diff --git a/files/default_grub.patch.bookworm b/files/default_grub.patch.bookworm
new file mode 100644
index 0000000..602cff8
--- /dev/null
+++ b/files/default_grub.patch.bookworm
@@ -0,0 +1,22 @@
+--- grub.orig   2023-06-18 23:39:13.949849870 +0200
++++ grub        2023-06-19 00:26:36.680663106 +0200
+@@ -6,8 +6,8 @@
+ GRUB_DEFAULT=0
+ GRUB_TIMEOUT=5
+ GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+-GRUB_CMDLINE_LINUX_DEFAULT="quiet"
+-GRUB_CMDLINE_LINUX=""
++GRUB_CMDLINE_LINUX_DEFAULT=""
++GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
+ 
+ # If your computer has multiple operating systems installed, then you
+ # probably want to run os-prober. However, if your computer is a host
+@@ -22,7 +22,7 @@
+ #GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
+ 
+ # Uncomment to disable graphical terminal
+-#GRUB_TERMINAL=console
++GRUB_TERMINAL=console
+ 
+ # The resolution used on graphical terminal
+ # note that you can use only modes which your graphic card supports via VBE
diff --git a/files/sources.list.bookworm b/files/sources.list.bookworm
new file mode 100644
index 0000000..8af467d
--- /dev/null
+++ b/files/sources.list.bookworm
@@ -0,0 +1,9 @@
+deb http://deb.debian.org/debian/ bookworm main non-free-firmware
+deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
+
+deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
+deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
+
+deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
+deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
+
diff --git a/tasks/main.yml b/tasks/main.yml
index c00bf91..7cd7e0a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -72,7 +72,15 @@
     src: sources.list.bullseye
     dest: /etc/apt/sources.list
   when:
-    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11)
+    - (ansible_distribution == "Debian" and ansible_distribution_major_version == "11")
+
+- name: apt sources.list bookworm
+  tags: apt
+  copy:
+    src: sources.list.bookworm
+    dest: /etc/apt/sources.list
+  when:
+    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12)
 
 - name: apt.conf allow unauthenticated jessie
   tags: apt
@@ -131,8 +139,6 @@
       - mlocate
       - mtr-tiny
       - ngrep
-      - ntp
-      - ntpdate
       - openssl
       - parted
       - patch
@@ -160,6 +166,17 @@
       - mosh
     state: present
 
+- name: install packages for debian -bullseye
+  tags: apt
+  apt:
+    name:
+      - ntp
+      - ntpdate
+    state: present
+  when:
+    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 11) or
+      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20)
+
 - name: install packages for debian buster and older
   tags: apt
   apt:
@@ -170,16 +187,27 @@
     - ansible_distribution == "Debian"
     - ansible_distribution_major_version|int() <= 10
 
-- name: install packages for debian bullseye and newer
+- name: install packages for debian bullseye+
   tags: apt
   apt:
     name:
-      - bind9-utils
+      - bind9-dnsutils
+      - rsyslog
     state: present
   when:
     - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
       (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
 
+- name: install packages for debian bookworm+
+  tags: apt
+  apt:
+    name:
+      - ntpsec
+      - ntpsec-ntpdate
+    state: present
+  when:
+    - ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12
+
 - name: open-vm-tools
   apt:
     name: open-vm-tools
@@ -245,7 +273,15 @@
     src: default_grub.patch.stretch
     dest: /etc/default/grub
   when:
-    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9)
+    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9 and ansible_distribution_major_version|int() < 12)
+
+- name: grub defaults, bookworm+
+  tags: grub
+  patch:
+    src: default_grub.patch.bookworm
+    dest: /etc/default/grub
+  when:
+    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12)
 
 - name: grub defaults, stretch+
   tags: grub
@@ -271,18 +307,26 @@
   tags: locales
   command: locale-gen
 
+- name: find ntp.conf
+  tags: ntp
+  command: "find /etc -name ntp.conf"
+  register: find_ntpconf
+
+- name: set ntpconf veriable
+  set_fact:
+    ntpconf: "{{ find_ntpconf.stdout_lines[0] }}"
 
 - name: ntp.conf remove factory ntp servers
   tags: ntp
   lineinfile:
-    dest: /etc/ntp.conf
+    dest: "{{ ntpconf }}"
     regexp: '^(pool|server)\s'
     state: absent
 
 - name: ntp.conf set ntp server
   tags: ntp
   lineinfile:
-    dest: /etc/ntp.conf
+    dest: "{{ ntpconf }}"
     regexp: '^(pool|server)\s'
     line: "server {{ ntp }} iburst"
     insertafter: '^# pool:'
@@ -290,13 +334,19 @@
 - name: ntp.conf stretch+ remove limited
   tags: ntp
   replace:
-    path: /etc/ntp.conf
+    path: "{{ ntpconf }}"
     regexp: "noquery limited"
     replace: "noquery"
   when:
     - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or
       (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
 
+- name: ntp.conf set minsane 1
+  tags: ntp
+  replace:
+    path: "{{ ntpconf }}"
+    regexp: "minsane \\d+"
+    replace: "minsane 1"
 
 - name: postfix master.cf jessie
   tags: postfix
@@ -317,7 +367,7 @@
     - (ansible_distribution_major_version|int() == 9) or
       (ansible_distribution_major_version|int() == 10)
 
-- name: postfix master.cf bullseye
+- name: postfix master.cf bullseye+
   tags: postfix
   patch:
     src: postfix_master.cf.patch.bullseye