diff --git a/hieradata/os/Debian/Debian12.yaml b/hieradata/os/Debian/Debian12.yaml
new file mode 100644
index 0000000..9b25537
--- /dev/null
+++ b/hieradata/os/Debian/Debian12.yaml
@@ -0,0 +1,7 @@
+# hieradata/os/Debian/Debian12.yaml
+---
+profiles::apt::managed_repos:
+  - 'base'
+  - 'security'
+  - 'updates'
+  - 'puppet7'
diff --git a/hieradata/os/Debian/all_releases.yaml b/hieradata/os/Debian/all_releases.yaml
new file mode 100644
index 0000000..1e30c28
--- /dev/null
+++ b/hieradata/os/Debian/all_releases.yaml
@@ -0,0 +1,3 @@
+# hieradata/os/debian/all_releases.yaml
+---
+profiles::apt::base::baseurl: http://debian.mirror.digitalpacific.com.au/debian
diff --git a/site/profiles/manifests/apt/base.pp b/site/profiles/manifests/apt/base.pp
new file mode 100644
index 0000000..bb71aa7
--- /dev/null
+++ b/site/profiles/manifests/apt/base.pp
@@ -0,0 +1,36 @@
+class profiles::apt::base (
+  Array[String] $managed_repos,
+  Array[String] $components,
+  String        $baseurl,
+) {
+  $releasever = $facts['os']['release']['major']
+  $basearch = $facts['os']['architecture']
+  $codename = $facts['os']['distro']['codename']
+
+  # Join the array into a space-separated string
+  $repo_components = join($components, ' ')
+
+  apt::source { "deb.debian.org-${codename}":
+    location => $baseurl,
+    repos    => $repo_components,
+    release  => $codename,
+  }
+
+  apt::source { "deb.debian.org-${codename}-security":
+    location => $baseurl,
+    repos    => $repo_components,
+    release  => "${codename}-security",
+  }
+
+  apt::source { "deb.debian.org-${codename}-updates":
+    location => $baseurl,
+    repos    => $repo_components,
+    release  => "${codename}-updates",
+  }
+
+  apt::source { "deb.debian.org-${codename}-backports":
+    location => $baseurl,
+    repos    => $repo_components,
+    release  => "${codename}-backports",
+  }
+}
diff --git a/site/profiles/manifests/apt/global.pp b/site/profiles/manifests/apt/global.pp
new file mode 100644
index 0000000..574c668
--- /dev/null
+++ b/site/profiles/manifests/apt/global.pp
@@ -0,0 +1,97 @@
+# Class: profiles::apt::global
+#
+# This class manages global APT configurations and optionally includes the
+# base and Puppet7 apt repository profiles. The profiles included are based on
+# the content of the $managed_repos parameter, which is an array of repository names.
+#
+# Parameters:
+# -----------
+# $managed_repos: An array of repository names that should be managed by Puppet agent.
+# This parameter is mandatory and the class will fail if it is not provided via hieradata.
+# Example: ['base', 'security', 'updates', 'backports']
+#
+# Actions:
+# --------
+# Configures global APT settings, including setting up the 'src' and 'deb' options for all
+# repositories managed by Puppet.
+# Establishes default parameters for any APT repositories managed by Puppet.
+# These parameters include the repository description, the inclusion of 'src' and 'deb',
+# and the pinning.
+# Depending on the content of the $managed_repos parameter, it includes the
+# profiles::apt::base and/or profiles::apt::puppet7 classes.
+# Manages all .list files under /etc/apt/sources.list.d. All the repositories listed
+# in $managed_repos will have their corresponding .list files preserved. Any
+# .list file that is not listed in $managed_repos will be removed.
+# Creates and maintains a /etc/apt/sources.list.d/.managed file that lists all the
+# .list files that should be managed by Puppet.
+# Manages /etc/apt/sources.list file to include the .list files in /etc/apt/sources.list.d.
+#
+# Example usage:
+# --------------
+# To use this class, include it and configure hieradata:
+#   include profiles::apt::global
+#
+# profiles::apt::managed_repos:
+#   - 'base'
+#   - 'security'
+#   - 'updates'
+#   - 'backports'
+class profiles::apt::global (
+  Array[String] $managed_repos = lookup('profiles::apt::managed_repos'),
+  Array[String] $components    = lookup('profiles::apt::components'),
+){
+  class { 'apt':
+    update => {
+      frequency => 'daily',
+      loglevel  => 'debug',
+    },
+  }
+
+  Apt::Source {
+    include => {
+      'src' => true,
+      'deb' => true,
+    },
+  }
+
+  # Generate the content for the .managed file
+  $managed_file_content = $managed_repos.map |$repo_name| { "${repo_name}.repo" }.join("\n")
+
+  # Create the .managed file
+  file { '/etc/apt/sources.list.d/.managed':
+    ensure  => file,
+    content => $managed_file_content,
+  }
+
+  # Define exec resource to remove .list files not listed in .managed
+  exec { 'cleanup_apt_repos':
+    command => '/bin/bash -c "comm -23 <(ls /etc/apt/sources.list.d | sort)
+                <(sort /etc/apt/sources.list.d/.managed) | 
+                xargs -n1 rm -f /etc/apt/sources.list.d/{}"',
+    path    => ['/bin', '/usr/bin'],
+    onlyif  => '/bin/bash -c "comm -23 <(ls /etc/apt/sources.list.d | sort)
+                <(sort /etc/apt/sources.list.d/.managed) | grep .list"',
+  }
+
+  file { '/etc/apt/sources.list':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => @(END)
+      ## Apt is managed by Puppet, do not edit this file
+      END
+  }
+
+  # Setup base repos
+  class { 'profiles::apt::base':
+    managed_repos => $managed_repos,
+    components    => $components,
+  }
+
+  # Setup puppet7 if included in managed_repos
+  class { 'profiles::apt::puppet7':
+    managed_repos => $managed_repos,
+    components    => $components,
+  }
+}
diff --git a/site/profiles/manifests/apt/puppet7.pp b/site/profiles/manifests/apt/puppet7.pp
new file mode 100644
index 0000000..e69de29