diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index e3d3da6..18a1828 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -1,35 +1,30 @@
 name: PVE2 Infrastructure Deploy
-on:
-  push:
-    branches:
-      - main  # Only deploy when we push to main
+on: [push]
 
 jobs:
   terraform:
-    runs-on: pve2  # This targets the runner we just installed
+    runs-on: pve2
     steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-
+      - name: Native Git Checkout
+        run: |
+          # Clean the workspace so we don't have old files hanging around
+          rm -rf ./*
+          # Clone using the temporary token Gitea provides for this job
+          git clone http://${{ gitea.token }}@172.16.201.201:3002/${{ gitea.repository }} .
+        
       - name: Terraform Init
         run: |
           cd terraform
           terraform init
 
-      - name: Terraform Plan
-        run: |
-          cd terraform
-          terraform plan
-        env:
-          PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }}
-          PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }}
-          PM_API_URL: "https://localhost:8006/api2/json"
-
-      - name: Terraform Apply
+      - name: Terraform Plan & Apply
         run: |
           cd terraform
           terraform apply -auto-approve
         env:
           PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }}
           PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }}
-          PM_API_URL: "https://localhost:8006/api2/json"
\ No newline at end of file
+          # Since the runner is ON the host, we can use localhost
+          PM_API_URL: "https://localhost:8006/api2/json"
+          # This prevents Terraform from failing if your PVE SSL cert is self-signed
+          PM_TLS_INSECURE: "true"
\ No newline at end of file