diff --git a/roles/common/files/etc/cron-apt/3-download b/roles/common/files/etc/cron-apt/3-download
new file mode 100644
index 0000000..93d2631
--- /dev/null
+++ b/roles/common/files/etc/cron-apt/3-download
@@ -0,0 +1,2 @@
+autoclean -y
+upgrade -y -o APT::Get::Show-Upgraded=true
diff --git a/roles/common/files/etc/cron-apt/config b/roles/common/files/etc/cron-apt/config
new file mode 100644
index 0000000..d477d94
--- /dev/null
+++ b/roles/common/files/etc/cron-apt/config
@@ -0,0 +1,5 @@
+# Configuration for cron-apt. For further information about the possible
+# configuration settings see the README file.
+
+MAILON="never"
+OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/security.sources.list -o Dir::Etc::SourceParts=\"/dev/null\""
diff --git a/roles/common/tasks/cron-apt.yml b/roles/common/tasks/cron-apt.yml
new file mode 100644
index 0000000..e570521
--- /dev/null
+++ b/roles/common/tasks/cron-apt.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Configure cron-apt (config)
+  copy: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }} owner={{ item.owner }} group={{ item.group }}
+  with_items:
+    - { src: 'etc/cron-apt/config', dest: '/etc/cron-apt/config', mode: '0644', owner: 'root', group: 'root' }
+    - { src: 'etc/cron-apt/3-download', dest: '/etc/cron-apt/action.d/3-download', mode: '0644', owner: 'root', group: 'root' }
+
+- name: Configure cron-apt (security)
+  template: src=security.sources.list.j2 dest=/etc/apt/security.sources.list mode=0644 owner=root group=root
+
+# vim: set ts=2 sw=2:
diff --git a/roles/common/tasks/packages_Ubuntu.yml b/roles/common/tasks/packages_Ubuntu.yml
index 0dbc6ed..2b72f69 100644
--- a/roles/common/tasks/packages_Ubuntu.yml
+++ b/roles/common/tasks/packages_Ubuntu.yml
@@ -42,13 +42,7 @@
     - command-not-found-data
     - python3-commandnotfound
 
-- name: Configure cron-apt (config)
-  copy: src=cron-apt/config dest=/etc/cron-apt/config mode=0644 owner=root group=root
-
-- name: Configure cron-apt (config)
-  copy: src=cron-apt/3-download dest=/etc/cron-apt/action.d/3-download mode=0644 owner=root group=root
-
-- name: Configure cron-apt (security)
-  copy: src=cron-apt/security.sources.list dest=/etc/apt/security.sources.list mode=0644 owner=root group=root
+- include: cron-apt.yml
+  tags: cron-apt
 
 # vim: set sw=2 ts=2:
diff --git a/roles/common/templates/security.sources.list.j2 b/roles/common/templates/security.sources.list.j2
new file mode 100644
index 0000000..4adefa0
--- /dev/null
+++ b/roles/common/templates/security.sources.list.j2
@@ -0,0 +1,5 @@
+{% if ansible_distribution == 'Ubuntu' %}
+deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main universe
+{% elif ansible_distribution == 'Debian' %}
+deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main
+{% endif %}