diff --git a/roles/stable/debian-base/files/sources.list b/roles/stable/debian-base/files/sources.list
new file mode 100644
index 0000000..63b0db5
--- /dev/null
+++ b/roles/stable/debian-base/files/sources.list
@@ -0,0 +1,4 @@
+deb http://deb.debian.org/debian buster main contrib non-free
+deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free
+deb http://deb.debian.org/debian buster-updates main contrib non-free
+deb http://deb.debian.org/debian buster-backports main contrib non-free
diff --git a/roles/stable/debian-base/tasks/main.yml b/roles/stable/debian-base/tasks/main.yml
new file mode 100644
index 0000000..ed8d132
--- /dev/null
+++ b/roles/stable/debian-base/tasks/main.yml
@@ -0,0 +1,45 @@
+- name: debian-base - Copia apt/sources.list completo
+  copy:
+    src: sources.list
+    dest: /etc/apt/sources.list
+
+- name: debian-base - Aggiorna indici apt-get
+  apt:
+    update_cache: yes
+
+#- name: Aggiorna distro
+#  apt:
+#    upgrade: dist
+
+- name: debian-base - Installa pacchetti sistema base
+  apt:
+    name: "{{ item }}"
+    state: latest
+  with_items:
+    - amd64-microcode
+    - bmon
+    - bzip2
+    - ca-certificates
+    - console-data
+    - curl
+#    - etckeeper
+    - git
+    - htop
+    - intel-microcode
+    - less
+    - lnav
+    - openssh-server
+    - rar
+    - screen
+    - sudo
+    - tree
+    - unzip
+    - unar
+    - unrar
+    - unattended-upgrades
+    - vim
+    - wget
+    - zip
+    - zsh
+
+
diff --git a/roles/stable/debian-frontend/files/apt-nginx.list b/roles/stable/debian-frontend/files/apt-nginx.list
new file mode 100644
index 0000000..cbd4529
--- /dev/null
+++ b/roles/stable/debian-frontend/files/apt-nginx.list
@@ -0,0 +1 @@
+deb http://nginx.org/packages/debian/ buster nginx
diff --git a/roles/stable/debian-frontend/files/sources-debian.list b/roles/stable/debian-frontend/files/sources-debian.list
new file mode 100644
index 0000000..63b0db5
--- /dev/null
+++ b/roles/stable/debian-frontend/files/sources-debian.list
@@ -0,0 +1,4 @@
+deb http://deb.debian.org/debian buster main contrib non-free
+deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free
+deb http://deb.debian.org/debian buster-updates main contrib non-free
+deb http://deb.debian.org/debian buster-backports main contrib non-free
diff --git a/roles/stable/debian-frontend/tasks/main.yml b/roles/stable/debian-frontend/tasks/main.yml
new file mode 100644
index 0000000..ed4c5aa
--- /dev/null
+++ b/roles/stable/debian-frontend/tasks/main.yml
@@ -0,0 +1,71 @@
+---
+
+- debug:
+    msg: "Distro: {{ hostvars[inventory_hostname].ansible_distribution }} {{ hostvars[inventory_hostname].ansible_distribution_version }}"
+
+- name: Copia apt/sources.list (Debian)
+  when: ansible_distribution == "Debian"
+  become: true
+  copy:
+    src: sources-debian.list
+    dest: /etc/apt/sources.list
+
+- name: Aggiorna indici apt-get
+  become: true
+  apt:
+    update_cache: yes
+
+- name: Installa pacchetti base dalla distro
+  apt:
+    name: [
+    'amd64-microcode',
+    'bmon',
+    'bzip2',
+    'ca-certificates',
+    'console-data',
+    'curl',
+    'git',
+    'htop',
+    'intel-microcode',
+    'less',
+    'lnav',
+    'rar',
+    'screen',
+    'sudo',
+    'tree',
+    'unzip',
+    'unar',
+    'unrar',
+    'unattended-upgrades',
+    'vim',
+    'wget',
+    'zip',
+    'zsh',
+    ]
+    state: latest
+    update_cache: yes
+#TODO 
+- name: Installa pacchetti webserver
+  apt:
+    name: [
+    'apt-transport-https',
+    'curl',
+    'ca-certificates',
+    'clamav',
+    'clamav-freshclam',
+    'gnupg2',
+    'imagemagick',
+    'jpegoptim',
+    'libapache2-mod-rpaf',
+    'optipng',
+    'pngquant',
+    'python3-pip',
+    ]
+    default_release: ascii-backports
+    state: latest
+    default_release: ascii-backports
+
+
+
+- include: nginx.yml
+
diff --git a/roles/stable/debian-frontend/tasks/nginx.yml b/roles/stable/debian-frontend/tasks/nginx.yml
new file mode 100644
index 0000000..37c544e
--- /dev/null
+++ b/roles/stable/debian-frontend/tasks/nginx.yml
@@ -0,0 +1,57 @@
+---
+
+- name: Copia apt-nginx.list
+  copy:
+    src: apt-nginx.list
+    dest: /etc/apt/sources.list.d/nginx.list
+
+- name: Importa chiave gpg nginx.org
+  apt_key:
+    #id: ABF5BD827BD9BF62
+    #id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
+    url: https://nginx.org/keys/nginx_signing.key
+    state: present
+
+- name: Installa nginx.org
+  apt:
+    name: nginx
+    state: latest
+    install_recommends: yes
+    update_cache: yes
+
+- name: Installa certbot per nginx
+  apt:
+    name: python3-certbot-nginx
+    state: latest
+    install_recommends: yes
+
+# TODO: importa o crea certificati letsencrypt
+
+#- name: Copia file configurazione nginx
+#  copy:
+#    src: "{{ item.origin }}"
+#    dest: "/etc/nginx/{{ item.dest }}"
+#    owner: root
+#    group: root
+#    mode: 0644
+#    backup: yes
+#  with_items:
+#    - { origin: 'nginx/nginx.conf', dest: 'nginx.conf' }
+#    - { origin: 'nginx/deny.conf', dest: 'deny.conf' }
+
+#- name: Disabilita sito di default Nginx
+#  file:
+#    path: /etc/nginx/sites-enabled/default
+#    state: absent
+
+#- name: Crea directory per il sito
+#  file:
+#    path: /var/www/websites/
+#    state: directory
+#    mode: 0755
+
+#- name: Abilita Nginx al boot, ma non avviarlo ancora (altrimenti crasha perchè mancano i certificati SSL)
+#  service:
+#    name: nginx
+#    state: stopped
+#    enabled: yes