_netfilter
+  - sysctl -p
+
+  # Installa Kubernetes
+  - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+  - echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
+  - apt-get update
+  - apt-get install -y kubelet=${k8s_version} kubeadm=${k8s_version}
+  - apt-mark hold kubelet kubeadm
+
+  # Il passo finale (kubeadm join) andrà eseguito manualmente.
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..4eae5a5
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,144 @@
+# main.tf
+
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "telmate/proxmox"
+      version = "3.0.1-rc2"
+    }
+  }
+}
+
+provider "proxmox" {
+  pm_api_url      = "https://192.168.178.11:8006/api2/json"
+  pm_tls_insecure = true
+}
+
+# --- Variabili Locali per una facile configurazione ---
+locals {
+  proxmox_node     = "Covenant"
+  template_name    = "debian-12-cloudinit"
+  ssh_user         = "debian"
+  k8s_version      = "1.29.3-1.1" 
+  gateway_ip       = "10.66.99.254"
+  dns_server       = "10.66.99.254"
+  ssh_public_key   = file("~/.ssh/id_ecdsa.pub")
+  ssh_private_key  = file("~/.ssh/id_ecdsa")
+
+  control_planes = {
+    Alessandro = { ip = "10.66.99.171", vmid = 451 }
+    Rene       = { ip = "10.66.99.172", vmid = 452 }
+    Arianna    = { ip = "10.66.99.173", vmid = 453 }
+  }
+
+  workers = {
+    Stanis = { ip = "10.66.99.175", vmid = 455 }
+    Itala  = { ip = "10.66.99.176", vmid = 456 }
+    Duccio = { ip = "10.66.99.177", vmid = 457 }
+  }
+}
+
+# --- Nodi Control Plane ---
+resource "proxmox_vm_qemu" "k8s_control_planes" {
+  for_each = local.control_planes
+
+  vmid        = each.value.vmid
+  name        = each.key
+  target_node = local.proxmox_node
+  clone       = local.template_name
+  os_type     = "cloud-init"
+  agent       = 1
+
+  cores   = 2
+  sockets = 1
+  memory  = 4096
+
+  # Blocco "disks" corretto (plurale)
+  disks {
+    scsi {
+      scsi0 {
+        disk {
+          storage = "MD-3"
+          size    = 40
+        }
+      }
+    }
+  }
+
+  network {
+    model  = "virtio"
+    bridge = "vmbr0"
+  }
+  
+  # Argomenti "flat" per la configurazione iniziale
+  ipconfig0 = "ip=${each.value.ip}/24,gw=${local.gateway_ip}"
+  nameserver = local.dns_server
+  sshkeys = local.ssh_public_key
+
+  # Provisioner per eseguire lo script di setup
+  provisioner "remote-exec" {
+    connection {
+      type        = "ssh"
+      user        = local.ssh_user
+      private_key = local.ssh_private_key
+      host        = self.default_ipv4_address
+    }
+    inline = split("\n", templatefile("cloud-init-script.yaml", {
+      k8s_version  = local.k8s_version
+      is_control_plane = true
+    }))
+  }
+}
+
+# --- Nodi Worker ---
+resource "proxmox_vm_qemu" "k8s_workers" {
+  for_each = local.workers
+
+  vmid        = each.value.vmid
+  name        = each.key
+  target_node = local.proxmox_node
+  clone       = local.template_name
+  os_type     = "cloud-init"
+  agent       = 1
+
+  cores   = 2
+  sockets = 1
+  memory  = 2048
+
+  # Blocco "disks" corretto (plurale)
+  disks {
+    scsi {
+      scsi0 {
+        disk {
+          storage = "MD-3"
+          size    = 25
+        }
+      }
+    }
+  }
+
+  network {
+    model  = "virtio"
+    bridge = "vmbr0"
+  }
+
+  # Argomenti "flat" per la configurazione iniziale
+  ipconfig0 = "ip=${each.value.ip}/24,gw=${local.gateway_ip}"
+  nameserver = local.dns_server
+  sshkeys = local.ssh_public_key
+  
+  # Provisioner per eseguire lo script di setup
+  provisioner "remote-exec" {
+    connection {
+      type        = "ssh"
+      user        = local.ssh_user
+      private_key = local.ssh_private_key
+      host        = self.default_ipv4_address
+    }
+    inline = split("\n", templatefile("cloud-init-script.yaml", {
+      k8s_version  = local.k8s_version
+      is_control_plane = false
+    }))
+  }
+  depends_on = [proxmox_vm_qemu.k8s_control_planes]
+}