diff --git a/infrastructure/buckets.tf b/infrastructure/buckets.tf
index 7dfc8aa..21f01e3 100644
--- a/infrastructure/buckets.tf
+++ b/infrastructure/buckets.tf
@@ -1,65 +1,17 @@
-resource "cloudflare_r2_bucket" "backup" {
-  account_id = var.cloudflare_account_id
-  name       = "backup"
-  location   = "WEUR"
-}
-
 resource "cloudflare_r2_bucket" "csi" {
   account_id = var.cloudflare_account_id
   name       = "csi"
   location   = "WEUR"
 }
 
-resource "cloudflare_r2_bucket" "fider" {
-  account_id = var.cloudflare_account_id
-  name       = "fider"
-  location   = "WEUR"
-}
-
 resource "cloudflare_r2_bucket" "gitea" {
   account_id = var.cloudflare_account_id
   name       = "gitea"
   location   = "WEUR"
 }
 
-resource "cloudflare_r2_bucket" "hedgedoc" {
-  account_id = var.cloudflare_account_id
-  name       = "hedgedoc"
-  location   = "WEUR"
-}
-
-resource "cloudflare_r2_bucket" "k3s" {
-  account_id = var.cloudflare_account_id
-  name       = "k3s"
-  location   = "WEUR"
-}
-
-resource "cloudflare_r2_bucket" "linkwarden" {
-  account_id = var.cloudflare_account_id
-  name       = "linkwarden"
-  location   = "WEUR"
-}
-
-resource "cloudflare_r2_bucket" "noco" {
-  account_id = var.cloudflare_account_id
-  name       = "noco"
-  location   = "WEUR"
-}
-
-resource "cloudflare_r2_bucket" "obsidian" {
-  account_id = var.cloudflare_account_id
-  name       = "obsidian"
-  location   = "WEUR"
-}
-
 resource "cloudflare_r2_bucket" "tfstate" {
   account_id = var.cloudflare_account_id
   name       = "tfstate"
   location   = "WEUR"
-}
-
-resource "cloudflare_r2_bucket" "zipline" {
-  account_id = var.cloudflare_account_id
-  name       = "zipline"
-  location   = "WEUR"
 }
\ No newline at end of file
diff --git a/infrastructure/k8s_control_plane.tf b/infrastructure/k8s_control_plane.tf
index 4942c02..1ac7a89 100644
--- a/infrastructure/k8s_control_plane.tf
+++ b/infrastructure/k8s_control_plane.tf
@@ -123,9 +123,9 @@ data "ct_config" "machine-ignitions-cp" {
         templatefile(
           "${path.module}/configs/cp/litestream.yml",
           {
-            "accessKey" = var.litestream_access_key,
-            "secretKey" = var.litestream_secret_key,
-            "endpoint"  = var.litestream_endpoint
+            "accessKey" = var.k3s_backup_access_key,
+            "secretKey" = var.k3s_backup_secret_key,
+            "endpoint"  = var.k3s_backup_endpoint
           }
         )
       )
diff --git a/infrastructure/k8s_flatcar_machines.tf b/infrastructure/k8s_flatcar_machines.tf
index c063e66..0021e82 100644
--- a/infrastructure/k8s_flatcar_machines.tf
+++ b/infrastructure/k8s_flatcar_machines.tf
@@ -85,6 +85,7 @@ resource "hcloud_server" "machine" {
 
   connection {
     host        = self.ipv4_address
+    agent       = false
     private_key = tls_private_key.provisioning.private_key_pem
     timeout     = "5m"
   }
@@ -118,11 +119,25 @@ resource "hcloud_server" "machine" {
       timeout     = "3m"
       user        = "core"
     }
-
     inline = [
       "sudo hostnamectl set-hostname ${self.name}",
     ]
   }
+
+}
+
+resource "null_resource" "machine-drainable" {
+  for_each = var.k3s_workers
+
+  lifecycle {
+    replace_triggered_by = [hcloud_server.machine[each.key]]
+  }
+
+  provisioner "local-exec" {
+    when       = destroy
+    on_failure = continue
+    command    = "kubectl drain --delete-emptydir-data=true --ignore-daemonsets=true ${each.key}"
+  }
 }
 
 data "ct_config" "machine-ignitions" {
diff --git a/infrastructure/tf.sh b/infrastructure/tf.sh
index a148fd6..a2c558b 100755
--- a/infrastructure/tf.sh
+++ b/infrastructure/tf.sh
@@ -5,9 +5,9 @@ export AWS_SECRET_KEY=$(rbw get "CloudFlare TFState")
 export HETZNER_DNS_API_TOKEN=$(rbw get -f "API Token" "Hetzner DNS")
 export TF_VAR_hcloud_token="$(rbw get "HCloud API")"
 export TF_VAR_k3s_token="$(rbw get "K3s Token")"
-export TF_VAR_litestream_access_key="$(rbw get -f username "Litestream")"
-export TF_VAR_litestream_secret_key="$(rbw get "Litestream")"
-export TF_VAR_litestream_endpoint="$(rbw get -f Endpoint "Litestream")"
+export TF_VAR_k3s_backup_access_key="$(rbw get -f username "K3s Backup")"
+export TF_VAR_k3s_backup_secret_key="$(rbw get "K3s Backup")"
+export TF_VAR_k3s_backup_endpoint="$(rbw get -f Endpoint "K3s Backup")"
 export TF_VAR_cloudflare_api_token="$(rbw get -f "DNS API Token" "CloudFlare")"
 export TF_VAR_cloudflare_account_id="$(rbw get -f "Account ID" "CloudFlare")"
 
diff --git a/infrastructure/vars.tf b/infrastructure/vars.tf
index d936d4e..61d72a7 100644
--- a/infrastructure/vars.tf
+++ b/infrastructure/vars.tf
@@ -18,17 +18,17 @@ variable "k3s_token" {
   sensitive = true
 }
 
-variable "litestream_access_key" {
+variable "k3s_backup_access_key" {
   sensitive = true
   type      = string
 }
 
-variable "litestream_secret_key" {
+variable "k3s_backup_secret_key" {
   sensitive = true
   type      = string
 }
 
-variable "litestream_endpoint" {
+variable "k3s_backup_endpoint" {
   type = string
 }
 
diff --git a/infrastructure/vms.auto.tfvars b/infrastructure/vms.auto.tfvars
index dc778bc..833b7fc 100644
--- a/infrastructure/vms.auto.tfvars
+++ b/infrastructure/vms.auto.tfvars
@@ -23,29 +23,45 @@ k3s_workers = {
     storage_node = false
   }
 
-  "w2-cax21-hel1" = {
-    server_type  = "cax21"
-    generation   = 7
+  "w2-cax11-hel1" = {
+    server_type  = "cax11"
+    generation   = 1
     private_ip   = "172.23.2.21"
     location     = "hel1"
     storage_node = true
   }
 
-  "w3-cax21-hel1" = {
-    server_type  = "cax21"
-    generation   = 7
+  "w3-cax11-hel1" = {
+    server_type  = "cax11"
+    generation   = 1
     private_ip   = "172.23.2.22"
     location     = "hel1"
     storage_node = true
   }
 
-  "w4-cax21-hel1" = {
-    server_type  = "cax21"
-    generation   = 8
+  "w4-cax11-hel1" = {
+    server_type  = "cax11"
+    generation   = 1
     private_ip   = "172.23.2.23"
     location     = "hel1"
     storage_node = true
   }
+
+  "w5-cax11-hel1" = {
+    server_type  = "cax11"
+    generation   = 1
+    private_ip   = "172.23.2.24"
+    location     = "hel1"
+    storage_node = true
+  }
+
+  "w6-cax11-hel1" = {
+    server_type  = "cax11"
+    generation   = 1
+    private_ip   = "172.23.2.25"
+    location     = "hel1"
+    storage_node = true
+  }
 }
 
 ssh_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQoNCLuHgcaDn4JTjCeQKJsIsYU0Jmub5PUMzIIZbUBb+TGMh6mCAY/UbYaq/n4jVnskXopzPGJbx4iPBG5HrNzqYZqMjkk8uIeeT0mdIcNv9bXxuCxCH1iHZF8LlzIZCmQ0w3X6VQ1izcJgvjrAYzbHN3gqCHOXtNkqIUkwaadIWCEjg33OVSlM4yrIDElr6+LHzv84VNh/PhemixCVVEMJ83GjhDtpApMg9WWW3es6rpJn4TlYEMV+aPNU4ZZEWFen/DFBKoX+ulkiJ8CwpY3eJxSzlBijs5ZKH89OOk/MXN1lnREElFqli+jE8EbZKQzi59Zmx8ZOb52qVNot8XZT0Un4EttAIEeE8cETqUC4jK+6RbUrsXtclVbU9i57LWRpl65LYSIJEFmkTxvYdkPXqGbvlW024IjgSo8kds121w95+Rpo6419cSYsQWowS8+aXfEv2Q8SE81QH7ObYfWFXsPBAmmNleQNN3E5HOoaxpWQjv3aTUGuxm4PCzKLdP0LsHmTfGJB7Priaj+9i8xLjDWe7zXDde2Gp9FmdedDr06uEkVSRFnS35Dwfd7M7xP6NsilfMOdWzJWWy/BAYxtnWcrEFxhaEr4vgs8Ub+KBtKhr740x3Mr8up+mythConAs4LOj37lWK4kJ8cI7TXjcSJi9nTIPd39us7tp3Aw== cardno:24_781_961"]