diff --git a/infra/terraform.tf b/infra/terraform.tf
index 2291388c..ed104b71 100644
--- a/infra/terraform.tf
+++ b/infra/terraform.tf
@@ -1,7 +1,7 @@
 terraform {
   # TODO Generate endpoint automatically (terragrunt for variable)
   backend "etcdv3" {
-    endpoints = ["192.168.1.29:2379"]
+    endpoints = ["192.168.1.35:2379"]
     lock      = true
   }
 
diff --git a/metal/roles/tfstate/tasks/main.yml b/metal/roles/tfstate/tasks/main.yml
index 51316b1d..d6cbd6a6 100644
--- a/metal/roles/tfstate/tasks/main.yml
+++ b/metal/roles/tfstate/tasks/main.yml
@@ -26,3 +26,18 @@
   delegate_to: tfstate
   apt:
     name: etcd
+
+- name: Add etcd config
+  delegate_to: tfstate
+  template:
+    src: etcd.j2
+    dest: /etc/default/etcd
+
+- name: Restart etcd
+  delegate_to: tfstate
+  systemd:
+    name: etcd
+    state: restarted
+    enabled: yes
+
+# TODO enable etcd authentication and generate terraform backend config variables
diff --git a/metal/roles/tfstate/templates/etcd.j2 b/metal/roles/tfstate/templates/etcd.j2
new file mode 100644
index 00000000..40b6b539
--- /dev/null
+++ b/metal/roles/tfstate/templates/etcd.j2
@@ -0,0 +1,44 @@
+# ETCD_NAME="default"
+# ETCD_DATA_DIR="/var/lib/etcd/default"
+# ETCD_WAL_DIR
+# ETCD_SNAPSHOT_COUNT="100000"
+# ETCD_HEARTBEAT_INTERVAL="100"
+# ETCD_ELECTION_TIMEOUT="1000"
+# ETCD_LISTEN_PEER_URLS="http://localhost:2380"
+ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
+# ETCD_MAX_SNAPSHOTS="5"
+# ETCD_MAX_WALS="5"
+# ETCD_CORS
+# ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
+# ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
+# ETCD_INITIAL_CLUSTER_STATE="new"
+# ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
+ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"
+# ETCD_DISCOVERY
+# ETCD_DISCOVERY_SRV
+# ETCD_DISCOVERY_FALLBACK="proxy"
+# ETCD_DISCOVERY_PROXY
+# ETCD_STRICT_RECONFIG_CHECK
+# ETCD_AUTO_COMPACTION_RETENTION="0"
+# ETCD_ENABLE_V2="true"
+# ETCD_PROXY="off"
+# ETCD_PROXY_FAILURE_WAIT="5000"
+# ETCD_PROXY_REFRESH_INTERVAL="30000"
+# ETCD_PROXY_DIAL_TIMEOUT="1000"
+# ETCD_PROXY_WRITE_TIMEOUT="5000"
+# ETCD_PROXY_READ_TIMEOUT="0"
+# ETCD_CA_FILE
+# ETCD_CERT_FILE
+# ETCD_KEY_FILE
+# ETCD_CLIENT_CERT_AUTH
+# ETCD_TRUSTED_CA_FILE
+# ETCD_AUTO_TLS
+# ETCD_PEER_CA_FILE
+# ETCD_PEER_CERT_FILE
+# ETCD_PEER_KEY_FILE
+# ETCD_PEER_CLIENT_CERT_AUTH
+# ETCD_PEER_TRUSTED_CA_FILE
+# ETCD_PEER_AUTO_TLS
+# ETCD_DEBUG
+# ETCD_LOG_PACKAGE_LEVELS
+# ETCD_FORCE_NEW_CLUSTER