diff --git a/bundles/apt/items.py b/bundles/apt/items.py
index df661a4..1d19c32 100644
--- a/bundles/apt/items.py
+++ b/bundles/apt/items.py
@@ -1,3 +1,21 @@
+from glob import glob
+from os.path import join, basename
+
+directories = {
+    '/etc/apt/sources.list.d': {
+        'purge': True,
+        'triggers': {
+            'action:apt_update',
+        },
+    },
+} 
+
+files = {
+    '/etc/apt/sources.list': {
+        'content': '# managed'
+    },
+}
+
 actions = {
     'apt_update': {
         'command': 'apt-get update',
@@ -9,5 +27,27 @@ actions = {
     },
 }
 
+for name, content in node.metadata.get('apt/sources').items():
+    files[f'/etc/apt/sources.list.d/{name}.list'] = {
+        'content': content.format(
+            release=node.metadata.get('os_release')
+        ),
+        'triggers': {
+            'action:apt_update',
+        },
+    }
+    
+    matches = glob(join(repo.path, 'data', 'apt', 'keys', f'{name}.*'))
+    if matches:
+        assert len(matches) == 1
+        files[f'/etc/apt/trusted.gpg.d/{basename(matches[0])}'] = {
+            'source': matches[0],
+            'content_type': 'binary',
+            'triggers': {
+                'action:apt_update',
+            },
+        }
+
+
 for package, options in node.metadata.get('apt/packages', {}).items():
     pkg_apt[package] = options
diff --git a/bundles/apt/metadata.py b/bundles/apt/metadata.py
new file mode 100644
index 0000000..9919741
--- /dev/null
+++ b/bundles/apt/metadata.py
@@ -0,0 +1,6 @@
+defaults = {
+    'apt': {
+        'packages': {},
+        'sources': {},
+    },
+}
diff --git a/bundles/dovecot/metadata.py b/bundles/dovecot/metadata.py
index 44be492..fb75bf5 100644
--- a/bundles/dovecot/metadata.py
+++ b/bundles/dovecot/metadata.py
@@ -24,5 +24,4 @@ defaults = {
             'dbuser': 'mailserver',
         },
     },
-
 }
diff --git a/bundles/gcloud/items.py b/bundles/gcloud/items.py
new file mode 100644
index 0000000..e69de29
diff --git a/bundles/gcloud/metadata.py b/bundles/gcloud/metadata.py
new file mode 100644
index 0000000..80a08a2
--- /dev/null
+++ b/bundles/gcloud/metadata.py
@@ -0,0 +1,12 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'apt-transport-https': {},
+            'ca-certificates': {},
+            'gnupg': {},
+        },
+        'sources': {
+            'gcloud': 'deb https://packages.cloud.google.com/apt cloud-sdk main',
+        },
+    },
+}
diff --git a/data/apt/keys/gcloud.gpg b/data/apt/keys/gcloud.gpg
new file mode 100644
index 0000000..3f0b5a8
Binary files /dev/null and b/data/apt/keys/gcloud.gpg differ
diff --git a/groups/os/debian-10.py b/groups/os/debian-10.py
index 13421f1..558816e 100644
--- a/groups/os/debian-10.py
+++ b/groups/os/debian-10.py
@@ -9,6 +9,7 @@
         'postgresql': {
             'version': '11',
         },
+        'os_release': 'buster',
     }, 
     'os_version': (10,),
 }
diff --git a/groups/os/debian.py b/groups/os/debian.py
index e1eb4d9..70aab0c 100644
--- a/groups/os/debian.py
+++ b/groups/os/debian.py
@@ -5,6 +5,18 @@
     'bundles': [
         'apt',
     ],
+    'metadata': {
+        'apt': {
+            'sources': {
+                'debian': '\n'.join([
+                    'deb http://deb.debian.org/debian {release} main non-free contrib',
+                    'deb http://deb.debian.org/debian {release}-updates main contrib non-free',
+                    'deb http://security.debian.org/debian-security {release}/updates main contrib non-free',
+                    'deb http://deb.debian.org/debian {release}-backports main contrib non-free',
+                ]),
+            },
+        },
+    },
     'os': 'debian',
     'pip_command': 'pip3',
 }
diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py
index ddb2492..8bd417f 100644
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@@ -8,6 +8,7 @@
         'dnsserver',
     ],
     'bundles': [
+        'gcloud',
         'wireguard',
         'zfs',
     ],