diff --git a/.gitignore b/.gitignore
index 47bf8e4..66727ad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,6 @@
 
 # Node
 node_modules
+
+# Misc
+.DS_Store
diff --git a/README.md b/README.md
index f3be159..6f280e0 100644
--- a/README.md
+++ b/README.md
@@ -1,65 +1,26 @@
-# Homelab
-My homelab setup with Dell PowerEdge R730 running Proxmox and K0s
+# MengLinMaker's homelab
+My homelab setup with Dell PowerEdge R730 running Proxmox, Talos and K0s, provisioned with kubernetes.
 
-## Fan control
-To silence the fans, install `ipmitool`
+## Quick start
+1. Install dependencies
 ```bash
-apt install ipmitool -y
-```
-
-Enable manual fan control
-```bash
-ipmitool raw 0x30 0x30 0x01 0x00
-```
-
-Disable manual fan control
-```bash
-ipmitool raw 0x30 0x30 0x01 0x01
-```
-
-Turn fan to 10% - 0xA is 10
-```bash
-ipmitool raw 0x30 0x30 0x02 0xff 0xA
-```
-
-Turn fan to 20% - 0x19 is 20
-```bash
-ipmitool raw 0x30 0x30 0x02 0xff 0x19
-```
+brew install terraform tfsec siderolabs/tap/talosctl
 
-Monitor some relevant metrics
-```bash
-ipmitool sdr elist full
+pnpm i
 ```
-
-## Tailscale VPN
-Setup tailscale to access network externally
-
-### Proxmox access
-1. [Install tailscale client on access devices](https://tailscale.com/download)
-2. [Install tailscale on target device](https://tailscale.com/kb/1031/install-linux)
+2. Provide env variables:
+  - `terraform login`
+  - Create `terraform/terraform.tfvars` according the `terraform/variables.tf`
+3. Deploy
 ```bash
-curl -fsSL https://tailscale.com/install.sh | sh
+pnpm dep
 ```
-3. Access target device by enabling tailscale VPN and access via assigned IPv4 or IPv6
 
-### LXC access
-Instructions taken from https://dustri.org/b/running-tailscale-inside-of-a-proxmox-container.html
+## Layout
+Folder structure:
+- `docs` - helpful commands
+- `kubernetes` - all the kubernetes related configs
+- `terraform` - config for deploying infra on proxmox
 
-1. Add some lxc config in proxmox specifying correct ID  - 100 in this example
-```bash
-echo 'lxc.cgroup.devices.allow: c 10:200 rwm' >> /etc/pve/lxc/100.conf
-echo 'lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file' >> /etc/pve/lxc/100.conf
-```
-2. Enter lxc container
-```bash
-pct enter 100
-```
-3. Install and configure tailscale
-```bash
-curl -fsSL https://tailscale.com/install.sh | sh
-echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.conf
-echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.conf
-sysctl -p /etc/sysctl.conf
-reboot
-```
+## Attribution:
+- Terraform setup inspired by [this blog](https://olav.ninja/talos-cluster-on-proxmox-with-terraform)
diff --git a/docs/fan.md b/docs/fan.md
new file mode 100644
index 0000000..c393e88
--- /dev/null
+++ b/docs/fan.md
@@ -0,0 +1,36 @@
+# Fan control
+The fans of the r730 is quite loud. So here are some commands to lower fan speeds.
+
+## Install
+To silence the fans, install `ipmitool`
+```bash
+apt install ipmitool -y
+```
+
+## Enable control
+Enable manual fan control
+```bash
+ipmitool raw 0x30 0x30 0x01 0x00
+```
+
+Disable manual fan control
+```bash
+ipmitool raw 0x30 0x30 0x01 0x01
+```
+
+## Change speed
+Turn fan to 10% - 0xA is 10
+```bash
+ipmitool raw 0x30 0x30 0x02 0xff 0xA
+```
+
+Turn fan to 20% - 0x19 is 20
+```bash
+ipmitool raw 0x30 0x30 0x02 0xff 0x19
+```
+
+## Monitor
+Monitor some relevant metrics
+```bash
+ipmitool sdr elist full
+```
diff --git a/docs/tailscale.md b/docs/tailscale.md
new file mode 100644
index 0000000..34e1f9e
--- /dev/null
+++ b/docs/tailscale.md
@@ -0,0 +1,32 @@
+
+# Tailscale VPN
+Access the homelab on a different network, using tailscale.
+
+## Proxmox access
+1. [Install tailscale client on access devices](https://tailscale.com/download)
+2. [Install tailscale on target device](https://tailscale.com/kb/1031/install-linux)
+```bash
+curl -fsSL https://tailscale.com/install.sh | sh
+```
+3. Access target device by enabling tailscale VPN and access via assigned IPv4 or IPv6
+
+## LXC access
+Instructions taken from https://dustri.org/b/running-tailscale-inside-of-a-proxmox-container.html
+
+1. Add some lxc config in proxmox specifying correct ID  - 100 in this example
+```bash
+echo 'lxc.cgroup.devices.allow: c 10:200 rwm' >> /etc/pve/lxc/100.conf
+echo 'lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file' >> /etc/pve/lxc/100.conf
+```
+2. Enter lxc container
+```bash
+pct enter 100
+```
+3. Install and configure tailscale
+```bash
+curl -fsSL https://tailscale.com/install.sh | sh
+echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.conf
+echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.conf
+sysctl -p /etc/sysctl.conf
+reboot
+```
diff --git a/kubernetes/guestbook-go/.gitignore b/kubernetes/guestbook-go/.gitignore
new file mode 100644
index 0000000..a45a95c
--- /dev/null
+++ b/kubernetes/guestbook-go/.gitignore
@@ -0,0 +1 @@
+guestbook_bin
diff --git a/kubernetes/guestbook-go/Dockerfile b/kubernetes/guestbook-go/Dockerfile
new file mode 100644
index 0000000..bf25e7d
--- /dev/null
+++ b/kubernetes/guestbook-go/Dockerfile
@@ -0,0 +1,30 @@
+# Copyright 2016 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM golang:1.10.0
+RUN go get github.com/codegangsta/negroni \
+           github.com/gorilla/mux \
+           github.com/xyproto/simpleredis/v2
+WORKDIR /app
+ADD ./main.go .
+RUN CGO_ENABLED=0 GOOS=linux go build -o main .
+
+FROM scratch
+WORKDIR /app
+COPY --from=0 /app/main .
+COPY ./public/index.html public/index.html
+COPY ./public/script.js public/script.js
+COPY ./public/style.css public/style.css
+CMD ["/app/main"]
+EXPOSE 3000
diff --git a/kubernetes/guestbook-go/Makefile b/kubernetes/guestbook-go/Makefile
new file mode 100644
index 0000000..105130e
--- /dev/null
+++ b/kubernetes/guestbook-go/Makefile
@@ -0,0 +1,36 @@
+# Copyright 2016 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Build the guestbook-go example
+
+# Usage:
+#   [VERSION=v3] [REGISTRY="staging-k8s.gcr.io"] make build
+VERSION?=v3
+REGISTRY?=staging-k8s.gcr.io
+
+release: clean build push clean
+
+# builds a docker image that builds the app and packages it into a minimal docker image
+build:
+	docker buildx build --load -t ${REGISTRY}/guestbook:${VERSION} .
+
+# push the image to an registry
+push:
+	docker buildx build --push -t ${REGISTRY}/guestbook:${VERSION} .
+
+# remove previous images and containers
+clean:
+	docker rm -f ${REGISTRY}/guestbook:${VERSION} 2> /dev/null || true
+
+.PHONY: release clean build push
diff --git a/kubernetes/guestbook-go/README.md b/kubernetes/guestbook-go/README.md
new file mode 100644
index 0000000..f136d47
--- /dev/null
+++ b/kubernetes/guestbook-go/README.md
@@ -0,0 +1,271 @@
+## Guestbook Example
+
+This example shows how to build a simple multi-tier web application using Kubernetes and Docker. The application consists of a web front end, Redis master for storage, and replicated set of Redis replicas, all for which we will create Kubernetes replication controllers, pods, and services.
+
+If you are running a cluster in Google Container Engine (GKE), instead see the [Guestbook Example for Google Container Engine](https://cloud.google.com/container-engine/docs/tutorials/guestbook).
+
+##### Table of Contents
+
+ * [Step Zero: Prerequisites](#step-zero)
+ * [Step One: Create the Redis master pod](#step-one)
+ * [Step Two: Create the Redis master service](#step-two)
+ * [Step Three: Create the Redis replica pods](#step-three)
+ * [Step Four: Create the Redis replica service](#step-four)
+ * [Step Five: Create the guestbook pods](#step-five)
+ * [Step Six: Create the guestbook service](#step-six)
+ * [Step Seven: View the guestbook](#step-seven)
+ * [Step Eight: Cleanup](#step-eight)
+
+### Step Zero: Prerequisites <a id="step-zero"></a>
+
+This example assumes that you have a working cluster. See the [Getting Started Guides](https://kubernetes.io/docs/setup/) for details about creating a cluster.
+
+**Tip:** View all the `kubectl` commands, including their options and descriptions in the [kubectl CLI reference](https://kubernetes.io/docs/user-guide/kubectl-overview/).
+
+### Step One: Create the Redis master pod<a id="step-one"></a>
+
+Use the `examples/guestbook-go/redis-master-controller.yaml` file to create a [replication controller](https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/) and Redis master [pod](https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/). The pod runs a Redis key-value server in a container. Using a replication controller is the preferred way to launch long-running pods, even for 1 replica, so that the pod benefits from the self-healing mechanism in Kubernetes (keeps the pods alive).
+
+1. Use the [redis-master-controller.yaml](redis-master-controller.yaml) file to create the Redis master replication controller in your Kubernetes cluster by running the `kubectl create -f` *`filename`* command:
+
+    ```console
+    $ kubectl create -f examples/guestbook-go/redis-master-controller.yaml
+   
+    ```
+
+2. To verify that the redis-master controller is up, list the replication controllers you created in the cluster with the `kubectl get rc` command(if you don't specify a `--namespace`, the `default` namespace will be used. The same below):
+
+    ```console
+    $ kubectl get rc
+    CONTROLLER             CONTAINER(S)            IMAGE(S)                    SELECTOR                         REPLICAS
+    redis-master           redis-master            gurpartap/redis             app=redis,role=master            1
+    ...
+    ```
+
+    Result: The replication controller then creates the single Redis master pod.
+
+3. To verify that the redis-master pod is running, list the pods you created in cluster with the `kubectl get pods` command:
+
+    ```console
+    $ kubectl get pods
+    NAME                        READY     STATUS    RESTARTS   AGE
+    redis-master-xx4uv          1/1       Running   0          1m
+    ...
+    ```
+
+    Result: You'll see a single Redis master pod and the machine where the pod is running after the pod gets placed (may take up to thirty seconds).
+
+4. To verify what containers are running in the redis-master pod, you can SSH to that machine with `gcloud compute ssh --zone` *`zone_name`* *`host_name`* and then run `docker ps`:
+
+    ```console
+    me@workstation$ gcloud compute ssh --zone us-central1-b kubernetes-node-bz1p
+
+    me@kubernetes-node-3:~$ sudo docker ps
+    CONTAINER ID        IMAGE     COMMAND                  CREATED             STATUS
+    d5c458dabe50        redis     "/entrypoint.sh redis"   5 minutes ago       Up 5 minutes
+    ```
+
+    Note: The initial `docker pull` can take a few minutes, depending on network conditions.
+
+### Step Two: Create the Redis master service <a id="step-two"></a>
+
+A Kubernetes [service](https://kubernetes.io/docs/concepts/services-networking/service/) is a named load balancer that proxies traffic to one or more pods. The services in a Kubernetes cluster are discoverable inside other pods via environment variables or DNS.
+
+Services find the pods to load balance based on pod labels. The pod that you created in Step One has the label `app=redis` and `role=master`. The selector field of the service determines which pods will receive the traffic sent to the service.
+
+1. Use the [redis-master-service.yaml](redis-master-service.yaml) file to create the service in your Kubernetes cluster by running the `kubectl create -f` *`filename`* command:
+
+    ```console
+    $ kubectl create -f examples/guestbook-go/redis-master-service.yaml
+   
+    ```
+
+2. To verify that the redis-master service is up, list the services you created in the cluster with the `kubectl get services` command:
+
+    ```console
+    $ kubectl get services
+    NAME              CLUSTER_IP       EXTERNAL_IP       PORT(S)       SELECTOR               AGE
+    redis-master      10.0.136.3       <none>            6379/TCP      app=redis,role=master  1h
+    ...
+    ```
+
+    Result: All new pods will see the `redis-master` service running on the host (`$REDIS_MASTER_SERVICE_HOST` environment variable) at port 6379, or running on `redis-master:6379`. After the service is created, the service proxy on each node is configured to set up a proxy on the specified port (in our example, that's port 6379).
+
+
+### Step Three: Create the Redis replica pods <a id="step-three"></a>
+
+The Redis master we created earlier is a single pod (REPLICAS = 1), while the Redis read replicas we are creating here are 'replicated' pods. In Kubernetes, a replication controller is responsible for managing the multiple instances of a replicated pod.
+
+1. Use the file [redis-replica-controller.yaml](redis-replica-controller.yaml) to create the replication controller by running the `kubectl create -f` *`filename`* command:
+
+    ```console
+    $ kubectl create -f examples/guestbook-go/redis-replica-controller.yaml
+    
+    ```
+
+2. To verify that the redis-replica controller is running, run the `kubectl get rc` command:
+
+    ```console
+    $ kubectl get rc
+    CONTROLLER              CONTAINER(S)            IMAGE(S)                         SELECTOR                    REPLICAS
+    redis-master            redis-master            redis                            app=redis,role=master       1
+    redis-replica           redis-replica           registry.k8s.io/redis-slave:v2   app=redis,role=replica      2
+    ...
+    ```
+
+    Result: The replication controller creates and configures the Redis replica pods through the redis-master service (name:port pair, in our example that's `redis-master:6379`).
+
+    Example:
+    The Redis replicas get started by the replication controller with the following command:
+
+    ```console
+    redis-server --replicaof redis-master 6379
+    ```
+
+3. To verify that the Redis master and replicas pods are running, run the `kubectl get pods` command:
+
+    ```console
+    $ kubectl get pods
+    NAME                          READY     STATUS    RESTARTS   AGE
+    redis-master-xx4uv            1/1       Running   0          18m
+    redis-replica-b6wj4           1/1       Running   0          1m
+    redis-replica-iai40           1/1       Running   0          1m
+    ...
+    ```
+
+    Result: You see the single Redis master and two Redis replica pods.
+
+### Step Four: Create the Redis replica service <a id="step-four"></a>
+
+Just like the master, we want to have a service to proxy connections to the read replicas. In this case, in addition to discovery, the Redis replica service provides transparent load balancing to clients.
+
+1. Use the [redis-replica-service.yaml](redis-replica-service.yaml) file to create the Redis replica service by running the `kubectl create -f` *`filename`* command:
+
+    ```console
+    $ kubectl create -f examples/guestbook-go/redis-replica-service.yaml
+   
+    ```
+
+2. To verify that the redis-replica service is up, list the services you created in the cluster with the `kubectl get services` command:
+
+    ```console
+    $ kubectl get services
+    NAME              CLUSTER_IP       EXTERNAL_IP       PORT(S)       SELECTOR               AGE
+    redis-master      10.0.136.3       <none>            6379/TCP      app=redis,role=master  1h
+    redis-replica     10.0.21.92       <none>            6379/TCP      app-redis,role=replica 1h
+    ...
+    ```
+
+    Result: The service is created with labels `app=redis` and `role=replica` to identify that the pods are running the Redis replicas.
+
+Tip: It is helpful to set labels on your services themselves--as we've done here--to make it easy to locate them later.
+
+### Step Five: Create the guestbook pods <a id="step-five"></a>
+
+This is a simple Go `net/http` ([negroni](https://github.com/codegangsta/negroni) based) server that is configured to talk to either the replica or master services depending on whether the request is a read or a write. The pods we are creating expose a simple JSON interface and serves a jQuery-Ajax based UI. Like the Redis replica pods, these pods are also managed by a replication controller.
+
+1. Use the [guestbook-controller.yaml](guestbook-controller.yaml) file to create the guestbook replication controller by running the `kubectl create -f` *`filename`* command:
+
+    ```console
+    $ kubectl create -f examples/guestbook-go/guestbook-controller.yaml
+    
+    ```
+
+ Tip: If you want to modify the guestbook code open the `_src` of this example and read the README.md and the Makefile. If you have pushed your custom image be sure to update the `image` accordingly in the guestbook-controller.yaml.
+
+2. To verify that the guestbook replication controller is running, run the `kubectl get rc` command:
+
+    ```console
+    $ kubectl get rc
+    CONTROLLER            CONTAINER(S)         IMAGE(S)                               SELECTOR                  REPLICAS
+    guestbook             guestbook            registry.k8s.io/guestbook:v3           app=guestbook             3
+    redis-master          redis-master         redis                                  app=redis,role=master     1
+    redis-replica         redis-replica        registry.k8s.io/redis-replica:v2       app=redis,role=replica    2
+    ...
+    ```
+
+3. To verify that the guestbook pods are running (it might take up to thirty seconds to create the pods), list the pods you created in cluster with the `kubectl get pods` command:
+
+    ```console
+    $ kubectl get pods
+    NAME                           READY     STATUS    RESTARTS   AGE
+    guestbook-3crgn                1/1       Running   0          2m
+    guestbook-gv7i6                1/1       Running   0          2m
+    guestbook-x405a                1/1       Running   0          2m
+    redis-master-xx4uv             1/1       Running   0          23m
+    redis-replica-b6wj4              1/1       Running   0          6m
+    redis-replica-iai40              1/1       Running   0          6m
+    ...
+    ```
+
+    Result: You see a single Redis master, two Redis replicas, and three guestbook pods.
+
+### Step Six: Create the guestbook service <a id="step-six"></a>
+
+Just like the others, we create a service to group the guestbook pods but this time, to make the guestbook front end externally visible, we specify `"type": "LoadBalancer"`.
+
+1. Use the [guestbook-service.yaml](guestbook-service.yaml) file to create the guestbook service by running the `kubectl create -f` *`filename`* command:
+
+    ```console
+    $ kubectl create -f examples/guestbook-go/guestbook-service.yaml
+    ```
+
+
+2. To verify that the guestbook service is up, list the services you created in the cluster with the `kubectl get services` command:
+
+    ```console
+    $ kubectl get services
+    NAME              CLUSTER_IP       EXTERNAL_IP       PORT(S)       SELECTOR               AGE
+    guestbook         10.0.217.218     146.148.81.8      3000/TCP      app=guestbook          1h
+    redis-master      10.0.136.3       <none>            6379/TCP      app=redis,role=master  1h
+    redis-replica     10.0.21.92       <none>            6379/TCP      app-redis,role=replica 1h
+    ...
+    ```
+
+    Result: The service is created with label `app=guestbook`.
+
+### Step Seven: View the guestbook <a id="step-seven"></a>
+
+You can now play with the guestbook that you just created by opening it in a browser (it might take a few moments for the guestbook to come up).
+
+ * **Local Host:**
+    If you are running Kubernetes locally, to view the guestbook, navigate to `http://localhost:3000` in your browser.
+
+ * **Remote Host:**
+    1. To view the guestbook on a remote host, locate the external IP of the load balancer in the **IP** column of the `kubectl get services` output. In our example, the internal IP address is `10.0.217.218` and the external IP address is `146.148.81.8` (*Note: you might need to scroll to see the IP column*).
+
+    2. Append port `3000` to the IP address (for example `http://146.148.81.8:3000`), and then navigate to that address in your browser.
+
+    Result: The guestbook displays in your browser:
+
+    ![Guestbook](guestbook-page.png)
+
+    **Further Reading:**
+    If you're using Google Compute Engine, see the details about limiting traffic to specific sources at [Google Compute Engine firewall documentation][gce-firewall-docs].
+
+[cloud-console]: https://console.developer.google.com
+[gce-firewall-docs]: https://cloud.google.com/compute/docs/networking#firewalls
+
+### Step Eight: Cleanup <a id="step-eight"></a>
+
+After you're done playing with the guestbook, you can cleanup by deleting the guestbook service and removing the associated resources that were created, including load balancers, forwarding rules, target pools, and Kubernetes replication controllers and services.
+
+Delete all the resources by running the following `kubectl delete -f` *`filename`* command:
+
+```console
+$ kubectl delete -f examples/guestbook-go
+guestbook-controller
+guestbook
+redid-master-controller
+redis-master
+redis-replica-controller
+redis-replica
+```
+
+Tip: To turn down your Kubernetes cluster, follow the corresponding instructions in the version of the
+[Getting Started Guides](https://kubernetes.io/docs/getting-started-guides/) that you previously used to create your cluster.
+
+
+<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->
+[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/examples/guestbook-go/README.md?pixel)]()
+<!-- END MUNGE: GENERATED_ANALYTICS -->
diff --git a/kubernetes/guestbook-go/guestbook-controller.yaml b/kubernetes/guestbook-go/guestbook-controller.yaml
new file mode 100644
index 0000000..b1831a4
--- /dev/null
+++ b/kubernetes/guestbook-go/guestbook-controller.yaml
@@ -0,0 +1,21 @@
+kind: ReplicationController
+apiVersion: v1
+metadata:
+  name: guestbook
+  labels:
+    app: guestbook
+spec:
+  replicas: 3
+  selector:
+    app: guestbook
+  template:
+    metadata:
+      labels:
+        app: guestbook
+    spec:
+      containers:
+      - name: guestbook
+        image: registry.k8s.io/guestbook:v3
+        ports:
+        - name: http-server
+          containerPort: 3000
diff --git a/kubernetes/guestbook-go/guestbook-page.png b/kubernetes/guestbook-go/guestbook-page.png
new file mode 100644
index 0000000..776835f
Binary files /dev/null and b/kubernetes/guestbook-go/guestbook-page.png differ
diff --git a/kubernetes/guestbook-go/guestbook-service.yaml b/kubernetes/guestbook-go/guestbook-service.yaml
new file mode 100644
index 0000000..677bde4
--- /dev/null
+++ b/kubernetes/guestbook-go/guestbook-service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: guestbook
+  labels:
+    app: guestbook
+spec:
+  ports:
+  - port: 3000
+    targetPort: http-server
+  selector:
+    app: guestbook
+  type: LoadBalancer
diff --git a/kubernetes/guestbook-go/main.go b/kubernetes/guestbook-go/main.go
new file mode 100644
index 0000000..7a57664
--- /dev/null
+++ b/kubernetes/guestbook-go/main.go
@@ -0,0 +1,91 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"encoding/json"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/codegangsta/negroni"
+	"github.com/gorilla/mux"
+	"github.com/xyproto/simpleredis/v2"
+)
+
+var (
+	masterPool *simpleredis.ConnectionPool
+	replicaPool  *simpleredis.ConnectionPool
+)
+
+func ListRangeHandler(rw http.ResponseWriter, req *http.Request) {
+	key := mux.Vars(req)["key"]
+	list := simpleredis.NewList(replicaPool, key)
+	members := HandleError(list.GetAll()).([]string)
+	membersJSON := HandleError(json.MarshalIndent(members, "", "  ")).([]byte)
+	rw.Write(membersJSON)
+}
+
+func ListPushHandler(rw http.ResponseWriter, req *http.Request) {
+	key := mux.Vars(req)["key"]
+	value := mux.Vars(req)["value"]
+	list := simpleredis.NewList(masterPool, key)
+	HandleError(nil, list.Add(value))
+	ListRangeHandler(rw, req)
+}
+
+func InfoHandler(rw http.ResponseWriter, req *http.Request) {
+	info := HandleError(masterPool.Get(0).Do("INFO")).([]byte)
+	rw.Write(info)
+}
+
+func EnvHandler(rw http.ResponseWriter, req *http.Request) {
+	environment := make(map[string]string)
+	for _, item := range os.Environ() {
+		splits := strings.Split(item, "=")
+		key := splits[0]
+		val := strings.Join(splits[1:], "=")
+		environment[key] = val
+	}
+
+	envJSON := HandleError(json.MarshalIndent(environment, "", "  ")).([]byte)
+	rw.Write(envJSON)
+}
+
+func HandleError(result interface{}, err error) (r interface{}) {
+	if err != nil {
+		panic(err)
+	}
+	return result
+}
+
+func main() {
+	masterPool = simpleredis.NewConnectionPoolHost("redis-master:6379")
+	defer masterPool.Close()
+	replicaPool = simpleredis.NewConnectionPoolHost("redis-replica:6379")
+	defer replicaPool.Close()
+
+	r := mux.NewRouter()
+	r.Path("/lrange/{key}").Methods("GET").HandlerFunc(ListRangeHandler)
+	r.Path("/rpush/{key}/{value}").Methods("GET").HandlerFunc(ListPushHandler)
+	r.Path("/info").Methods("GET").HandlerFunc(InfoHandler)
+	r.Path("/env").Methods("GET").HandlerFunc(EnvHandler)
+
+	n := negroni.Classic()
+	n.UseHandler(r)
+	n.Run(":3000")
+}
diff --git a/kubernetes/guestbook-go/public/index.html b/kubernetes/guestbook-go/public/index.html
new file mode 100644
index 0000000..f525f4b
--- /dev/null
+++ b/kubernetes/guestbook-go/public/index.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+    <meta charset="utf-8">
+    <meta content="width=device-width" name="viewport">
+    <link href="style.css" rel="stylesheet">
+    <title>Guestbook</title>
+  </head>
+  <body>
+    <div id="header">
+      <h1>Guestbook</h1>
+    </div>
+
+    <div id="guestbook-entries">
+      <p>Waiting for database connection...</p>
+    </div>
+
+    <div>
+      <form id="guestbook-form">
+        <input autocomplete="off" id="guestbook-entry-content" type="text">
+        <a href="#" id="guestbook-submit">Submit</a>
+      </form>
+    </div>
+
+    <div>
+      <p><h2 id="guestbook-host-address"></h2></p>
+      <p><a href="env">/env</a>
+      <a href="info">/info</a></p>
+    </div>
+    <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
+    <script src="script.js"></script>
+  </body>
+</html>
diff --git a/kubernetes/guestbook-go/public/script.js b/kubernetes/guestbook-go/public/script.js
new file mode 100644
index 0000000..a0a545b
--- /dev/null
+++ b/kubernetes/guestbook-go/public/script.js
@@ -0,0 +1,46 @@
+$(document).ready(function() {
+  var headerTitleElement = $("#header h1");
+  var entriesElement = $("#guestbook-entries");
+  var formElement = $("#guestbook-form");
+  var submitElement = $("#guestbook-submit");
+  var entryContentElement = $("#guestbook-entry-content");
+  var hostAddressElement = $("#guestbook-host-address");
+
+  var appendGuestbookEntries = function(data) {
+    entriesElement.empty();
+    $.each(data, function(key, val) {
+      entriesElement.append("<p>" + val + "</p>");
+    });
+  }
+
+  var handleSubmission = function(e) {
+    e.preventDefault();
+    var entryValue = entryContentElement.val()
+    if (entryValue.length > 0) {
+      entriesElement.append("<p>...</p>");
+      $.getJSON("rpush/guestbook/" + entryValue, appendGuestbookEntries);
+    }
+    return false;
+  }
+
+  // colors = purple, blue, red, green, yellow
+  var colors = ["#549", "#18d", "#d31", "#2a4", "#db1"];
+  var randomColor = colors[Math.floor(5 * Math.random())];
+  (function setElementsColor(color) {
+    headerTitleElement.css("color", color);
+    entryContentElement.css("box-shadow", "inset 0 0 0 2px " + color);
+    submitElement.css("background-color", color);
+  })(randomColor);
+
+  submitElement.click(handleSubmission);
+  formElement.submit(handleSubmission);
+  hostAddressElement.append(document.URL);
+
+  // Poll every second.
+  (function fetchGuestbook() {
+    $.getJSON("lrange/guestbook").done(appendGuestbookEntries).always(
+      function() {
+        setTimeout(fetchGuestbook, 1000);
+      });
+  })();
+});
diff --git a/kubernetes/guestbook-go/public/style.css b/kubernetes/guestbook-go/public/style.css
new file mode 100644
index 0000000..fd1c393
--- /dev/null
+++ b/kubernetes/guestbook-go/public/style.css
@@ -0,0 +1,61 @@
+body, input {
+  color: #123;
+  font-family: "Gill Sans", sans-serif;
+}
+
+div {
+  overflow: hidden;
+  padding: 1em 0;
+  position: relative;
+  text-align: center;
+}
+
+h1, h2, p, input, a {
+  font-weight: 300;
+  margin: 0;
+}
+
+h1 {
+  color: #BDB76B;
+  font-size: 3.5em;
+}
+
+h2 {
+  color: #999;
+}
+
+form {
+  margin: 0 auto;
+  max-width: 50em;
+  text-align: center;
+}
+
+input {
+  border: 0;
+  border-radius: 1000px;
+  box-shadow: inset 0 0 0 2px #BDB76B;
+  display: inline;
+  font-size: 1.5em;
+  margin-bottom: 1em;
+  outline: none;
+  padding: .5em 5%;
+  width: 55%;
+}
+
+form a {
+  background: #BDB76B;
+  border: 0;
+  border-radius: 1000px;
+  color: #FFF;
+  font-size: 1.25em;
+  font-weight: 400;
+  padding: .75em 2em;
+  text-decoration: none;
+  text-transform: uppercase;
+  white-space: normal;
+}
+
+p {
+  font-size: 1.5em;
+  line-height: 1.5;
+}
diff --git a/kubernetes/guestbook-go/redis-master-controller.yaml b/kubernetes/guestbook-go/redis-master-controller.yaml
new file mode 100644
index 0000000..338c76f
--- /dev/null
+++ b/kubernetes/guestbook-go/redis-master-controller.yaml
@@ -0,0 +1,24 @@
+kind: ReplicationController
+apiVersion: v1
+metadata:
+  name: redis-master
+  labels:
+    app: redis
+    role: master
+spec:
+  replicas: 1
+  selector:
+    app: redis
+    role: master
+  template:
+    metadata:
+      labels:
+        app: redis
+        role: master
+    spec:
+      containers:
+      - name: redis-master
+        image: redis
+        ports:
+        - name: redis-server
+          containerPort: 6379
diff --git a/kubernetes/guestbook-go/redis-master-service.yaml b/kubernetes/guestbook-go/redis-master-service.yaml
new file mode 100644
index 0000000..c69456e
--- /dev/null
+++ b/kubernetes/guestbook-go/redis-master-service.yaml
@@ -0,0 +1,14 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: redis-master
+  labels:
+    app: redis
+    role: master
+spec:
+  ports:
+  - port: 6379
+    targetPort: redis-server
+  selector:
+    app: redis
+    role: master
diff --git a/kubernetes/guestbook-go/redis-replica-controller.yaml b/kubernetes/guestbook-go/redis-replica-controller.yaml
new file mode 100644
index 0000000..5e10e7d
--- /dev/null
+++ b/kubernetes/guestbook-go/redis-replica-controller.yaml
@@ -0,0 +1,24 @@
+kind: ReplicationController
+apiVersion: v1
+metadata:
+  name: redis-replica
+  labels:
+    app: redis
+    role: replica
+spec:
+  replicas: 2
+  selector:
+    app: redis
+    role: replica
+  template:
+    metadata:
+      labels:
+        app: redis
+        role: replica
+    spec:
+      containers:
+      - name: redis-replica
+        image: registry.k8s.io/redis-slave:v2
+        ports:
+        - name: redis-server
+          containerPort: 6379
diff --git a/kubernetes/guestbook-go/redis-replica-service.yaml b/kubernetes/guestbook-go/redis-replica-service.yaml
new file mode 100644
index 0000000..191db0b
--- /dev/null
+++ b/kubernetes/guestbook-go/redis-replica-service.yaml
@@ -0,0 +1,14 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: redis-replica
+  labels:
+    app: redis
+    role: replica
+spec:
+  ports:
+  - port: 6379
+    targetPort: redis-server
+  selector:
+    app: redis
+    role: replica
diff --git a/terraform/README.md b/terraform/README.md
new file mode 100644
index 0000000..ffca163
--- /dev/null
+++ b/terraform/README.md
@@ -0,0 +1,17 @@
+# Terraform
+This folder holds all the Terraform scripts for provisioning the VMs. The config is inspired by [this blog](https://olav.ninja/talos-cluster-on-proxmox-with-terraform)
+
+## Deployment
+1. Install dependencies
+```bash
+brew install terraform tfsec siderolabs/tap/talosctl
+
+pnpm i
+```
+2. Provide env variables:
+  - `terraform login`
+  - Create `terraform.tfvars` according the `variables.tf`
+3. Deploy
+```bash
+pnpm dep
+```
diff --git a/terraform/package.json b/terraform/package.json
index e208402..c91fa47 100644
--- a/terraform/package.json
+++ b/terraform/package.json
@@ -4,6 +4,6 @@
     "format": "terraform fmt --recursive",
     "lint": "terraform validate && tfsec . --tfvars-file=terraform.tfvars",
     "plan": "terraform state pull terraform.tfstate && terraform plan",
-    "dep": "terraform state pull terraform.tfstate && terraform apply -auto-approve && terraform state push terraform.tfstate"
+    "dep": "terraform state pull terraform.tfstate && terraform apply -auto-approve && terraform state push terraform.tfstate && terraform output -raw kube_config > ~/.kube/config && terraform output -raw talos_config > ~/.talos/config"
   }
 }
diff --git a/terraform/proxmox.tf b/terraform/proxmox.tf
index 4845def..f94b970 100644
--- a/terraform/proxmox.tf
+++ b/terraform/proxmox.tf
@@ -1,15 +1,3 @@
-variable "proxmox_config" {
-  description = "Proxmox configuration"
-  type = object({
-    name           = string
-    endpoint       = string
-    username       = string
-    password       = string
-    image_store_id = string
-    vm_store_id    = string
-  })
-}
-
 provider "proxmox" {
   endpoint = var.proxmox_config.endpoint
   username = var.proxmox_config.username
diff --git a/terraform/qcow2_images.tf b/terraform/qcow2_images.tf
deleted file mode 100644
index 7404eeb..0000000
--- a/terraform/qcow2_images.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-# talos - with extensions `qemu-guest-agent` + `tailscale` + `glibc`
-resource "proxmox_virtual_environment_download_file" "talos_qcow2" {
-  content_type = "iso"
-  datastore_id = var.proxmox_config.image_store_id
-  node_name    = var.proxmox_config.name
-  file_name    = "talos.qcow2.img"
-  url          = "https://factory.talos.dev/image/9ee49bb5f44200889652309e9af03195a9ed7a13049dd310180aa00e5ed3a7c2/v1.9.0/nocloud-amd64.qcow2"
-  overwrite    = false
-}
-
-# debian
-resource "proxmox_virtual_environment_download_file" "debian_qcow2" {
-  content_type = "iso"
-  datastore_id = var.proxmox_config.image_store_id
-  node_name    = var.proxmox_config.name
-  file_name    = "debian.qcow2.img"
-  url          = "https://cdimage.debian.org/images/cloud/bookworm/20241201-1948/debian-12-nocloud-amd64-20241201-1948.qcow2"
-  overwrite    = false
-}
-
-# almalinux
-resource "proxmox_virtual_environment_download_file" "almalinux_qcow2" {
-  content_type = "iso"
-  datastore_id = var.proxmox_config.image_store_id
-  node_name    = var.proxmox_config.name
-  file_name    = "almalinux.qcow2.img"
-  url          = "https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-GenericCloud-9.5-20241120.x86_64.qcow2"
-  overwrite    = false
-}
diff --git a/terraform/talos.tf b/terraform/talos.tf
index 54477dc..cff9c38 100644
--- a/terraform/talos.tf
+++ b/terraform/talos.tf
@@ -1,13 +1,3 @@
-variable "talos_cluster_config" {
-  description = "Talos cluster configuration"
-  type = object({
-    name             = string
-    gateway          = string
-    control_plane_ip = string
-    worker_ip        = string
-  })
-}
-
 resource "talos_machine_secrets" "this" {}
 
 data "talos_client_configuration" "this" {
diff --git a/terraform/talos_image.tf b/terraform/talos_image.tf
new file mode 100644
index 0000000..456ab4f
--- /dev/null
+++ b/terraform/talos_image.tf
@@ -0,0 +1,9 @@
+# talos - with extensions `qemu-guest-agent` + `glibc`
+resource "proxmox_virtual_environment_download_file" "talos_qcow2" {
+  content_type = "iso"
+  datastore_id = var.proxmox_config.image_store_id
+  node_name    = var.proxmox_config.name
+  file_name    = "talos.qcow2.img"
+  url          = "https://factory.talos.dev/image/a98370e8bc36e336e1de99db6bbc23b8a0ae03820a474d8a2e964cfeaece9922/v1.9.0/nocloud-amd64.qcow2"
+  overwrite    = true
+}
diff --git a/terraform/talos_services.tf b/terraform/talos_services.tf
index 73192cc..52985b4 100644
--- a/terraform/talos_services.tf
+++ b/terraform/talos_services.tf
@@ -1,17 +1,16 @@
-# data "talos_cluster_health" "this" {
-#   depends_on           = [talos_machine_configuration_apply.control_plane_config_apply, talos_machine_configuration_apply.worker_config_apply]
-#   client_configuration = data.talos_client_configuration.this.client_configuration
-#   control_plane_nodes  = [var.talos_cluster_config.control_plane_ip]
-#   worker_nodes         = [var.talos_cluster_config.worker_ip]
-#   endpoints            = data.talos_client_configuration.this.endpoints
-#   timeouts = {
-#     read = "30s"
-#   }
-# }
+data "talos_cluster_health" "this" {
+  depends_on           = [talos_machine_configuration_apply.control_plane_config_apply, talos_machine_configuration_apply.worker_config_apply]
+  client_configuration = data.talos_client_configuration.this.client_configuration
+  control_plane_nodes  = [var.talos_cluster_config.control_plane_ip]
+  worker_nodes         = [var.talos_cluster_config.worker_ip]
+  endpoints            = data.talos_client_configuration.this.endpoints
+  timeouts = {
+    read = "10m"
+  }
+}
 
 resource "talos_cluster_kubeconfig" "talos_kubeconfig" {
-  # depends_on           = [talos_machine_bootstrap.talos_bootstrap, data.talos_cluster_health.this]
-  depends_on           = [talos_machine_bootstrap.talos_bootstrap]
+  depends_on           = [talos_machine_bootstrap.talos_bootstrap, data.talos_cluster_health.this]
   client_configuration = talos_machine_secrets.this.client_configuration
   node                 = var.talos_cluster_config.control_plane_ip
 }
diff --git a/terraform/talos_vms.tf b/terraform/talos_vms.tf
index 174852e..ee153bc 100644
--- a/terraform/talos_vms.tf
+++ b/terraform/talos_vms.tf
@@ -5,10 +5,13 @@ resource "proxmox_virtual_environment_vm" "talos_control_plane_vm" {
   node_name   = var.proxmox_config.name
   vm_id       = 800
 
-  on_boot = true
+  bios            = "seabios"
+  machine         = "q35"
+  on_boot         = true
+  stop_on_destroy = true
   cpu {
     cores = 4
-    type  = "x86-64-v2-AES"
+    type  = "host"
   }
   memory {
     dedicated = 4000
@@ -17,14 +20,13 @@ resource "proxmox_virtual_environment_vm" "talos_control_plane_vm" {
   agent {
     enabled = true
   }
-  stop_on_destroy = true
   network_device {
     bridge = "vmbr0"
   }
   disk {
     datastore_id = var.proxmox_config.vm_store_id
     file_id      = proxmox_virtual_environment_download_file.talos_qcow2.id
-    file_format  = "raw"
+    file_format  = "qcow2"
     interface    = "virtio0"
     size         = 10
   }
@@ -53,26 +55,28 @@ resource "proxmox_virtual_environment_vm" "talos_worker_vm" {
   node_name   = var.proxmox_config.name
   vm_id       = 900
 
-  on_boot = true
+  bios            = "seabios"
+  machine         = "q35"
+  on_boot         = true
+  stop_on_destroy = true
   cpu {
-    cores = 12
-    type  = "x86-64-v2-AES"
+    cores = 16
+    type  = "host"
   }
   memory {
-    dedicated = 64000
-    floating  = 64000 # enable memory ballooning
+    dedicated = 32000
+    floating  = 32000 # enable memory ballooning
   }
   agent {
     enabled = true
   }
-  stop_on_destroy = true
   network_device {
     bridge = "vmbr0"
   }
   disk {
     datastore_id = var.proxmox_config.vm_store_id
     file_id      = proxmox_virtual_environment_download_file.talos_qcow2.id
-    file_format  = "raw"
+    file_format  = "qcow2"
     interface    = "virtio0"
     size         = 10
   }
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000..528ee82
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,21 @@
+variable "proxmox_config" {
+  description = "Proxmox configuration"
+  type = object({
+    name           = string
+    endpoint       = string
+    username       = string
+    password       = string
+    image_store_id = string
+    vm_store_id    = string
+  })
+}
+
+variable "talos_cluster_config" {
+  description = "Talos cluster configuration"
+  type = object({
+    name             = string
+    gateway          = string
+    control_plane_ip = string
+    worker_ip        = string
+  })
+}