diff --git a/bank.yaml b/bank.yaml
index dd84606..43c92b7 100644
--- a/bank.yaml
+++ b/bank.yaml
@@ -3,7 +3,6 @@
 - hosts: bank
   roles:
     - common
-    - common-bitlair
     - bank
   vars:
     bank_revbank_git: https://github.com/bitlair/revbank.git
diff --git a/bar.yaml b/bar.yaml
index 32e4465..5752cc3 100644
--- a/bar.yaml
+++ b/bar.yaml
@@ -5,5 +5,5 @@
     raspi_rotate_display: "2"
   roles:
     - raspi
-    - common-bitlair
+    - common
     - bank-terminal
diff --git a/common.yaml b/common.yaml
index fc949b9..3fe0c41 100644
--- a/common.yaml
+++ b/common.yaml
@@ -3,4 +3,3 @@
 - hosts: debian
   roles:
     - common
-    - common-bitlair
diff --git a/fotos.yaml b/fotos.yaml
index 99f871c..f0edd7b 100644
--- a/fotos.yaml
+++ b/fotos.yaml
@@ -3,5 +3,4 @@
 - hosts: fotos
   roles:
     - common
-    - common-bitlair
     - photos
diff --git a/git-ci.yaml b/git-ci.yaml
index 07982f4..fa9f7b7 100644
--- a/git-ci.yaml
+++ b/git-ci.yaml
@@ -3,5 +3,4 @@
 - hosts: git-ci
   roles:
     - common
-    - common-bitlair
     - git-ci
diff --git a/git.yaml b/git.yaml
index 2a5ae7e..2161a4c 100644
--- a/git.yaml
+++ b/git.yaml
@@ -3,6 +3,5 @@
 - hosts: git
   roles:
     - common
-    - common-bitlair
     - acme
     - git-server
diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index c7e8965..9d1acdc 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -1,3 +1,5 @@
+---
+
 is_vm: true
 
 ansible_user: root
@@ -31,3 +33,7 @@ root_access:
 
 mqtt_internal_host: mqtt.bitlair.nl
 mqtt_public_host: bitlair.nl
+
+debian_repourl: "http://deb.debian.org/debian/"
+debian_securityurl: "http://security.debian.org/debian-security"
+
diff --git a/inventory b/inventory
index 692594a..7e430e1 100644
--- a/inventory
+++ b/inventory
@@ -6,15 +6,49 @@ bank-pi.bitlair.nl
 [kvm]
 kvm4.bitlair.nl
 
-[debian]
+[bank]
 bank.bitlair.nl
+
+[fotos]
 blockchain.bitlair.nl
+
+[git]
 git.bitlair.nl
+
+[git-ci]
 git-ci.bitlair.nl
+
+[pad]
 pad.bitlair.nl
+
+[lights]
 lights.bitlair.nl
+
+[mqtt]
 mqtt.bitlair.nl
+
+[monitoring]
 dashboard.bitlair.nl
+
+[music]
 music.bitlair.nl
+
+[services]
 service.bitlair.nl
+
+[wiki]
 wiki.bitlair.nl
+
+[debian:children]
+bank
+fotos
+git
+git-ci
+pad
+lights
+mqtt
+monitoring
+music
+services
+wiki
+
diff --git a/monitoring.yaml b/monitoring.yaml
index e8c3e78..9ad8623 100644
--- a/monitoring.yaml
+++ b/monitoring.yaml
@@ -3,6 +3,5 @@
 - hosts: monitoring
   roles:
     - common
-    - common-bitlair
     - acme
     - monitoring
diff --git a/mqtt-internal.yaml b/mqtt-internal.yaml
index 84297ef..1e941f8 100644
--- a/mqtt-internal.yaml
+++ b/mqtt-internal.yaml
@@ -3,5 +3,4 @@
 - hosts: mqtt_internal
   roles:
     - common
-    - common-bitlair
     - mqtt-internal
diff --git a/music.yaml b/music.yaml
index 1c2431d..d12226c 100644
--- a/music.yaml
+++ b/music.yaml
@@ -3,7 +3,6 @@
 - hosts: music
   roles:
     - common
-    - common-bitlair
     - acme
     - go
     - music
diff --git a/pad.yaml b/pad.yaml
index d9f6f3e..90d227e 100644
--- a/pad.yaml
+++ b/pad.yaml
@@ -6,6 +6,5 @@
       - [ pad.bitlair.nl ]
   roles:
     - common
-    - common-bitlair
     - acme
     - etherpad
diff --git a/roles/common/tasks/apt-minimal.yaml b/roles/common/tasks/apt-minimal.yaml
index c8e01d8..5fbbaa0 100644
--- a/roles/common/tasks/apt-minimal.yaml
+++ b/roles/common/tasks/apt-minimal.yaml
@@ -1,4 +1,5 @@
 ---
+
 - name: Configure auto-upgrades
   ansible.builtin.template:
     src: apt-minimal
diff --git a/roles/common-bitlair/tasks/main.yaml b/roles/common/tasks/common-bitlair.yaml
similarity index 100%
rename from roles/common-bitlair/tasks/main.yaml
rename to roles/common/tasks/common-bitlair.yaml
diff --git a/roles/common/tasks/debian-backports.yaml b/roles/common/tasks/debian-backports.yaml
deleted file mode 100644
index 87f178d..0000000
--- a/roles/common/tasks/debian-backports.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: Install backports source list
-  ansible.builtin.template:
-    src: backports-source.list
-    dest: /etc/apt/sources.list.d/backports.list
-    owner: root
-    group: root
-    mode: 0644
-  notify: apt update
-
-- ansible.builtin.meta: flush_handlers
diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml
index abc0ae9..3ff5041 100644
--- a/roles/common/tasks/debian-upgrade.yaml
+++ b/roles/common/tasks/debian-upgrade.yaml
@@ -1,4 +1,5 @@
 ---
+
 - name: Install source list
   ansible.builtin.template:
     src: stable-sources.list
diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml
index 2fcb2b4..6f07f31 100644
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@@ -6,15 +6,25 @@
   when: ansible_facts['distribution_release'] != "bookworm"
   tags: [ debian-upgrade, never ]
 
-- name: Import debian-backports.yaml
-  ansible.builtin.import_tasks:
-    file: debian-backports.yaml
+- name: Apt config and sources.list
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode | default('0644') }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+  with_items:
+    - { src: "apt.conf.j2", dest: "/etc/apt/apt.conf" }
+    - { src: "sources.list.j2", dest: "/etc/apt/sources.list" }
+  when:
+    - ansible_os_family == "Debian"
+  tags:
+    - sourceslist
 
-  tags: debian_backports
-
-- tags: unattended_updates
+- name: Import unattended-updates
   ansible.builtin.import_tasks:
     file: unattended-updates.yaml
+  tags: unattended_updates
 
 - tags: apt-minimal
   ansible.builtin.import_tasks:
diff --git a/roles/common/tasks/node-exporter.yaml b/roles/common/tasks/node-exporter.yaml
index c496429..675e33c 100644
--- a/roles/common/tasks/node-exporter.yaml
+++ b/roles/common/tasks/node-exporter.yaml
@@ -1,4 +1,5 @@
 ---
+
 - name: Install node-exporter
   ansible.builtin.apt:
     name: prometheus-node-exporter
diff --git a/roles/common/templates/apt.conf.j2 b/roles/common/templates/apt.conf.j2
new file mode 100644
index 0000000..714bac0
--- /dev/null
+++ b/roles/common/templates/apt.conf.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+{% if proxy_host is defined and proxy_host != "" %}
+Acquire::http::Proxy "http://{{ proxy_host }}:{{ proxy_port }}/";
+{% endif %}
+
+# Don't download translation-files
+Acquire::Languages "none";
diff --git a/roles/common-bitlair/templates/authorized_keys.j2 b/roles/common/templates/authorized_keys.j2
similarity index 100%
rename from roles/common-bitlair/templates/authorized_keys.j2
rename to roles/common/templates/authorized_keys.j2
diff --git a/roles/common/templates/backports-source.list b/roles/common/templates/backports-source.list
deleted file mode 100644
index dd30928..0000000
--- a/roles/common/templates/backports-source.list
+++ /dev/null
@@ -1,4 +0,0 @@
-# Managed by Ansible
-
-deb http://ftp.nl.debian.org/debian/ {{ ansible_facts.distribution_release }}-backports main
-deb-src http://ftp.nl.debian.org/debian/ {{ ansible_facts.distribution_release }}-backports main
diff --git a/roles/common/templates/sources.list.j2 b/roles/common/templates/sources.list.j2
new file mode 100644
index 0000000..9aac632
--- /dev/null
+++ b/roles/common/templates/sources.list.j2
@@ -0,0 +1,24 @@
+# {{ ansible_managed }}
+
+{% if debian_source_repos|default(false) %}
+{% set SRC = "" %}
+{% else %}
+{% set SRC = "# " %}
+{% endif %}
+{% set components = "main contrib non-free-firmware" %}
+
+deb {{ debian_repourl }} {{ ansible_distribution_release }} {{ components }}
+{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }} {{ components }}
+#
+# Updates
+deb {{ debian_repourl }} {{ ansible_distribution_release }}-updates {{ components }}
+{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }}-updates {{ components }}
+#
+# Backports
+deb {{ debian_repourl }} {{ ansible_distribution_release }}-backports {{ components }}
+{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }}-backports {{ components }}
+#
+# Security patches
+deb {{ debian_securityurl }} {{ ansible_distribution_release }}-security {{ components }}
+{{ SRC }}deb-src {{ debian_securityurl }} {{ ansible_distribution_release }}-security main contrib non-  free
+
diff --git a/roles/common/templates/stable-sources.list b/roles/common/templates/stable-sources.list
deleted file mode 100644
index 95c2f9a..0000000
--- a/roles/common/templates/stable-sources.list
+++ /dev/null
@@ -1,8 +0,0 @@
-deb http://deb.debian.org/debian bookworm main non-free-firmware
-deb-src http://deb.debian.org/debian bookworm main non-free-firmware
-
-deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
-deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
-
-deb http://deb.debian.org/debian bookworm-updates main non-free-firmware
-deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware
diff --git a/services.yaml b/services.yaml
index af77daf..2a1bd65 100644
--- a/services.yaml
+++ b/services.yaml
@@ -3,5 +3,4 @@
 - hosts: services
   roles:
     - common
-    - common-bitlair
     - services
diff --git a/www.yaml b/www.yaml
index f912d15..6a66f2d 100644
--- a/www.yaml
+++ b/www.yaml
@@ -3,6 +3,5 @@
 - hosts: wiki
   roles:
     - common
-    - common-bitlair
     - acme
     - www