diff --git a/infrastructure/configs/workers/k3s-flatcar.yaml b/infrastructure/configs/workers/k3s-flatcar.yaml
index e3970fc..61924a5 100644
--- a/infrastructure/configs/workers/k3s-flatcar.yaml
+++ b/infrastructure/configs/workers/k3s-flatcar.yaml
@@ -20,7 +20,7 @@ systemd:
         Environment="K3S_URL=https://172.23.2.10:6443"
         Environment="K3S_TOKEN=${k3s_token}"
         Environment="INSTALL_K3S_VERSION=${k3s_version}"
-        Environment="INSTALL_K3S_EXEC=agent --node-ip=${node_ip} --kubelet-arg --cloud-provider=external"
+        Environment="INSTALL_K3S_EXEC=agent --node-ip=${node_ip} --kubelet-arg --cloud-provider=external --node-label k8s.icb4dc0.de/storage-node=${tostring(storage_node)}"
         ExecStart=/usr/bin/sh -c "/opt/k3s-install.sh"
         [Install]
         WantedBy=multi-user.target
@@ -34,4 +34,4 @@ storage:
     - path: /opt/k3s-install.sh
       mode: 0777
       contents:
-        source: https://get.k3s.io
+        source: https://get.k3s.io
\ No newline at end of file
diff --git a/infrastructure/dns.tf b/infrastructure/dns.tf
index e48f42f..03a6f99 100644
--- a/infrastructure/dns.tf
+++ b/infrastructure/dns.tf
@@ -1,46 +1,46 @@
 resource "cloudflare_zone" "icb4dc0de" {
   account_id = var.cloudflare_account_id
-  zone = "icb4dc0.de"
+  zone       = "icb4dc0.de"
 
   lifecycle {
-    ignore_changes = [ account_id ]
+    ignore_changes = [account_id]
   }
 }
 
 resource "cloudflare_record" "mx_primary" {
-  zone_id = cloudflare_zone.icb4dc0de.id
-  name = "@"
-  type = "MX"
-  value = "mx01.mail.icloud.com"
+  zone_id  = cloudflare_zone.icb4dc0de.id
+  name     = "@"
+  type     = "MX"
+  value    = "mx01.mail.icloud.com"
   priority = 10
 }
 
 
 resource "cloudflare_record" "mx_secondary" {
-  zone_id = cloudflare_zone.icb4dc0de.id
-  name = "@"
-  type = "MX"
-  value = "mx02.mail.icloud.com"
+  zone_id  = cloudflare_zone.icb4dc0de.id
+  name     = "@"
+  type     = "MX"
+  value    = "mx02.mail.icloud.com"
   priority = 10
 }
 
 resource "cloudflare_record" "apple_proof" {
   zone_id = cloudflare_zone.icb4dc0de.id
-  name = "@"
-  type = "TXT"
-  value = "apple-domain=chwbVvzH8hWIgg1l"
+  name    = "@"
+  type    = "TXT"
+  value   = "apple-domain=chwbVvzH8hWIgg1l"
 }
 
 resource "cloudflare_record" "apple_spf" {
   zone_id = cloudflare_zone.icb4dc0de.id
-  name = "@"
-  type = "TXT"
-  value = "\"v=spf1 include:icloud.com ~all\""
+  name    = "@"
+  type    = "TXT"
+  value   = "\"v=spf1 include:icloud.com ~all\""
 }
 
 resource "cloudflare_record" "apple_sig_domainkey" {
   zone_id = cloudflare_zone.icb4dc0de.id
-  name = "sig1._domainkey"
-  type = "CNAME"
-  value = "sig1.dkim.icb4dc0.de.at.icloudmailadmin.com"
+  name    = "sig1._domainkey"
+  type    = "CNAME"
+  value   = "sig1.dkim.icb4dc0.de.at.icloudmailadmin.com"
 }
\ No newline at end of file
diff --git a/infrastructure/k8s_control_plane.tf b/infrastructure/k8s_control_plane.tf
index a6be94c..4942c02 100644
--- a/infrastructure/k8s_control_plane.tf
+++ b/infrastructure/k8s_control_plane.tf
@@ -4,6 +4,13 @@ resource "null_resource" "cp-config" {
   }
 }
 
+resource "null_resource" "control_plane_generation" {
+  for_each = var.k3s_control_plane
+  triggers = {
+    timestamp = "${each.value.generation}"
+  }
+}
+
 resource "hcloud_server" "control-plane" {
   for_each    = var.k3s_control_plane
   name        = each.key
@@ -14,7 +21,10 @@ resource "hcloud_server" "control-plane" {
   backups = false
 
   lifecycle {
-    replace_triggered_by = [ null_resource.cp-config ]
+    replace_triggered_by = [
+      null_resource.cp-config,
+      null_resource.control_plane_generation
+    ]
   }
 
   ssh_keys = [
@@ -30,7 +40,7 @@ resource "hcloud_server" "control-plane" {
   network {
     network_id = hcloud_network.k8s_net.id
     ip         = each.value.private_ip
-    alias_ips = each.value.alias_ips
+    alias_ips  = each.value.alias_ips
   }
 
   public_net {
@@ -79,25 +89,25 @@ resource "hcloud_server" "control-plane" {
 }
 
 resource "cloudflare_record" "cp-host-ipv4" {
-  for_each    = var.k3s_control_plane
+  for_each = var.k3s_control_plane
 
-  depends_on = [ hcloud_server.control-plane ]
+  depends_on = [hcloud_server.control-plane]
 
   zone_id = cloudflare_zone.icb4dc0de.id
-  name = "${each.key}.k8s"
-  type = "A"
-  value = hcloud_server.control-plane[each.key].ipv4_address
+  name    = "${each.key}.k8s"
+  type    = "A"
+  value   = hcloud_server.control-plane[each.key].ipv4_address
 }
 
 resource "cloudflare_record" "cp-host-ipv6" {
-  for_each    = var.k3s_control_plane
+  for_each = var.k3s_control_plane
 
-  depends_on = [ hcloud_server.control-plane ]
+  depends_on = [hcloud_server.control-plane]
 
   zone_id = cloudflare_zone.icb4dc0de.id
-  name = "${each.key}.k8s"
-  type = "AAAA"
-  value = hcloud_server.control-plane[each.key].ipv6_address
+  name    = "${each.key}.k8s"
+  type    = "AAAA"
+  value   = hcloud_server.control-plane[each.key].ipv6_address
 }
 
 data "ct_config" "machine-ignitions-cp" {
diff --git a/infrastructure/k8s_flatcar_machines.tf b/infrastructure/k8s_flatcar_machines.tf
index 73ecf3c..c063e66 100644
--- a/infrastructure/k8s_flatcar_machines.tf
+++ b/infrastructure/k8s_flatcar_machines.tf
@@ -28,17 +28,36 @@ resource "local_file" "provisioning_key_pub" {
   file_permission      = "0440"
 }
 
+resource "null_resource" "machine_generation" {
+  for_each = var.k3s_workers
+  triggers = {
+    timestamp = "${each.value.generation}"
+  }
+}
+
+resource "hcloud_placement_group" "k3s_machines" {
+  name = "k3s-machines"
+  type = "spread"
+  labels = {
+    "cluster" = "icb4dc0.de"
+  }
+}
+
 resource "hcloud_server" "machine" {
-  for_each    = var.k3s_workers
-  name        = each.key
-  server_type = each.value.server_type
-  location    = each.value.location
-  image       = "ubuntu-22.04"
+  for_each           = var.k3s_workers
+  name               = each.key
+  server_type        = each.value.server_type
+  location           = each.value.location
+  image              = "ubuntu-22.04"
+  placement_group_id = hcloud_placement_group.k3s_machines.id
 
   backups = false
 
   lifecycle {
-    replace_triggered_by = [ null_resource.worker-config ]
+    replace_triggered_by = [
+      null_resource.worker-config,
+      null_resource.machine_generation[each.key]
+    ]
   }
 
   ssh_keys = [
@@ -112,11 +131,11 @@ data "ct_config" "machine-ignitions" {
   content = templatefile(
     "${path.module}/configs/workers/k3s-flatcar.yaml",
     {
-      "host"        = "${each.key}"
-      "k3s_token"   = "${var.k3s_token}"
-      "datacenter"  = "hel1-dc2"
-      "node_ip"     = "${each.value.private_ip}"
-      "k3s_version" = "${var.worker_k3s_version}"
+      "host"         = "${each.key}"
+      "k3s_token"    = "${var.k3s_token}"
+      "node_ip"      = "${each.value.private_ip}"
+      "k3s_version"  = "${var.worker_k3s_version}"
+      "storage_node" = each.value.storage_node
     }
   )
   snippets = [
diff --git a/infrastructure/k8s_network.tf b/infrastructure/k8s_network.tf
index 90a47e4..cfe70d5 100644
--- a/infrastructure/k8s_network.tf
+++ b/infrastructure/k8s_network.tf
@@ -14,3 +14,8 @@ resource "hcloud_ssh_key" "default" {
   name       = "Default Management"
   public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"
 }
+
+resource "hcloud_ssh_key" "yubikey" {
+  name       = "Yubikey"
+  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQoNCLuHgcaDn4JTjCeQKJsIsYU0Jmub5PUMzIIZbUBb+TGMh6mCAY/UbYaq/n4jVnskXopzPGJbx4iPBG5HrNzqYZqMjkk8uIeeT0mdIcNv9bXxuCxCH1iHZF8LlzIZCmQ0w3X6VQ1izcJgvjrAYzbHN3gqCHOXtNkqIUkwaadIWCEjg33OVSlM4yrIDElr6+LHzv84VNh/PhemixCVVEMJ83GjhDtpApMg9WWW3es6rpJn4TlYEMV+aPNU4ZZEWFen/DFBKoX+ulkiJ8CwpY3eJxSzlBijs5ZKH89OOk/MXN1lnREElFqli+jE8EbZKQzi59Zmx8ZOb52qVNot8XZT0Un4EttAIEeE8cETqUC4jK+6RbUrsXtclVbU9i57LWRpl65LYSIJEFmkTxvYdkPXqGbvlW024IjgSo8kds121w95+Rpo6419cSYsQWowS8+aXfEv2Q8SE81QH7ObYfWFXsPBAmmNleQNN3E5HOoaxpWQjv3aTUGuxm4PCzKLdP0LsHmTfGJB7Priaj+9i8xLjDWe7zXDde2Gp9FmdedDr06uEkVSRFnS35Dwfd7M7xP6NsilfMOdWzJWWy/BAYxtnWcrEFxhaEr4vgs8Ub+KBtKhr740x3Mr8up+mythConAs4LOj37lWK4kJ8cI7TXjcSJi9nTIPd39us7tp3Aw=="
+}
\ No newline at end of file
diff --git a/infrastructure/vars.tf b/infrastructure/vars.tf
index ea5906d..f7ab9c0 100644
--- a/infrastructure/vars.tf
+++ b/infrastructure/vars.tf
@@ -1,20 +1,20 @@
 variable "hcloud_token" {
-  type = string
+  type      = string
   sensitive = true
 }
 
 variable "cloudflare_api_token" {
-  type = string
+  type      = string
   sensitive = true
 }
 
 variable "cloudflare_account_id" {
-  type = string
+  type      = string
   sensitive = true
 }
 
 variable "k3s_token" {
-  type = string
+  type      = string
   sensitive = true
 }
 
@@ -51,18 +51,23 @@ variable "k3s_sans" {
   type = list(string)
 }
 
-variable "vms" {
-  type = map(object({
-    node_type   = string
-    server_type = string
-    backups     = bool
-    private_ip  = string
-  }))
+variable "garage_storage" {
+  description = "Config of Garage storage"
+  type = object({
+    size     = number
+    location = string
+  })
+
+  default = {
+    size     = 20
+    location = "hel1"
+  }
 }
 
 variable "k3s_control_plane" {
   type = map(object({
     server_type = string
+    generation  = number
     private_ip  = string
     location    = string
     alias_ips   = set(string)
@@ -71,9 +76,11 @@ variable "k3s_control_plane" {
 
 variable "k3s_workers" {
   type = map(object({
-    server_type = string
-    private_ip  = string
-    location    = string
+    server_type  = string
+    generation   = number
+    private_ip   = string
+    location     = string
+    storage_node = bool
   }))
 }
 
diff --git a/infrastructure/versions.tf b/infrastructure/versions.tf
index 911c1d9..01a7c7d 100644
--- a/infrastructure/versions.tf
+++ b/infrastructure/versions.tf
@@ -17,12 +17,12 @@ terraform {
   required_providers {
     hcloud = {
       source  = "hetznercloud/hcloud"
-      version = "1.45.0"
+      version = "1.47.0"
     }
 
     cloudflare = {
-      source = "cloudflare/cloudflare"
-      version = "4.26.0"
+      source  = "cloudflare/cloudflare"
+      version = "4.31.0"
     }
 
     ct = {
@@ -32,7 +32,7 @@ terraform {
 
     null = {
       source  = "hashicorp/null"
-      version = "~> 3.2.1"
+      version = "~> 3.2.2"
     }
   }
 }
diff --git a/infrastructure/vms.auto.tfvars b/infrastructure/vms.auto.tfvars
index 8f31b32..08e0881 100644
--- a/infrastructure/vms.auto.tfvars
+++ b/infrastructure/vms.auto.tfvars
@@ -1,9 +1,10 @@
 k3s_control_plane = {
-  "cp1-cax11-hel1-gen4" = {
+  "cp1-cax11-hel1" = {
     server_type = "cax11",
+    generation  = 5
     private_ip  = "172.23.2.10"
     location    = "hel1"
-    alias_ips = []
+    alias_ips   = []
   }
 }
 
@@ -15,30 +16,35 @@ k3s_sans = [
 
 k3s_workers = {
   "w1-cx21-hel1-gen2" = {
-    server_type = "cx21"
-    private_ip  = "172.23.2.20"
-    location    = "hel1"
+    server_type  = "cx21"
+    generation   = 2
+    private_ip   = "172.23.2.20"
+    location     = "hel1"
+    storage_node = false
   }
 
   "w2-cax21-hel1-gen7" = {
-    server_type = "cax21"
-    private_ip  = "172.23.2.21"
-    location    = "hel1"
+    server_type  = "cax21"
+    generation   = 7
+    private_ip   = "172.23.2.21"
+    location     = "hel1"
+    storage_node = true
   }
 
   "w3-cax21-hel1-gen7" = {
-    server_type = "cax21"
-    private_ip  = "172.23.2.22"
-    location    = "hel1"
+    server_type  = "cax21"
+    generation   = 7
+    private_ip   = "172.23.2.22"
+    location     = "hel1"
+    storage_node = true
   }
-}
 
-vms = {
-  "cp1" = {
-    node_type   = "control-plane"
-    server_type = "cpx11",
-    backups     = true,
-    private_ip  = "172.23.2.15"
+  "w4-cax21-hel1" = {
+    server_type  = "cax21"
+    generation   = 8
+    private_ip   = "172.23.2.23"
+    location     = "hel1"
+    storage_node = true
   }
 }