diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml
index 3aa01c6..602b21b 100644
--- a/.gitea/workflows/terraform-apply.yml
+++ b/.gitea/workflows/terraform-apply.yml
@@ -20,6 +20,19 @@ jobs:
           cat > secrets.auto.tfvars << EOF
           pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}"
           EOF
+          cat > backend.hcl << EOF
+          bucket                      = "${{ secrets.B2_TF_BUCKET }}"
+          key                         = "terraform.tfstate"
+          region                      = "us-east-005"
+          endpoint                    = "${{ secrets.B2_TF_ENDPOINT }}"
+          access_key                  = "${{ secrets.B2_KEY_ID }}"
+          secret_key                  = "${{ secrets.B2_APPLICATION_KEY }}"
+          skip_credentials_validation = true
+          skip_metadata_api_check     = true
+          skip_region_validation      = true
+          skip_requesting_account_id  = true
+          force_path_style            = true
+          EOF
 
       - name: Set up Terraform
         uses: hashicorp/setup-terraform@v2
@@ -28,7 +41,7 @@ jobs:
 
       - name: Terraform Init
         working-directory: terraform
-        run: terraform init
+        run: terraform init -reconfigure -backend-config=backend.hcl
 
       - name: Terraform Plan
         working-directory: terraform
diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml
index 35637d1..34fb360 100644
--- a/.gitea/workflows/terraform-plan.yml
+++ b/.gitea/workflows/terraform-plan.yml
@@ -22,6 +22,19 @@ jobs:
           cat > secrets.auto.tfvars << EOF
           pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}"
           EOF
+          cat > backend.hcl << EOF
+          bucket                      = "${{ secrets.B2_TF_BUCKET }}"
+          key                         = "terraform.tfstate"
+          region                      = "us-east-005"
+          endpoint                    = "${{ secrets.B2_TF_ENDPOINT }}"
+          access_key                  = "${{ secrets.B2_KEY_ID }}"
+          secret_key                  = "${{ secrets.B2_APPLICATION_KEY }}"
+          skip_credentials_validation = true
+          skip_metadata_api_check     = true
+          skip_region_validation      = true
+          skip_requesting_account_id  = true
+          force_path_style            = true
+          EOF
           echo "Created secrets.auto.tfvars:"
           cat secrets.auto.tfvars | sed 's/=.*/=***/'
           echo "Using token ID from terraform.tfvars:"
@@ -34,7 +47,7 @@ jobs:
 
       - name: Terraform Init
         working-directory: terraform
-        run: terraform init
+        run: terraform init -reconfigure -backend-config=backend.hcl
 
       - name: Terraform Format Check
         working-directory: terraform
diff --git a/terraform/main.tf b/terraform/main.tf
index 55e812f..8631a17 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -1,4 +1,6 @@
 terraform {
+  backend "s3" {}
+
   required_providers {
     proxmox = {
       source  = "Telmate/proxmox"