diff --git a/worker_node_install.sh b/worker_node_install.sh
index 465012c..516e755 100644
--- a/worker_node_install.sh
+++ b/worker_node_install.sh
@@ -2,7 +2,7 @@
 set -Eeuo pipefail
 
 ########################################
-# Arch Linux RKE2 Worker Node
+# Arch Linux RKE2 Worker Node Prep
 #
 # What this script does:
 # - Disables swap
@@ -11,27 +11,15 @@ set -Eeuo pipefail
 # - Configures NetworkManager to ignore CNI interfaces
 # - Disables host nftables service to avoid breaking RKE2 service routing
 # - Installs RKE2 agent pinned to the same version as the master
-# - Optionally joins the worker to the cluster automatically
+# - Prepares the node for a later manual join
 #
 # Optional environment variables:
 #   RKE2_VERSION=v1.34.5+rke2r1
-#   SERVER_URL=https://10.28.24.17:9345
-#   RKE2_TOKEN=your-node-token
 #   WORKER_NODE_NAME=arch-kubernetes-worker1
-#   START_RKE2=true
-#
-# Notes:
-# - If SERVER_URL and RKE2_TOKEN are both set, the script will configure
-#   and start the worker automatically.
-# - If they are not set, the script will install everything and stop after
-#   preparing the node.
 ########################################
 
 RKE2_VERSION="${RKE2_VERSION:-v1.34.5+rke2r1}"
-SERVER_URL="${SERVER_URL:-}"
-RKE2_TOKEN="${RKE2_TOKEN:-}"                        # Get token from master sudo cat /var/lib/rancher/rke2/server/node-token
-WORKER_NODE_NAME="${WORKER_NODE_NAME:-}"            # Name the worker
-START_RKE2="${START_RKE2:-true}"
+WORKER_NODE_NAME="${WORKER_NODE_NAME:-}"
 
 RKE2_CONFIG_DIR="/etc/rancher/rke2"
 RKE2_CONFIG_FILE="${RKE2_CONFIG_DIR}/config.yaml"
@@ -178,70 +166,28 @@ export PATH=$PATH:/var/lib/rancher/rke2/bin:/usr/local/bin
 EOF
 }
 
-write_config_if_possible() {
-  log "Writing RKE2 agent config"
+write_config_template() {
+  log "Writing worker config template"
 
   {
-    if [[ -n "${SERVER_URL}" ]]; then
-      echo "server: ${SERVER_URL}"
-    fi
-
-    if [[ -n "${RKE2_TOKEN}" ]]; then
-      echo "token: ${RKE2_TOKEN}"
-    fi
-
+    echo "# Fill these in before starting rke2-agent:"
+    echo "# server: https://YOUR_MASTER_IP:9345"
+    echo "# token: YOUR_NODE_TOKEN"
     if [[ -n "${WORKER_NODE_NAME}" ]]; then
       echo "node-name: ${WORKER_NODE_NAME}"
+    else
+      echo "# node-name: optional-custom-node-name"
     fi
   } > "${RKE2_CONFIG_FILE}"
 
   chmod 600 "${RKE2_CONFIG_FILE}"
 }
 
-start_agent_if_possible() {
+disable_agent_until_manual_join() {
+  log "Leaving rke2-agent disabled until manual join"
+
   systemctl daemon-reload
-  systemctl enable rke2-agent.service
-
-  if [[ "${START_RKE2}" != "true" ]]; then
-    warn "START_RKE2=false, leaving rke2-agent disabled from startup execution"
-    return
-  fi
-
-  if [[ -z "${SERVER_URL}" || -z "${RKE2_TOKEN}" ]]; then
-    warn "SERVER_URL and/or RKE2_TOKEN not set. Worker is prepared but not joined."
-    return
-  fi
-
-  log "Starting RKE2 agent"
-  systemctl restart rke2-agent.service
-}
-
-wait_for_agent() {
-  if [[ "${START_RKE2}" != "true" ]]; then
-    return
-  fi
-
-  if [[ -z "${SERVER_URL}" || -z "${RKE2_TOKEN}" ]]; then
-    return
-  fi
-
-  log "Waiting for rke2-agent service"
-
-  local waited=0
-  until systemctl is-active --quiet rke2-agent.service; do
-    sleep 5
-    waited=$((waited + 5))
-
-    if (( waited % 30 == 0 )); then
-      warn "rke2-agent not active yet; recent logs:"
-      journalctl -u rke2-agent -n 40 --no-pager || true
-    fi
-
-    if (( waited >= 600 )); then
-      journalctl -u rke2-agent -n 200 --no-pager || true
-      die "Timed out waiting for rke2-agent to become active"
-    fi
-  done
+  systemctl disable --now rke2-agent.service >/dev/null 2>&1 || true
 }
 
 print_summary() {
@@ -249,31 +195,24 @@ print_summary() {
 
   echo "RKE2 version: ${RKE2_VERSION}"
   echo "Config file:   ${RKE2_CONFIG_FILE}"
-  echo "Server URL:    ${SERVER_URL:-<not set>}"
   echo "Node name:     ${WORKER_NODE_NAME:-<default hostname>}"
   echo
-
-  if [[ -n "${SERVER_URL}" && -n "${RKE2_TOKEN}" && "${START_RKE2}" == "true" ]]; then
-    echo "Worker attempted automatic join."
-    echo "Check from the master with:"
-    echo "  /var/lib/rancher/rke2/bin/kubectl get nodes -o wide"
-    echo
-    echo "Local diagnostics:"
-    echo "  sudo systemctl status rke2-agent --no-pager"
-    echo "  sudo journalctl -u rke2-agent -n 200 --no-pager"
-  else
-    echo "Worker is installed and ready, but not joined yet."
-    echo
-    echo "To join later, set these in ${RKE2_CONFIG_FILE}:"
-    echo "  server: https://YOUR_MASTER_IP:9345"
-    echo "  token: YOUR_NODE_TOKEN"
-    if [[ -n "${WORKER_NODE_NAME}" ]]; then
-      echo "  node-name: ${WORKER_NODE_NAME}"
-    fi
-    echo
-    echo "Then run:"
-    echo "  sudo systemctl enable --now rke2-agent"
+  echo "This node has NOT joined the cluster yet."
+  echo
+  echo "Next steps:"
+  echo "1. Edit ${RKE2_CONFIG_FILE}"
+  echo "2. Set:"
+  echo "     server: https://YOUR_MASTER_IP:9345"
+  echo "     token: YOUR_NODE_TOKEN"
+  if [[ -n "${WORKER_NODE_NAME}" ]]; then
+    echo "     node-name: ${WORKER_NODE_NAME}"
   fi
+  echo "3. Start the agent:"
+  echo "     sudo systemctl enable --now rke2-agent"
+  echo
+  echo "Check status:"
+  echo "  sudo systemctl status rke2-agent --no-pager"
+  echo "  sudo journalctl -u rke2-agent -n 200 --no-pager"
 }
 
 main() {
@@ -284,9 +223,8 @@ main() {
   configure_networkmanager
   enable_support_services
   install_rke2_agent
-  write_config_if_possible
-  start_agent_if_possible
-  wait_for_agent
+  write_config_template
+  disable_agent_until_manual_join
   print_summary
 }