diff --git a/playbooks/roles/debian/files/50unattended-upgrades b/playbooks/roles/debian/files/50unattended-upgrades
new file mode 100644
index 0000000..d7075ac
--- /dev/null
+++ b/playbooks/roles/debian/files/50unattended-upgrades
@@ -0,0 +1,14 @@
+// Automaticaly reboot after upgrade
+Unattended-Upgrade::Auto-Reboot "true";
+
+// Reboot even with logged in users
+Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
+
+// Remove dependencies that become useless after upgrade
+Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
+
+// Remove unused dependencies after upgrade
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+
+// Enable logging to syslog
+Unattended-Upgrade::SyslogEnable "true";
diff --git a/playbooks/roles/debian/files/fastfetch-linux-amd64.deb b/playbooks/roles/debian/files/fastfetch-linux-amd64.deb
new file mode 100644
index 0000000..3d6ad40
Binary files /dev/null and b/playbooks/roles/debian/files/fastfetch-linux-amd64.deb differ
diff --git a/playbooks/roles/debian/files/fastfetch-motd.sh b/playbooks/roles/debian/files/fastfetch-motd.sh
new file mode 100644
index 0000000..e498cf9
--- /dev/null
+++ b/playbooks/roles/debian/files/fastfetch-motd.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+# Managed by Ansible – run fastfetch on SSH login
+if [ -n "${SSH_CLIENT}${SSH_CONNECTION}" ]; then
+  fastfetch -c /etc/fastfetch/27.jsonc
+fi
diff --git a/playbooks/roles/debian/tasks/main.yml b/playbooks/roles/debian/tasks/main.yml
new file mode 100644
index 0000000..95a5218
--- /dev/null
+++ b/playbooks/roles/debian/tasks/main.yml
@@ -0,0 +1,78 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks to setup debian hosts
+
+- name: Update package cache (Debian/Ubuntu)
+  apt:
+    update_cache: yes
+  when: ansible_facts['os_family'] == "Debian"
+
+- name: Upgrade all packages (Debian/Ubuntu)
+  apt:
+    upgrade: dist
+  register: debian_update
+  when: ansible_facts['os_family'] == "Debian"
+
+# Setup unattended-upgrade
+- name: install packages (Debian)
+  apt:
+    name: [ unattended-upgrades, apt-listchanges, cron ]
+    update_cache: yes
+    state: present
+  when: ansible_facts['os_family'] == 'Debian'
+  tags:
+    - packages
+
+- name: template unattended-upgrades config (Debian)
+  template:
+    src: 50unattended-upgrades
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_facts['os_family'] == 'Debian'
+  tags:
+    - unattended
+
+- name: restart unattended-upgrades service (Debian)
+  service:
+    name: unattended-upgrades
+    state: restarted
+  when: ansible_facts['os_family'] == 'Debian'
+  tags:
+    - unattended
+
+- name: Setup Cronjob for unattended-upgrade
+  ansible.builtin.cron:
+    name: "Auto-Update"
+    minute: "30"
+    hour: "2"
+    job: "/usr/bin/unattended-upgrade"
+  when: ansible_facts['os_family'] == 'Debian'
+
+# Setup fastfetch prompt
+- name: Create fastfetch directory
+  ansible.builtin.file:
+    path: /etc/fastfetch
+    state: directory
+    owner: root
+    group: root
+    mode: '0744'
+
+- name: Copy fastfetch config
+  ansible.builtin.copy:
+    src: 27.jsonc
+    dest: /etc/fastfetch/27.jsonc
+    owner: root
+    group: root
+    mode: '0744'
+
+- name: Copy fastfetch script
+  ansible.builtin.copy:
+    src: fastfetch-motd.sh
+    dest: /etc/profile.d/fastfetch-motd
+    owner: root
+    group: root
+    mode: '0644'
+
+