diff --git a/.forgejo/workflows/build-image.yml b/.forgejo/workflows/build-image.yml
index 2808418..87244f7 100644
--- a/.forgejo/workflows/build-image.yml
+++ b/.forgejo/workflows/build-image.yml
@@ -9,18 +9,32 @@ on:
 jobs:
   build:
     name: Build NixOS Base Image
+    # Ensure 'nixos-latest' runner has Docker, SSH client, and basic Nix tools installed.
+    # It seems it already does.
     runs-on: nixos-latest
     env:
       NIXOS_BUILER_HOST: nixos-builder.lab
       NIXOS_BUILER_USER: runner
+      # Proxmox host details for SSH connection (used by Ansible copy/shell tasks)
       PROXMOX_HOST: 192.168.1.205
-      PROXMOX_USER: plasmagoat
-      TEMPLATE_VMID: 9001
-      LATEST_TEMPLATE_VMID: 9000
+      # PROXMOX_USER is the SSH user Ansible will connect as (`remote_user` in ansible.cfg)
+      # This should be your Linux system CI user, not necessarily the Proxmox API user.
+      PROXMOX_USER: ci-user-linux # <-- IMPORTANT: Use your actual Linux SSH user here
+
+      # VM Template IDs for your Ansible playbook
+      # These are now passed to the playbook via --extra-vars, not directly as env vars for qm.
+      # They are defined in group_vars/all.yml, but can be overridden from here if needed.
+      # TEMPLATE_VMID: 9001 # Removed from direct env for explicit passing to Ansible
+      # LATEST_TEMPLATE_VMID: 9000 # Removed from direct env for explicit passing to Ansible
 
     steps:
-      - name: Install nodejs
-        run: nix-env -iA nixpkgs.nodejs
+      # Use nix-env for setup (as you prefer and it works well for ephemeral environments)
+      - name: Install dependencies via nix-env
+        run: |
+          nix-env -iA nixpkgs.nodejs
+          nix-env -iA nixpkgs.ansible
+          nix-env -iA nixpkgs.jq
+          nix-env -iA nixpkgs.openssh
 
       - name: Checkout repo
         uses: actions/checkout@v4
@@ -30,20 +44,26 @@ jobs:
           mkdir -p ~/.config/nix
           echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
 
-      - name: Prepare SSH
+      - name: Prepare SSH keys and known_hosts for builder and Proxmox
         run: |
           mkdir -p ~/.ssh
+          # Ensure this key corresponds to PROXMOX_USER
           echo "${{ secrets.RUNNER_SSH_KEY }}" > ~/.ssh/id_rsa
           chmod 600 ~/.ssh/id_rsa
-          ssh-keyscan -H $NIXOS_BUILER_HOST >> ~/.ssh/known_hosts
-          ssh-keyscan -H $PROXMOX_HOST >> ~/.ssh/known_hosts
+          # Add builder and Proxmox host keys to known_hosts
+          ssh-keyscan -H "$NIXOS_BUILER_HOST" >> ~/.ssh/known_hosts
+          ssh-keyscan -H "$PROXMOX_HOST" >> ~/.ssh/known_hosts
+          chmod 600 ~/.ssh/known_hosts
 
-      - name: Test SSH connection
+      - name: Test SSH connection to NixOS Builder
         run: |
           echo "Testing SSH connection to $NIXOS_BUILER_HOST..."
-          ssh -o StrictHostKeyChecking=yes $NIXOS_BUILER_USER@$NIXOS_BUILER_HOST "echo 'SSH success. Hostname:' && hostname"
+          ssh -o StrictHostKeyChecking=yes "$NIXOS_BUILER_USER"@"$NIXOS_BUILER_HOST" "echo 'SSH success. Hostname:' && hostname"
+
+      - name: Test SSH connection to Proxmox Host
+        run: |
           echo "Testing SSH connection to $PROXMOX_HOST..."
-          ssh -o StrictHostKeyChecking=yes $PROXMOX_USER@$PROXMOX_HOST "echo 'SSH success. Hostname:' && hostname"
+          ssh -o StrictHostKeyChecking=yes "$PROXMOX_USER"@"$PROXMOX_HOST" "echo 'SSH success. Hostname:' && hostname"
 
       - name: Setup Cachix
         run: |
@@ -51,8 +71,8 @@ jobs:
           cachix use plasmagoat
           cachix authtoken ${{ secrets.CACHIX_AUTH_TOKEN }}
 
-      - name: Build NixOS image
-        id: build
+      - name: Build NixOS image (creates result/ symlink)
+        id: build_image # Changed ID for clarity
         run: |
           nix build .#base \
           --builders "ssh://$NIXOS_BUILER_USER@$NIXOS_BUILER_HOST x86_64-linux ~/.ssh/id_rsa 1 1 kvm" \
@@ -60,45 +80,40 @@ jobs:
           --print-out-paths \
            | cachix push plasmagoat
 
-          echo "image=$(ls result/*.vma.zst | head -n 1)" >> $GITHUB_OUTPUT
+          # Capture the actual image path from the result symlink for Ansible
+          IMAGE_PATH=$(find ./result -name "*.vma.zst" | head -n 1)
+          if [ -z "$IMAGE_PATH" ]; then
+            echo "Error: No .vma.zst image found after build."
+            exit 1
+          fi
+          echo "image_path_from_build=${IMAGE_PATH}" >> "$GITHUB_OUTPUT"
 
       - name: Set VERSION from tag or fallback
-        id: version
+        id: version # Keep original ID
         run: |
-          if [ -n "${CI_COMMIT_TAG}" ]; then
-            echo "tag=${CI_COMMIT_TAG}" >> $GITHUB_OUTPUT
+          if [ -n "${CI_COMMIT_TAG}" ]; then # Use CI_COMMIT_TAG for Forgejo
+            echo "tag=${CI_COMMIT_TAG}" >> "$GITHUB_OUTPUT"
           else
-            echo "tag=dev-$(date +%s)" >> $GITHUB_OUTPUT
+            echo "tag=dev-$(date +%s)" >> "$GITHUB_OUTPUT"
           fi
 
-      - name: Setup Ancible
+      - name: Run Proxmox Image Deployment
         run: |
-          nix-env -iA nixpkgs.ansible
+          chmod +x ./scripts/run_ansible_ci.sh
+          # Execute the script, passing necessary environment variables
+          ./scripts/run_ansible_ci.sh
+        env:
+          # These are passed directly to the `run_ansible_ci.sh` script,
+          # which then uses them to construct Ansible's --extra-vars.
+          # Match these variable names with what `run_ansible_ci.sh` expects.
+          # Note: The `image_path_from_build` comes from the previous step's output.
+          PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD: ${{ steps.build_image.outputs.image_path_from_build }}
 
-      - name: Run Upload Template Runbook
-        run: |
-          ./sripts/run_ancible_ci.sh
-
-  release:
-    name: Release Image
-    needs: build
-    runs-on: ubuntu-latest
-    if: success()
-
-    steps:
-      - name: Download Artifact
-        id: artifact
-        uses: actions/download-artifact@v3
-        with:
-          name: nixos-base-image
-
-      - name: Create Forgejo Release
-        uses: https://code.forgejo.org/sheik/forgejo-release@v2.6.0
-        with:
-          title: "NixOS Base Image ${{ steps.version.outputs.tag }}"
-          prerelease: ${{ github.ref_type == 'tag' }}
-          tag: ${{ steps.version.outputs.tag }}
-          direction: upload
-          release-notes: |
-            This release contains the NixOS base image for Proxmox labeled `${{ steps.version.outputs.tag }}`.
-          release-dir: "${{ steps.artifact.outputs.download-path }}/nix-support"
+          # Provide VMIDs and names, overriding group_vars if desired.
+          # These will be passed as `--extra-vars` to Ansible.
+          ANSIBLE_EXTRA_VARS: >-
+            backup_template_vmid={{ env.TEMPLATE_VMID | default('9001') }}
+            latest_template_vmid={{ env.LATEST_TEMPLATE_VMID | default('9000') }}
+            proxmox_host={{ env.PROXMOX_HOST }}
+            proxmox_user={{ env.PROXMOX_USER }}
+            remote_image_path_ci={{ steps.build_image.outputs.image_path_from_build }}
diff --git a/ansible/inventory.ini b/ansible/inventory.ini
deleted file mode 100644
index 10005ea..0000000
--- a/ansible/inventory.ini
+++ /dev/null
@@ -1,2 +0,0 @@
-[proxmox]
-proxmox-01 ansible_host=192.168.1.205 ansible_user=plasmagoat
diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml
index 926988f..96c4da2 100644
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@@ -5,3 +5,4 @@ all:
       hosts:
         proxmox-01:
           ansible_host: 192.168.1.205 # Replace with your Proxmox host IP/hostname
+          ansible_user: plasmagoat
diff --git a/scripts/run_ancible_ci.sh b/scripts/run_ancible_ci.sh
index 6443b2f..5003fa4 100644
--- a/scripts/run_ancible_ci.sh
+++ b/scripts/run_ancible_ci.sh
@@ -1,6 +1,63 @@
 #!/bin/bash
 set -euo pipefail
 
+echo "Starting Ansible CI/CD run..."
+
+# --- 1. Validate required environment variables ---
+if [[ -z "${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}" ]]; then
+  echo "Error: PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD environment variable not set. Cannot find built image."
+  exit 1
+fi
+
+# --- 2. Navigate to the Ansible directory ---
+SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
+ANSIBLE_DIR="${SCRIPT_DIR}/../ansible"
+
+if [[ ! -d "${ANSIBLE_DIR}" ]]; then
+  echo "Error: Ansible directory not found at ${ANSIBLE_DIR}"
+  exit 1
+fi
+
+cd "${ANSIBLE_DIR}"
+echo "Changed directory to: $(pwd)"
+
+# --- 3. Define Ansible Extra Variables ---
+# Base extra variables from our static definitions
+EXTRA_VARS=(
+  # "local_image_path_ci=${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}" # Path to the image file on the CI runner
+  # "image_filename=$(basename "${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}")" # Extract filename
+)
+
+# Append any other variables passed via ANSIBLE_EXTRA_VARS from the workflow
+if [[ -n "${ANSIBLE_EXTRA_VARS:-}" ]]; then
+  # Split by space or newline and add to array
+  IFS=$'\n' read -r -d '' -a ADDITIONAL_VARS <<< "${ANSIBLE_EXTRA_VARS}" || true
+  for var in "${ADDITIONAL_VARS[@]}"; do
+    EXTRA_VARS+=("${var}")
+  done
+fi
+
+# --- 4. Execute the Ansible Playbook ---
+echo "Executing Ansible playbook: upload-template.yml"
+
+# Construct the full --extra-vars string
+EXTRA_VARS_ARGS=""
+for var in "${EXTRA_VARS[@]}"; do
+  EXTRA_VARS_ARGS+=" -e ${var}"
+done
+
+ansible-playbook upload-template.yml \
+  --inventory inventory/hosts.yml \
+  ${EXTRA_VARS_ARGS} \
+  --diff \
+  --check false # Set to true for a dry run, false for actual execution
+
+echo "Ansible playbook execution finished."
+
+
+#!/bin/bash
+set -euo pipefail
+
 # Navigate to the ansible directory
 cd ansible