diff --git a/.gitea/workflows/ansible.yml b/.gitea/workflows/ansible.yml
deleted file mode 100644
index 1113367..0000000
--- a/.gitea/workflows/ansible.yml
+++ /dev/null
@@ -1,95 +0,0 @@
-name: Ansible
-
-on:
-  workflow_run:
-    workflows: ["Terraform"]
-    types:
-      - completed
-    branches:
-      - main
-  workflow_dispatch:
-    inputs:
-      tags:
-        description: 'Ansible tags to run'
-        required: false
-        default: ''
-
-env:
-  ANSIBLE_VERSION: "2.16"
-
-jobs:
-  deploy:
-    name: Deploy Cluster
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }} || github.event_name == 'workflow_dispatch'
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Download Terraform Outputs
-        if: github.event_name != 'workflow_dispatch'
-        uses: actions/download-artifact@v4
-        with:
-          name: terraform-outputs
-          path: outputs/
-
-      - name: Setup Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-
-      - name: Install Ansible
-        run: |
-          pip install ansible==${{ env.ANSIBLE_VERSION }}.*
-          pip install jinja2 pyyaml kubernetes
-
-      - name: Setup SSH Key
-        run: |
-          mkdir -p ~/.ssh
-          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
-          chmod 600 ~/.ssh/id_ed25519
-          ssh-keyscan -H ${{ secrets.CONTROL_PLANE_IP }} >> ~/.ssh/known_hosts 2>/dev/null || true
-
-      - name: Generate Ansible Inventory
-        working-directory: ansible
-        run: |
-          python3 generate_inventory.py
-        env:
-          TF_VAR_hcloud_token: ${{ secrets.HCLOUD_TOKEN }}
-
-      - name: Run Ansible Playbook
-        working-directory: ansible
-        run: |
-          ansible-playbook site.yml \
-            ${{ github.event.inputs.tags != '' && format('-t {0}', github.event.inputs.tags) || '' }} \
-            -e "hcloud_token=${{ secrets.HCLOUD_TOKEN }}" \
-            -e "cluster_name=k8s-cluster"
-        env:
-          ANSIBLE_HOST_KEY_CHECKING: "False"
-
-      - name: Upload Kubeconfig
-        uses: actions/upload-artifact@v4
-        with:
-          name: kubeconfig
-          path: outputs/kubeconfig
-
-  verify:
-    name: Verify Cluster
-    runs-on: ubuntu-latest
-    needs: deploy
-    steps:
-      - name: Download Kubeconfig
-        uses: actions/download-artifact@v4
-        with:
-          name: kubeconfig
-
-      - name: Setup kubectl
-        uses: azure/setup-kubectl@v3
-        with:
-          version: 'v1.30.0'
-
-      - name: Verify Cluster
-        run: |
-          export KUBECONFIG=$(pwd)/kubeconfig
-          kubectl get nodes
-          kubectl get pods -A
diff --git a/.gitea/workflows/terraform.yml b/.gitea/workflows/deploy.yml
similarity index 65%
rename from .gitea/workflows/terraform.yml
rename to .gitea/workflows/deploy.yml
index 851428c..a04f59b 100644
--- a/.gitea/workflows/terraform.yml
+++ b/.gitea/workflows/deploy.yml
@@ -1,18 +1,13 @@
-name: Terraform
+name: Deploy Cluster
 
 on:
   push:
     branches:
       - main
-    paths:
-      - 'terraform/**'
-      - '.gitea/workflows/terraform.yml'
   pull_request:
     branches:
       - main
-    paths:
-      - 'terraform/**'
-      - '.gitea/workflows/terraform.yml'
+  workflow_dispatch:
 
 env:
   TF_VERSION: "1.7.0"
@@ -21,8 +16,8 @@ env:
   TF_VAR_s3_secret_key: ${{ secrets.S3_SECRET_KEY }}
 
 jobs:
-  validate:
-    name: Validate
+  terraform:
+    name: Terraform
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -51,29 +46,6 @@ jobs:
         working-directory: terraform
         run: terraform validate
 
-  plan:
-    name: Plan
-    runs-on: ubuntu-latest
-    needs: validate
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_version: ${{ env.TF_VERSION }}
-
-      - name: Terraform Init
-        working-directory: terraform
-        run: |
-          terraform init \
-            -backend-config="endpoint=${{ secrets.S3_ENDPOINT }}" \
-            -backend-config="bucket=${{ secrets.S3_BUCKET }}" \
-            -backend-config="region=auto" \
-            -backend-config="access_key=${{ secrets.S3_ACCESS_KEY }}" \
-            -backend-config="secret_key=${{ secrets.S3_SECRET_KEY }}"
-
       - name: Terraform Plan
         id: plan
         working-directory: terraform
@@ -105,32 +77,8 @@ jobs:
         if: steps.plan.outcome == 'failure'
         run: exit 1
 
-  apply:
-    name: Apply
-    runs-on: ubuntu-latest
-    needs: plan
-    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-    environment: production
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_version: ${{ env.TF_VERSION }}
-
-      - name: Terraform Init
-        working-directory: terraform
-        run: |
-          terraform init \
-            -backend-config="endpoint=${{ secrets.S3_ENDPOINT }}" \
-            -backend-config="bucket=${{ secrets.S3_BUCKET }}" \
-            -backend-config="region=auto" \
-            -backend-config="access_key=${{ secrets.S3_ACCESS_KEY }}" \
-            -backend-config="secret_key=${{ secrets.S3_SECRET_KEY }}"
-
       - name: Terraform Apply
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
         working-directory: terraform
         run: |
           terraform apply \
@@ -139,11 +87,65 @@ jobs:
             -auto-approve
 
       - name: Save Terraform Outputs
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
         working-directory: terraform
         run: terraform output -json > ../outputs/terraform_outputs.json
 
       - name: Upload Outputs
-        uses: actions/upload-artifact@v4
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        uses: actions/upload-artifact@v3
         with:
           name: terraform-outputs
           path: outputs/terraform_outputs.json
+
+  ansible:
+    name: Ansible
+    runs-on: ubuntu-latest
+    needs: terraform
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download Terraform Outputs
+        uses: actions/download-artifact@v3
+        with:
+          name: terraform-outputs
+          path: outputs/
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install Ansible
+        run: |
+          pip install ansible kubernetes jinja2 pyyaml
+
+      - name: Install Ansible Collections
+        run: ansible-galaxy collection install -r ansible/requirements.yml
+
+      - name: Setup SSH Key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+
+      - name: Generate Ansible Inventory
+        working-directory: ansible
+        run: python3 generate_inventory.py
+
+      - name: Run Ansible Playbook
+        working-directory: ansible
+        run: |
+          ansible-playbook site.yml \
+            -e "hcloud_token=${{ secrets.HCLOUD_TOKEN }}" \
+            -e "cluster_name=k8s-cluster"
+        env:
+          ANSIBLE_HOST_KEY_CHECKING: "False"
+
+      - name: Upload Kubeconfig
+        uses: actions/upload-artifact@v3
+        with:
+          name: kubeconfig
+          path: outputs/kubeconfig