diff --git a/.gitea/workflows/kubeadm-bootstrap.yml b/.gitea/workflows/kubeadm-bootstrap.yml
index 8dee10e..4b19cb8 100644
--- a/.gitea/workflows/kubeadm-bootstrap.yml
+++ b/.gitea/workflows/kubeadm-bootstrap.yml
@@ -104,8 +104,22 @@ jobs:
         env:
           KUBEADM_SSH_USER: ${{ secrets.KUBEADM_SSH_USER }}
         run: |
-          TF_OUTPUT_JSON="$(terraform -chdir=terraform output -json)"
-          printf '%s' "$TF_OUTPUT_JSON" | ./nixos/kubeadm/scripts/render-inventory-from-tf-output.py > nixos/kubeadm/scripts/inventory.env
+          set -euo pipefail
+          for attempt in 1 2 3 4 5 6; do
+            echo "Inventory render attempt $attempt/6"
+            TF_OUTPUT_JSON="$(terraform -chdir=terraform output -json)"
+            if printf '%s' "$TF_OUTPUT_JSON" | ./nixos/kubeadm/scripts/render-inventory-from-tf-output.py > nixos/kubeadm/scripts/inventory.env; then
+              exit 0
+            fi
+
+            if [ "$attempt" -lt 6 ]; then
+              echo "VM IPv4s not available yet; waiting 30s before retry"
+              sleep 30
+            fi
+          done
+
+          echo "Failed to render kubeadm inventory after retries"
+          exit 1
 
       - name: Validate nix installation
         run: |
diff --git a/.gitea/workflows/kubeadm-reset.yml b/.gitea/workflows/kubeadm-reset.yml
index 7c7c798..7ff1435 100644
--- a/.gitea/workflows/kubeadm-reset.yml
+++ b/.gitea/workflows/kubeadm-reset.yml
@@ -104,8 +104,22 @@ jobs:
         env:
           KUBEADM_SSH_USER: ${{ secrets.KUBEADM_SSH_USER }}
         run: |
-          TF_OUTPUT_JSON="$(terraform -chdir=terraform output -json)"
-          printf '%s' "$TF_OUTPUT_JSON" | ./nixos/kubeadm/scripts/render-inventory-from-tf-output.py > nixos/kubeadm/scripts/inventory.env
+          set -euo pipefail
+          for attempt in 1 2 3 4 5 6; do
+            echo "Inventory render attempt $attempt/6"
+            TF_OUTPUT_JSON="$(terraform -chdir=terraform output -json)"
+            if printf '%s' "$TF_OUTPUT_JSON" | ./nixos/kubeadm/scripts/render-inventory-from-tf-output.py > nixos/kubeadm/scripts/inventory.env; then
+              exit 0
+            fi
+
+            if [ "$attempt" -lt 6 ]; then
+              echo "VM IPv4s not available yet; waiting 30s before retry"
+              sleep 30
+            fi
+          done
+
+          echo "Failed to render kubeadm inventory after retries"
+          exit 1
 
       - name: Run cluster reset
         run: |
diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml
index 7f469b2..eb03bf0 100644
--- a/.gitea/workflows/terraform-apply.yml
+++ b/.gitea/workflows/terraform-apply.yml
@@ -152,8 +152,22 @@ jobs:
         env:
           KUBEADM_SSH_USER: ${{ secrets.KUBEADM_SSH_USER }}
         run: |
-          TF_OUTPUT_JSON="$(terraform -chdir=terraform output -json)"
-          printf '%s' "$TF_OUTPUT_JSON" | ./nixos/kubeadm/scripts/render-inventory-from-tf-output.py > nixos/kubeadm/scripts/inventory.env
+          set -euo pipefail
+          for attempt in 1 2 3 4 5 6; do
+            echo "Inventory render attempt $attempt/6"
+            TF_OUTPUT_JSON="$(terraform -chdir=terraform output -json)"
+            if printf '%s' "$TF_OUTPUT_JSON" | ./nixos/kubeadm/scripts/render-inventory-from-tf-output.py > nixos/kubeadm/scripts/inventory.env; then
+              exit 0
+            fi
+
+            if [ "$attempt" -lt 6 ]; then
+              echo "VM IPv4s not available yet; waiting 30s before retry"
+              sleep 30
+            fi
+          done
+
+          echo "Failed to render kubeadm inventory after retries"
+          exit 1
 
       - name: Ensure nix and nixos-rebuild
         env: