diff --git a/.github/workflows/plex.yaml b/.github/workflows/plex.yaml
index bcb12d2..9cd4980 100644
--- a/.github/workflows/plex.yaml
+++ b/.github/workflows/plex.yaml
@@ -43,7 +43,6 @@ jobs:
 
   plex-cd:
     needs: plex-ci
-    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
     strategy:
       matrix:
         environment: ["plex-dev"]
diff --git a/.github/workflows/terraform-cd.yaml b/.github/workflows/terraform-cd.yaml
index b4498e3..50a9f02 100644
--- a/.github/workflows/terraform-cd.yaml
+++ b/.github/workflows/terraform-cd.yaml
@@ -8,7 +8,7 @@ on:
         required: true
         type: string
       environment:
-        description: 'Environment name (lab, dev, prod, etc.)'
+        description: 'Environment name (lab, dev, prd, etc.)'
         required: true
         type: string
       runner:
@@ -50,6 +50,7 @@ jobs:
   apply:
     runs-on: ${{ inputs.runner }}
     environment: ${{ inputs.environment }}
+    if: (github.ref == 'refs/heads/main' && github.event_name == 'push') || !contains(inputs.environment, 'prd')
     env:
       TF_WORKSPACE: ${{ inputs.workspace || inputs.environment }}
       NODE_OPTIONS: "--no-network-family-autoselection"
diff --git a/terraform/.gitignore b/terraform/.gitignore
index 12cc2cc..9c42ee9 100644
--- a/terraform/.gitignore
+++ b/terraform/.gitignore
@@ -14,8 +14,8 @@ crash.*.log
 # password, private keys, and other secrets. These should not be part of version
 # control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
-*.tfvars
-*.tfvars.json
+# *.tfvars
+# *.tfvars.json
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
diff --git a/terraform/deployments/plex/env/plex-dev/terraform.tfvars b/terraform/deployments/plex/env/plex-dev/terraform.tfvars
index 9ac44fc..b9fb227 100644
--- a/terraform/deployments/plex/env/plex-dev/terraform.tfvars
+++ b/terraform/deployments/plex/env/plex-dev/terraform.tfvars
@@ -2,6 +2,7 @@ clone_vm_id = 9000
 vm_disk_datastore_id = "hdd_556g_thin"
 vm_cloudinit_datastore_id = "ssd_1641G_thin"
 plex_host = {
+  env            = "dev"
   name_prefix    = "plex-hibiscus"
   description    = "Plex Media Server"
   tags           = ["plex", "dev"]
diff --git a/terraform/deployments/plex/main.tf b/terraform/deployments/plex/main.tf
index dbcd453..9812cdf 100644
--- a/terraform/deployments/plex/main.tf
+++ b/terraform/deployments/plex/main.tf
@@ -9,14 +9,14 @@ resource "proxmox_virtual_environment_file" "plex_cloudinit" {
       hostname       = var.plex_host.name_prefix,
       admin_username = "plex"
     })
-    file_name = "setup-plex.yaml"
+    file_name = "setup-plex-${var.plex_host.env}.yaml"
   }
 }
 
 module "plex_host" {
   source = "git::https://github.com/krakenhavoc/HomeLab.git//terraform/modules/compute/pm-cloudinit-vm?ref=v0.1"
 
-  vm_name                        = var.plex_host.name_prefix
+  vm_name                        = "${var.plex_host.name_prefix}-${var.plex_host.env}"
   vm_node_name                   = var.pve.host
   vm_description                 = var.plex_host.description
   vm_tags                        = var.plex_host.tags
diff --git a/terraform/deployments/plex/setup-plex.yaml.tftpl b/terraform/deployments/plex/setup-plex.yaml.tftpl
index 5c758e7..4117d0b 100644
--- a/terraform/deployments/plex/setup-plex.yaml.tftpl
+++ b/terraform/deployments/plex/setup-plex.yaml.tftpl
@@ -1,10 +1,18 @@
 #cloud-config
 preserve_hostname: false
 hostname: ${hostname}
+
+apt:
+  sources:
+    docker.list:
+      source: deb [arch=amd64] https://download.docker.com/linux/ubuntu $RELEASE stable
+      keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
 package_update: true
 package_upgrade: true
 packages:
   - qemu-guest-agent
+  - docker-ce
+  - docker-ce-cli
 
 power_state:
   mode: reboot
diff --git a/terraform/deployments/plex/variables.tf b/terraform/deployments/plex/variables.tf
index 6dd3710..b23e399 100644
--- a/terraform/deployments/plex/variables.tf
+++ b/terraform/deployments/plex/variables.tf
@@ -28,6 +28,7 @@ variable "vm_cloudinit_datastore_id" {
 variable "plex_host" {
   description = "Configuration for the Plex host VM"
   type = object({
+    env            = optional(string, "dev")
     name_prefix    = optional(string, "plex-hibiscus")
     description    = optional(string, "Plex Media Server")
     tags           = optional(list(string), ["plex"])
@@ -36,7 +37,7 @@ variable "plex_host" {
     memory_mb      = optional(number, 4096)
     os_disk_size   = optional(number, 30)
     disk_interface = optional(string, "virtio0")
-    network_bridge = optional(string, "vmbr201")
+    network_bridge = optional(string, "vmbr0")
   })
   default = {}
 }