diff --git a/roles/common/tasks/apt-minimal.yaml b/roles/common/tasks/apt-minimal.yaml
new file mode 100644
index 0000000..bc74ff6
--- /dev/null
+++ b/roles/common/tasks/apt-minimal.yaml
@@ -0,0 +1,8 @@
+---
+- name: Configure auto-upgrades
+  template:
+    src: apt-minimal
+    dest: /etc/apt/apt.conf.d/20minimal
+    owner: root
+    group: root
+    mode: 0644
diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml
new file mode 100644
index 0000000..241c60a
--- /dev/null
+++ b/roles/common/tasks/debian-upgrade.yaml
@@ -0,0 +1,28 @@
+---
+- name: Install source list
+  template:
+    src: stable-sources.list
+    dest: /etc/apt/sources.list
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Remove backports
+  file:
+    path: /etc/apt/sources.list.d/backports.list
+    state: absent
+
+- name: update
+  apt:
+    update_cache: yes
+
+- name: full-upgrade
+  apt:
+    upgrade: full
+
+- name: Reboot
+  reboot:
+
+- name: autoremove
+  apt:
+    autoremove: yes
diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml
index 531894c..c504d3d 100644
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@@ -1,4 +1,8 @@
 ---
+- tags: [ debian-upgrade, never ]
+  import_tasks: debian-upgrade.yaml
+  when: ansible_facts['distribution_release'] != "bookworm"
+
 - tags: debian_backports
   import_tasks: debian-backports.yaml
 
diff --git a/roles/common/templates/apt-minimal b/roles/common/templates/apt-minimal
new file mode 100644
index 0000000..452a6e6
--- /dev/null
+++ b/roles/common/templates/apt-minimal
@@ -0,0 +1,4 @@
+# Managed by Ansible
+
+APT::Install-Recommends "0";
+APT::Install-Suggests "0";
diff --git a/roles/common/templates/stable-sources.list b/roles/common/templates/stable-sources.list
new file mode 100644
index 0000000..95c2f9a
--- /dev/null
+++ b/roles/common/templates/stable-sources.list
@@ -0,0 +1,8 @@
+deb http://deb.debian.org/debian bookworm main non-free-firmware
+deb-src http://deb.debian.org/debian bookworm main non-free-firmware
+
+deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
+deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
+
+deb http://deb.debian.org/debian bookworm-updates main non-free-firmware
+deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware