diff --git a/roles/bootstrap/tasks/debian.yml b/roles/bootstrap/tasks/debian.yml
index 60272a7..b2714ac 100644
--- a/roles/bootstrap/tasks/debian.yml
+++ b/roles/bootstrap/tasks/debian.yml
@@ -31,10 +31,30 @@
     - name: Install Debian base system
       ansible.builtin.command: >-
         debootstrap --include={{ bootstrap_debian_base_csv }}
-        {{ bootstrap_debian_release }} /mnt https://deb.debian.org/debian/
+        {{ bootstrap_debian_release }} /mnt {{ system_cfg.mirror }}
       register: bootstrap_debian_base_result
       changed_when: bootstrap_debian_base_result.rc == 0
 
+    - name: Write bootstrap sources.list
+      ansible.builtin.template:
+        src: debian.sources.list.j2
+        dest: /mnt/etc/apt/sources.list
+        mode: "0644"
+
+    - name: Configure apt performance tuning
+      ansible.builtin.copy:
+        dest: /mnt/etc/apt/apt.conf.d/99performance
+        content: |
+          Acquire::Retries "3";
+          Acquire::http::Pipeline-Depth "10";
+          APT::Install-Recommends "false";
+        mode: "0644"
+
+    - name: Update package lists
+      ansible.builtin.command: "{{ chroot_command }} apt update"
+      register: bootstrap_debian_update_result
+      changed_when: bootstrap_debian_update_result.rc == 0
+
     - name: Install extra packages
       when: bootstrap_debian_extra_args | trim | length > 0
       ansible.builtin.command: "{{ chroot_command }} apt install -y {{ bootstrap_debian_extra_args }}"
diff --git a/roles/bootstrap/tasks/ubuntu.yml b/roles/bootstrap/tasks/ubuntu.yml
index e024768..e7975e7 100644
--- a/roles/bootstrap/tasks/ubuntu.yml
+++ b/roles/bootstrap/tasks/ubuntu.yml
@@ -30,15 +30,24 @@
         --keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg
         --include={{ bootstrap_ubuntu_base_csv }}
         {{ bootstrap_ubuntu_release }} /mnt
-        https://archive.ubuntu.com/ubuntu/
+        {{ system_cfg.mirror }}
       register: bootstrap_ubuntu_base_result
       changed_when: bootstrap_ubuntu_base_result.rc == 0
 
-    - name: Enable universe repository
-      ansible.builtin.replace:
-        path: /mnt/etc/apt/sources.list
-        regexp: '^(deb\s+\S+\s+\S+\s+main)$'
-        replace: '\1 universe'
+    - name: Write bootstrap sources.list
+      ansible.builtin.template:
+        src: ubuntu.sources.list.j2
+        dest: /mnt/etc/apt/sources.list
+        mode: "0644"
+
+    - name: Configure apt performance tuning
+      ansible.builtin.copy:
+        dest: /mnt/etc/apt/apt.conf.d/99performance
+        content: |
+          Acquire::Retries "3";
+          Acquire::http::Pipeline-Depth "10";
+          APT::Install-Recommends "false";
+        mode: "0644"
 
     - name: Update package lists
       ansible.builtin.command: "{{ chroot_command }} apt update"
diff --git a/roles/bootstrap/templates/debian.sources.list.j2 b/roles/bootstrap/templates/debian.sources.list.j2
new file mode 100644
index 0000000..5364a46
--- /dev/null
+++ b/roles/bootstrap/templates/debian.sources.list.j2
@@ -0,0 +1,15 @@
+# Managed by Ansible.
+{% set release = bootstrap_debian_release %}
+{% set mirror = system_cfg.mirror %}
+{% set components = 'main contrib non-free' ~ (' non-free-firmware' if (os_version | string) not in ['10', '11'] else '') %}
+
+deb {{ mirror }} {{ release }} {{ components }}
+deb-src {{ mirror }} {{ release }} {{ components }}
+{% if release != 'sid' %}
+
+deb https://security.debian.org/debian-security {{ release }}-security {{ components }}
+deb-src https://security.debian.org/debian-security {{ release }}-security {{ components }}
+
+deb {{ mirror }} {{ release }}-updates {{ components }}
+deb-src {{ mirror }} {{ release }}-updates {{ components }}
+{% endif %}
diff --git a/roles/bootstrap/templates/ubuntu.sources.list.j2 b/roles/bootstrap/templates/ubuntu.sources.list.j2
new file mode 100644
index 0000000..f2f14b8
--- /dev/null
+++ b/roles/bootstrap/templates/ubuntu.sources.list.j2
@@ -0,0 +1,16 @@
+# Managed by Ansible.
+{% set release = bootstrap_ubuntu_release %}
+{% set mirror = system_cfg.mirror %}
+{% set components = 'main restricted universe multiverse' %}
+
+deb {{ mirror }} {{ release }} {{ components }}
+deb-src {{ mirror }} {{ release }} {{ components }}
+
+deb {{ mirror }} {{ release }}-updates {{ components }}
+deb-src {{ mirror }} {{ release }}-updates {{ components }}
+
+deb {{ mirror }} {{ release }}-security {{ components }}
+deb-src {{ mirror }} {{ release }}-security {{ components }}
+
+deb {{ mirror }} {{ release }}-backports {{ components }}
+deb-src {{ mirror }} {{ release }}-backports {{ components }}