diff --git a/.github/workflows/terraform-bio.yml b/.github/workflows/terraform-bio.yml
new file mode 100644
index 00000000..02c097b6
--- /dev/null
+++ b/.github/workflows/terraform-bio.yml
@@ -0,0 +1,126 @@
+name: "TF Plan on a PR (BIO)"
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'terraform/gozzi-01-bio/**'
+  pull_request:
+    paths:
+      - 'terraform/gozzi-01-bio/**'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  terraform:
+    name: "Terraform Diff"
+    runs-on: self-hosted
+    defaults:
+      run:
+        working-directory: terraform/gozzi-01-bio/
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - uses: hashicorp/setup-terraform@v2
+        with:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Create Pub key
+        run: |
+          mkdir -p ~/.ssh/
+          echo "${{ secrets.PUB_KEY }}" > ~/.ssh/id_rsa.pub
+
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check
+        continue-on-error: true
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        run: terraform plan -no-color -var onepassword_token=$OP_TOKEN -var onepassword_endpoint=$OP_ENDPOINT
+        continue-on-error: true
+        env:
+          OP_TOKEN: '${{ secrets.OP_TOKEN }}'
+          OP_ENDPOINT: '${{ secrets.OP_ENDPOINT }}'
+
+      - uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            // 1. Retrieve existing bot comments for the PR
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            })
+            const botComment = comments.find(comment => {
+              return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
+            })
+
+            // 2. Prepare format of the comment
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            <details><summary>Validation Output</summary>
+
+            \`\`\`\n
+            ${{ steps.validate.outputs.stdout }}
+            \`\`\`
+
+            </details>
+
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+
+            <details><summary>Show Plan</summary>
+
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+
+            </details>
+
+            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+            // 3. If we have a comment, update it, otherwise create a new one
+            if (botComment) {
+              github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: botComment.id,
+                body: output
+              })
+            } else {
+              github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: output
+              })
+            }
+
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform apply -auto-approve -var onepassword_token=$OP_TOKEN -var onepassword_endpoint=$OP_ENDPOINT
+        env:
+          OP_TOKEN: '${{ secrets.OP_TOKEN }}'
+          OP_ENDPOINT: '${{ secrets.OP_ENDPOINT }}'
diff --git a/terraform/gozzi-01-bio/docker.tf b/terraform/gozzi-01-bio/docker.tf
new file mode 100644
index 00000000..49c49b29
--- /dev/null
+++ b/terraform/gozzi-01-bio/docker.tf
@@ -0,0 +1,161 @@
+resource "proxmox_virtual_environment_file" "cloud_config" {
+  content_type = "snippets"
+  datastore_id = "local"
+  node_name    = "gozzi-pve"
+
+  source_raw {
+    data = <<EOF
+      #cloud-config
+      chpasswd:
+        #list: |
+        #  ubuntu:example
+        expire: false
+      hostname: PLACEHOLDER.ddlns.net
+      packages:
+        - qemu-guest-agent
+      users:
+        - default
+        - name: daniele
+          groups: sudo
+          shell: /bin/bash
+          ssh-authorized-keys:
+            - ${trimspace(tls_private_key.docker_key.public_key_openssh)}
+          sudo: ALL=(ALL) NOPASSWD:ALL
+          lock_passwd: false
+      runcmd:
+        - systemctl start qemu-guest-agent
+      EOF
+
+    file_name = "debian.cloud-config.yaml"
+  }
+}
+
+resource "proxmox_virtual_environment_vm" "docker" {
+  name        = "dckbio-${count.index + 1}"
+  description = "Docker Bio ${count.index + 1} Server"
+  tags        = ["automation", "bckbio-${count.index + 1}", "debian"]
+
+  node_name = "gozzi-pve"
+
+  vm_id = "50${count.index + 1}"
+
+  count = 1
+
+  agent {
+    enabled = true
+  }
+
+  disk {
+    datastore_id = "data-ssd"
+    file_id      = "local:iso/debian-12-genericcloud-amd64.img"
+    interface    = "virtio0"
+    file_format  = "raw"
+    size         = 20
+    iothread = true
+  }
+
+  disk {
+    datastore_id = "data-ssd"
+    interface    = "virtio1"
+    file_format  = "raw"
+    size	       = 100
+    iothread     = true
+  }
+
+  initialization {
+    datastore_id = "data-ssd"
+    ip_config {
+      ipv4 {
+        address = "dhcp"
+      }
+    }
+
+    user_account {
+      keys     = [trimspace(tls_private_key.docker_key.public_key_openssh)]
+      password = random_password.docker_password.result
+      username = "daniele"
+    }
+
+    user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
+  }
+
+  network_device {
+    bridge = "vmbr1"
+  }
+
+  operating_system {
+    type = "l26"
+  }
+
+  serial_device {}
+
+  cpu {
+    cores = 8
+    type = "host"
+  }
+
+  memory {
+    dedicated = 8192
+  }
+
+  provisioner "remote-exec" {
+    inline = ["sudo hostnamectl set-hostname dckbio-${count.index + 1}"]#,
+      #"sudo apt-get update",
+      #"sudo apt-get install ca-certificates curl -y",
+      #"sudo install -m 0755 -d /etc/apt/keyrings",
+      #"sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc",
+      #"sudo chmod a+r /etc/apt/keyrings/docker.asc",
+      #"echo 'deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release', echo '$VERSION_CODENAME') stable' | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null",
+      #"sudo apt-get update",
+      #"sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y"
+      #]
+
+    connection {
+      host        = element(element(self.ipv4_addresses, index(self.network_interface_names, "eth0")), 0)
+      type        = "ssh"
+      user        = "daniele"
+      private_key = local_file.docker_key_file.id
+    }
+  }
+
+}
+
+resource "random_password" "docker_password" {
+  length           = 16
+  override_special = "_%@"
+  special          = true
+}
+
+resource "tls_private_key" "docker_key" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+resource "local_file" "docker_key_file" {
+  content  = tls_private_key.docker_key.private_key_pem
+  filename = "${path.module}/docker-ssh.key"
+  file_permission = 0600
+}
+
+output "docker_password" {
+  value     = random_password.docker_password.result
+  sensitive = true
+}
+
+output "docker_private_key" {
+  value     = tls_private_key.docker_key.private_key_pem
+  sensitive = true
+}
+
+output "docker_public_key" {
+  value = tls_private_key.docker_key.public_key_openssh
+}
+
+output "docker_ip" {
+  #value = flatten(proxmox_virtual_environment_vm.docker[*].ipv4_addresses)
+  value = flatten(proxmox_virtual_environment_vm.docker[*].ipv4_addresses[1])
+}
+
+#output "docker_image_id" {
+#  value = proxmox_virtual_environment_file.ubuntu2204_cloud_image.id
+#}
diff --git a/terraform/gozzi-01-bio/images.tf b/terraform/gozzi-01-bio/images.tf
index 64ec44b9..c70e0359 100644
--- a/terraform/gozzi-01-bio/images.tf
+++ b/terraform/gozzi-01-bio/images.tf
@@ -13,46 +13,47 @@ resource "proxmox_virtual_environment_file" "almalinux_8_cloud_image" {
 }
 
 # AlmaLinux 8 UEFI
-resource "proxmox_virtual_environment_file" "almalinux_8_uefi_cloud_image" {
-
-  content_type = "iso"
-  datastore_id = "local"
-  node_name    = "gozzi-pve"
-
-  source_file {
-    path = "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-UEFI-latest.x86_64.qcow2"
-    file_name = "AlmaLinux-8-GenericCloud-UEFI-latest.x86_64.img"
-  }
-
-}
+##resource "proxmox_virtual_environment_file" "almalinux_8_uefi_cloud_image" {
+##
+##  content_type = "iso"
+##  datastore_id = "local"
+##  node_name    = "gozzi-pve"
+##
+##  source_file {
+##    path = "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-UEFI-latest.x86_64.qcow2"
+##    file_name = "AlmaLinux-8-GenericCloud-UEFI-latest.x86_64.img"
+##  }
+##
+##}
 
 #AlmaLinux 9
-resource "proxmox_virtual_environment_file" "almalinux_9_cloud_image" {
-
-  content_type = "iso"
-  datastore_id = "local"
-  node_name    = "gozzi-pve"
-
-  source_file {
-    path = "https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-GenericCloud-latest.x86_64.qcow2"
-    file_name = "AlmaLinux-9-GenericCloud-latest.x86_64.img"
-  }
-
-}
+##resource "proxmox_virtual_environment_file" "almalinux_9_cloud_image" {
+##
+##  content_type = "iso"
+##  datastore_id = "local"
+##  node_name    = "gozzi-pve"
+##
+##  source_file {
+##    path = "https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-GenericCloud-latest.x86_64.qcow2"
+##    file_name = "AlmaLinux-9-GenericCloud-latest.x86_64.img"
+##  }
+##
+##}
 
 # AliLinux 2
-resource "proxmox_virtual_environment_file" "alilinux_cloud_image" {
-
-  content_type = "iso"
-  datastore_id = "local"
-  node_name    = "gozzi-pve"
-
-  source_file {
-    path = "https://alinux2.oss-cn-hangzhou.aliyuncs.com/aliyun_2_1903_x64_20G_nocloud_alibase_20220525.qcow2"
-    file_name = "aliyun_2_1903_x64_20G_nocloud_alibase_20220525.img"
-  }
-
-}
+#resource "proxmox_virtual_environment_file" "alilinux_cloud_image" {
+#
+#  content_type = "iso"
+#  datastore_id = "local"
+#  node_name    = "gozzi-pve"
+#
+#  source_file {
+#    path = "https://alinux2.oss-cn-hangzhou.aliyuncs.com/aliyun_2_1903_x64_20G_nocloud_alibase_20230103.qcow2"
+#    file_name = "aliyun_2_1903_x64_20G_nocloud_alibase.img"
+#    min_tls = "1.2"
+#  }
+#
+#}
 
 ## AliLinux 3
 #resource "proxmox_virtual_environment_file" "alilinux3_cloud_image" {
diff --git a/terraform/gozzi-01-bio/provider.tf b/terraform/gozzi-01-bio/provider.tf
index ebd71e9e..1a214401 100644
--- a/terraform/gozzi-01-bio/provider.tf
+++ b/terraform/gozzi-01-bio/provider.tf
@@ -11,7 +11,7 @@ terraform {
   required_providers {
     proxmox = {
       source = "bpg/proxmox"
-      version = "0.13.0"
+      version = "0.60.0"
     }
 
     onepassword = {
@@ -23,13 +23,11 @@ terraform {
 }
 
 provider "proxmox" {
-  virtual_environment {
-    endpoint = data.onepassword_item.gozzi_01_bio_token.hostname
-    username = data.onepassword_item.gozzi_01_bio_token.username
-    password = data.onepassword_item.gozzi_01_bio_token.password
-    #otp = data.external.gozzi_01_bio_token_otp.result.otp
-    insecure = true
-  }
+  endpoint = data.onepassword_item.gozzi_01_bio_token.hostname
+  username = data.onepassword_item.gozzi_01_bio_token.username
+  password = data.onepassword_item.gozzi_01_bio_token.password
+  #otp = data.external.gozzi_01_bio_token_otp.result.otp
+  insecure = true
 }
 
 provider "onepassword" {