diff --git a/.gitignore b/.gitignore
index 3b825223..ad37ef1a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,5 +4,7 @@ metal/secrets/
 
 *.log
 .terraform*
+terraform.tfvars
 kube_config.yaml
+private.pem
 terraform.tfstate*
diff --git a/infra/platform/terraform.tf b/infra/platform/terraform.tf
index 7192328c..f1b2dbee 100644
--- a/infra/platform/terraform.tf
+++ b/infra/platform/terraform.tf
@@ -21,6 +21,14 @@ terraform {
 provider "lxd" {
   generate_client_certificates = true
   accept_remote_certificate    = true
+
+  lxd_remote {
+    name     = "homelab"
+    scheme   = "https"
+    address  = var.lxd_address
+    password = var.lxd_password
+    default  = true
+  }
 }
 
 provider "rke" {
diff --git a/infra/platform/variables.tf b/infra/platform/variables.tf
index e69de29b..e57af3ae 100644
--- a/infra/platform/variables.tf
+++ b/infra/platform/variables.tf
@@ -0,0 +1,7 @@
+variable "lxd_address" {
+  description = "LXD cluster address, should be generated automatically from metal"
+}
+
+variable "lxd_password" {
+  description = "Password to connect to LXD cluster, should be generated automatically from metal"
+}
diff --git a/metal/roles/lxd/tasks/main.yml b/metal/roles/lxd/tasks/main.yml
index 385ee7ad..976fade7 100644
--- a/metal/roles/lxd/tasks/main.yml
+++ b/metal/roles/lxd/tasks/main.yml
@@ -35,18 +35,19 @@
     creates: /var/snap/lxd/common/lxd/server.crt
   when: inventory_hostname != groups['metal'][0]
 
+# TODO optimize: use template for tfvars
 - name: Add LXD server to environment variables
   lineinfile:
-    path: "{{ playbook_dir }}/secrets/env"
-    line: "LXD_ADDR={{ hostvars[groups['metal'][0]]['ansible_host'] }}"
+    path: "{{ playbook_dir }}/../infra/platform/terraform.tfvars"
+    line: "lxd_address = \"{{ hostvars[groups['metal'][0]]['ansible_host'] }}\""
     create: yes
   delegate_to: localhost
   run_once: yes
 
 - name: Add LXD password to environment variables
   lineinfile:
-    path: "{{ playbook_dir }}/secrets/env"
-    line: "LXD_PASSWORD={{ lxd_password }}"
+    path: "{{ playbook_dir }}/../infra/platform/terraform.tfvars"
+    line: "lxd_password = \"{{ lxd_password }}\""
     create: yes
   delegate_to: localhost
   run_once: yes