diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml
index 5235a63..439d581 100644
--- a/.gitea/workflows/terraform-apply.yml
+++ b/.gitea/workflows/terraform-apply.yml
@@ -53,7 +53,20 @@ jobs:
 
       - name: Terraform Plan
         working-directory: terraform
-        run: terraform plan -out=tfplan
+        run: |
+          set -euo pipefail
+          for attempt in 1 2; do
+            echo "Terraform plan attempt $attempt/2"
+            if timeout 20m terraform plan -parallelism=1 -out=tfplan; then
+              exit 0
+            fi
+            if [ "$attempt" -eq 1 ]; then
+              echo "Plan attempt failed or timed out; retrying in 20s"
+              sleep 20
+            fi
+          done
+          echo "Terraform plan failed after retries"
+          exit 1
 
       - name: Block accidental destroy
         env:
diff --git a/.gitea/workflows/terraform-destroy.yml b/.gitea/workflows/terraform-destroy.yml
index 5a57a71..4631b4e 100644
--- a/.gitea/workflows/terraform-destroy.yml
+++ b/.gitea/workflows/terraform-destroy.yml
@@ -74,15 +74,16 @@ jobs:
       - name: Terraform Destroy Plan
         working-directory: terraform
         run: |
+          set -euo pipefail
           case "${{ inputs.target }}" in
             all)
-              terraform plan -destroy -out=tfdestroy
+              TF_PLAN_CMD="terraform plan -parallelism=1 -destroy -out=tfdestroy"
               ;;
             control-planes)
-              terraform plan -destroy -target=proxmox_vm_qemu.control_planes -out=tfdestroy
+              TF_PLAN_CMD="terraform plan -parallelism=1 -destroy -target=proxmox_vm_qemu.control_planes -out=tfdestroy"
               ;;
             workers)
-              terraform plan -destroy -target=proxmox_vm_qemu.workers -out=tfdestroy
+              TF_PLAN_CMD="terraform plan -parallelism=1 -destroy -target=proxmox_vm_qemu.workers -out=tfdestroy"
               ;;
             *)
               echo "Invalid destroy target: ${{ inputs.target }}"
@@ -90,6 +91,20 @@ jobs:
               ;;
           esac
 
+          for attempt in 1 2; do
+            echo "Terraform destroy plan attempt $attempt/2"
+            if timeout 20m bash -lc "$TF_PLAN_CMD"; then
+              exit 0
+            fi
+            if [ "$attempt" -eq 1 ]; then
+              echo "Destroy plan attempt failed or timed out; retrying in 20s"
+              sleep 20
+            fi
+          done
+
+          echo "Terraform destroy plan failed after retries"
+          exit 1
+
       - name: Terraform Destroy Apply
         working-directory: terraform
         run: |
diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml
index cb5874f..eee7cf2 100644
--- a/.gitea/workflows/terraform-plan.yml
+++ b/.gitea/workflows/terraform-plan.yml
@@ -67,7 +67,20 @@ jobs:
 
       - name: Terraform Plan
         working-directory: terraform
-        run: terraform plan -out=tfplan
+        run: |
+          set -euo pipefail
+          for attempt in 1 2; do
+            echo "Terraform plan attempt $attempt/2"
+            if timeout 20m terraform plan -parallelism=1 -out=tfplan; then
+              exit 0
+            fi
+            if [ "$attempt" -eq 1 ]; then
+              echo "Plan attempt failed or timed out; retrying in 20s"
+              sleep 20
+            fi
+          done
+          echo "Terraform plan failed after retries"
+          exit 1
 
       - name: Block accidental destroy
         env: