diff --git a/config/defaults/version-large.yml b/config/defaults/version-large.yml
index 843ff48a0..13791238a 100644
--- a/config/defaults/version-large.yml
+++ b/config/defaults/version-large.yml
@@ -194,6 +194,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group
diff --git a/config/defaults/version-medium.yml b/config/defaults/version-medium.yml
index 6fb10ccc4..2928c11ba 100644
--- a/config/defaults/version-medium.yml
+++ b/config/defaults/version-medium.yml
@@ -189,6 +189,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group
diff --git a/config/defaults/version-mini.yml b/config/defaults/version-mini.yml
index c47e2bd8c..7e92981b9 100644
--- a/config/defaults/version-mini.yml
+++ b/config/defaults/version-mini.yml
@@ -179,6 +179,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group
diff --git a/config/defaults/version-small.yml b/config/defaults/version-small.yml
index 6d14c8311..e7ac17c06 100644
--- a/config/defaults/version-small.yml
+++ b/config/defaults/version-small.yml
@@ -189,6 +189,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group
diff --git a/config/samples/system-minimal.yml b/config/samples/system-minimal.yml
index 3c4673905..1206784e4 100644
--- a/config/samples/system-minimal.yml
+++ b/config/samples/system-minimal.yml
@@ -58,7 +58,8 @@ system:
   release: bookworm
   devel: false
   debug: false
-
+  apt:
+    mirror: deb.debian.org
 
 ###############################################################################
 # If you are using Gandi, you can enter an API key here
diff --git a/docs/30-define-your-config.md b/docs/30-define-your-config.md
index 1383ed8c3..695a1f672 100644
--- a/docs/30-define-your-config.md
+++ b/docs/30-define-your-config.md
@@ -68,7 +68,7 @@ If you are planning to work with multiple domains, jump to the next section dire
 Once you have chosen your flavour, you need to copy the configuration sample, to create yours:
 
 ```sh
-cp config/samples/minimal.yml config/system.yml
+cp config/samples/system-minimal.yml config/system.yml
 ```
 
 You also need to copy the inventory file for Ansible.
@@ -79,10 +79,10 @@ cp config/samples/hosts.yml config/hosts.yml
 
 ### Working with multiple domains
 
-To work with multiple domains, uses these commands instead, by adjusting `<domain-name>`:
+To work with multiple domains, use these commands instead, by adjusting `<domain-name>`:
 
 ```sh
-cp config/samples/minimal.yml config/system-<domain-name>.yml
+cp config/samples/system-minimal.yml config/system-<domain-name>.yml
 ```
 
 Same for the inventory file for Ansible:
@@ -91,7 +91,7 @@ Same for the inventory file for Ansible:
 cp config/samples/hosts.yml config/hosts-<domain-name>.yml
 ```
 
-The inventory should contains this:
+The inventory should contain this:
 
 ```yml
 all:
@@ -265,6 +265,8 @@ system:
   release: bookworm
   devel: false
   debug: false
+  apt:
+    mirror: deb.debian.org
 ```
 
 #### DNS provider
diff --git a/roles/bootstrap/tasks/check/apt.yml b/roles/bootstrap/tasks/check/apt.yml
index d1e55ea24..c173dbff6 100644
--- a/roles/bootstrap/tasks/check/apt.yml
+++ b/roles/bootstrap/tasks/check/apt.yml
@@ -1,5 +1,17 @@
 ---
 
+- name: Check if apt mirror is valid
+  register: mirror
+  ansible.builtin.uri:
+    url: http://{{ system.apt.mirror }}/debian/dists/{{ distribution_release }}/Release
+    return_content: true
+  loop:
+    - "{{ system.release }}"
+    - "{{ system.release }}-updates"
+    - "{{ system.release }}-backports"
+  loop_control:
+    loop_var: distribution_release
+
 - name: Check if we can run apt update without error
   ansible.builtin.apt:
     update_cache: true
diff --git a/roles/bootstrap/tasks/install/apt.yml b/roles/bootstrap/tasks/install/apt.yml
index 20f56b80f..201bbff97 100644
--- a/roles/bootstrap/tasks/install/apt.yml
+++ b/roles/bootstrap/tasks/install/apt.yml
@@ -6,6 +6,18 @@
   ansible.builtin.set_fact:
     sections: '{{ system.apt.sections | join(" ") }}'
 
+- name: Check if apt mirror is valid
+  register: mirror
+  ansible.builtin.uri:
+    url: http://{{ system.apt.mirror }}/debian/dists/{{ distribution_release }}/Release
+    return_content: true
+  loop:
+    - "{{ system.release }}"
+    - "{{ system.release }}-updates"
+    - "{{ system.release }}-backports"
+  loop_control:
+    loop_var: distribution_release
+
 - name: Initialise default repositories
   register: repositories
   ansible.builtin.template:
diff --git a/roles/bootstrap/templates/sources.list b/roles/bootstrap/templates/sources.list
index d9c838c1e..990cae2c0 100644
--- a/roles/bootstrap/templates/sources.list
+++ b/roles/bootstrap/templates/sources.list
@@ -1,16 +1,16 @@
 # Main repository
-deb https://deb.debian.org/debian/ {{ system.release }} {{ sections }}
-deb-src https://deb.debian.org/debian/ {{ system.release }} {{ sections }}
+deb https://{{ system.apt.mirror }}/debian/ {{ system.release }} {{ sections }}
+deb-src https://{{ system.apt.mirror }}/debian/ {{ system.release }} {{ sections }}
 
 # Security updates
 deb https://security.debian.org/debian-security {{ system.release }}-security main contrib non-free
 deb-src https://security.debian.org/debian-security {{ system.release }}-security main contrib non-free
 
 # {{ system.release }}-updates, previously known as 'volatile'
-deb https://deb.debian.org/debian/ {{ system.release }}-updates {{ sections }}
-deb-src https://deb.debian.org/debian/ {{ system.release }}-updates {{ sections }}
+deb https://{{ system.apt.mirror }}/debian/ {{ system.release }}-updates {{ sections }}
+deb-src https://{{ system.apt.mirror }}/debian/ {{ system.release }}-updates {{ sections }}
 
 # Uncomment to activate backports
 # {{ system.release }}-backports, previously on backports.debian.org
-# deb https://deb.debian.org/debian/ {{ system.release }}-backports {{ sections }}
-# deb-src https://deb.debian.org/debian/ {{ system.release }}-backports {{ sections }}
+# deb https://{{ system.apt.mirror }}/debian/ {{ system.release }}-backports {{ sections }}
+# deb-src https://{{ system.apt.mirror }}/debian/ {{ system.release }}-backports {{ sections }}
diff --git a/roles/bootstrap/vars/main.yml b/roles/bootstrap/vars/main.yml
index 31c0caf77..b95c86a11 100644
--- a/roles/bootstrap/vars/main.yml
+++ b/roles/bootstrap/vars/main.yml
@@ -3,6 +3,6 @@
 whitelisted_hosts:
   - api.ipify.org
   - api64.ipify.org
-  - deb.debian.org
   - letsencrypt.org
   - security.debian.org
+  - '{{ system.apt.mirror }}'