diff --git a/debian/aptly.conf.yaml b/debian/aptly.conf.yaml
new file mode 100644
index 000000000..24bbbecfb
--- /dev/null
+++ b/debian/aptly.conf.yaml
@@ -0,0 +1,339 @@
+# Aptly Configuration File
+###########################
+
+# Aptly storage directory for:
+# - downloaded packages (`rootDir`/pool)
+# - database (`rootDir`/db)
+# - published repositories (`rootDir`/public)
+root_dir: ~/.aptly
+
+# Log Level
+# * debug
+# * info
+# * warning
+# * error
+log_level: info
+
+# Log Format
+# * default (text)
+# * json
+log_format: default
+
+# Number of attempts to open database if it's locked by other instance
+# * -1 (no retry)
+database_open_attempts: -1
+
+# Default Architectures
+# empty list defaults to all available architectures
+architectures:
+#    - amd64
+
+# OBSOLETE
+# in aptly up to version 1.0.0, package files were stored in internal package pool
+# with MD5-dervied path, since 1.1.0 package pool layout was changed;
+# if option is enabled, aptly stops checking for legacy paths;
+# by default option is enabled for new aptly installations and disabled when
+# upgrading from older versions
+skip_legacy_pool: true
+
+
+# Dependency following
+#######################
+
+# Follow contents of `Suggests:` field when processing dependencies for the package
+dep_follow_suggests: false
+
+# Follow contents of `Recommends:` field when processing dependencies for the package
+dep_follow_recommends: false
+
+# When dependency looks like `package-a | package-b`, follow both variants always
+dep_follow_allvariants: false
+
+# Follow dependency from binary package to source package
+dep_follow_source: false
+
+# Log additional details while resolving dependencies (useful for debugging)
+dep_verbose_resolve: false
+
+
+# PPA
+######
+
+# Specify paramaters for short PPA url expansion
+# empty defaults to output of `lsb_release` command
+ppa_distributor_id: ubuntu
+
+# Codename for short PPA url expansion
+ppa_codename: ""
+
+
+# Aptly Server
+###############
+
+# Serve published repos as well as API
+serve_in_api_mode: false
+
+# Enable metrics for Prometheus client
+enable_metrics_endpoint: false
+
+# Enable API documentation on /docs
+enable_swagger_endpoint: false
+
+# OBSOLETE: use via url param ?_async=true
+async_api: false
+
+
+# Database
+###########
+
+# Database backend
+# Type must be one of:
+# * leveldb (default)
+# * etcd
+database_backend:
+    type: leveldb
+    # Path to leveldb files
+    # empty dbPath defaults to `rootDir`/db
+    db_path: ""
+
+    # type: etcd
+    # # URL to db server
+    # url: "127.0.0.1:2379"
+
+
+# Mirroring
+############
+
+# Downloader
+# * "default"
+# * "grab"      (more robust)
+downloader: default
+
+# Number of parallel download threads to use when downloading packages
+download_concurrency: 4
+
+# Limit in kbytes/sec on download speed while mirroring remote repositories
+download_limit: 0
+
+# Number of retries for download attempts
+download_retries: 0
+
+# Download source packages per default
+download_sourcepackages: false
+
+
+# Signing
+##########
+
+# GPG Provider
+# * "internal" (Go internal implementation)
+# * "gpg"      (External `gpg` utility)
+gpg_provider: gpg
+
+# Disable signing of published repositories
+gpg_disable_sign: false
+
+# Disable signature verification of remote repositories
+gpg_disable_verify: false
+
+
+# Publishing
+#############
+
+# Do not publish Contents files
+skip_contents_publishing: false
+
+# Do not create bz2 files
+skip_bz2_publishing: false
+
+
+# Storage
+##########
+
+# Filesystem publishing endpoints
+#
+# aptly defaults to publish to a single publish directory under `rootDir`/public. For
+# a more advanced publishing strategy, you can define one or more filesystem endpoints in the
+# `FileSystemPublishEndpoints` list of the aptly configuration file. Each endpoint has a name
+# and the following associated settings.
+#
+# In order to publish to such an endpoint, specify the endpoint as `filesystem:endpoint-name`
+# with `endpoint-name` as the name given in the aptly configuration file. For example:
+#
+#   `aptly publish snapshot wheezy-main filesystem:test1:wheezy/daily`
+#
+filesystem_publish_endpoints:
+    # # Endpoint Name
+    # test1:
+    #     # Directory for publishing
+    #     root_dir: /opt/srv/aptly_public
+    #     # File Link Method for linking files from the internal pool to the published directory
+    #     # * hardlink
+    #     # * symlink
+    #     # * copy
+    #     link_method: hardlink
+    #     # File Copare Method for comparing existing links from the internal pool to the published directory
+    #     # Only used when "linkMethod" is set to "copy"
+    #     # * md5 (default: compare md5 sum)
+    #     # * size (compare file size)
+    #     verify_method: md5
+
+# S3 Endpoint Support
+#
+# cloud storage). First, publishing
+# endpoints should be described in aptly configuration file. Each endpoint has name
+# and associated settings.
+#
+# In order to publish to S3, specify endpoint as `s3:endpoint-name:` before
+# publishing prefix on the command line, e.g.:
+#
+#   `aptly publish snapshot wheezy-main s3:test:`
+#
+s3_publish_endpoints:
+    # # Endpoint Name
+    # test:
+    #     # Amazon region for S3 bucket
+    #     region: us-east-1
+    #     # Bucket name
+    #     bucket: test-bucket
+    #     # Prefix (optional)
+    #     # publishing under specified prefix in the bucket, defaults to
+    #     # no prefix (bucket root)
+    #     prefix: ""
+    #     # Default ACLs (optional)
+    #     # assign ACL to published files:
+    #     # * private     (default, for use with apt S3 transport)
+    #     # * public-read (public repository)
+    #     # * none        (don't set ACL)
+    #     acl: private
+    #     # Credentials (optional)
+    #     # Amazon credentials to access S3 bucket. If not supplied, environment variables
+    #     # `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_SESSION_TOKEN` are used
+    #     access_key_id: ""
+    #     secret_access_key: ""
+    #     session_token: ""
+    #     # Endpoint (optional)
+    #     # When using S3-compatible cloud storage, specify hostname of service endpoint here,
+    #     # region is ignored if endpoint is set (set region to some human-readable name)
+    #     # (should be left blank for real Amazon S3)
+    #     endpoint: ""
+    #     # Storage Class (optional)
+    #     # Amazon S3 storage class, defaults to `STANDARD`. Other values
+    #     # available: `REDUCED_REDUNDANCY` (lower price, lower redundancy)
+    #     storage_class: STANDARD
+    #     # Encryption Method (optional)
+    #     # Server-side encryption method, defaults to none. Currently
+    #     # the only available encryption method is `AES256`
+    #     encryption_method: none
+    #     # Plus Workaround (optional)
+    #     # Workaround misbehavior in apt and Amazon S3 for files with `+` in filename by
+    #     # creating two copies of package files with `+` in filename: one original
+    #     # and another one with spaces instead of plus signs
+    #     # With `plusWorkaround` enabled, package files with plus sign
+    #     # would be stored twice. aptly might not cleanup files with spaces when published
+    #     # repository is dropped or updated (switched) to new version of repository (snapshot)
+    #     plus_workaround: false
+    #     # Disable MultiDel (optional)
+    #     # For S3-compatible cloud storages which do not support `MultiDel` S3 API,
+    #     # enable this setting (file deletion would be slower with this setting enabled)
+    #     disable_multidel: false
+    #     # Force Signature v2 (optional)
+    #     # Disable Signature V4 support, useful with non-AWS S3-compatible object stores
+    #     # which do not support SigV4, shouldn't be enabled for AWS
+    #     force_sigv2: false
+    #     # Force VirtualHosted Style (optional)
+    #     # Disable path style visit, useful with non-AWS S3-compatible object stores
+    #     # which only support virtual hosted style
+    #     force_virtualhosted_style: false
+    #     # Debug (optional)
+    #     # Enables detailed request/response dump for each S3 operation
+    #     debug: false
+
+# Swift Endpoint Support
+#
+# aptly can publish a repository directly to OpenStack Swift.
+# Each endpoint has name and associated settings.
+#
+# In order to publish to Swift, specify endpoint as `swift:endpoint-name:` before
+# publishing prefix on the command line, e.g.:
+#
+#   `aptly publish snapshot jessie-main swift:test:`
+#
+swift_publish_endpoints:
+    # # Endpoint Name
+    # test:
+    #     # Container Name
+    #     container: taylor1
+    #     # Prefix (optional)
+    #     # Publish under specified prefix in the container, defaults to no prefix (container root)
+    #     prefix: ""
+    #     # Credentials (optional)
+    #     # OpenStack credentials to access Keystone. If not supplied, environment variables `OS_USERNAME` and `OS_PASSWORD` are used
+    #     username: ""
+    #     password: ""
+    #     # Domain (optional)
+    #     # OpenStack domain
+    #     domain: ""
+    #     domain_id: ""
+    #     # Tenant (optional)
+    #     # OpenStack tenant (in order to use v2 authentication)
+    #     tenant: ""
+    #     tenant_id: ""
+    #     tenant_domain: ""
+    #     tenant_domain_id: ""
+    #     # Auth URL (optional)
+    #     # Full url of Keystone server (including port, and version).
+    #     # Example `http://identity.example.com:5000/v2.0`
+    #     auth_url: ""
+
+# Azure Endpoint Support
+#
+# aptly can be configured to publish repositories directly to Microsoft Azure Blob
+# Storage. First, publishing endpoints should be described in the aptly
+# configuration file. Each endpoint has its name and associated settings.
+azure_publish_endpoints:
+    # # Endpoint Name
+    # test:
+    #     # Container Name
+    #     container: container1
+    #     # Prefix (optional)
+    #     # Publishing under specified prefix in the container, defaults to no prefix (container root)
+    #     prefix: ""
+    #     # Credentials
+    #     # Azure storage account access key to access blob storage
+    #     account_name: ""
+    #     account_key: ""
+    #     # Endpoint URL
+    #     # See: Azure documentation https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string
+    #     # defaults to "https://<accountName>.blob.core.windows.net"
+    #     endpoint: ""
+
+# Package Pool
+#
+# Location for storing downloaded packages
+# Type must be one of:
+# * local
+# * azure
+packagepool_storage:
+    # Local Pool
+    type: local
+    # Local Pool Path
+    # empty path defaults to `rootDir`/pool
+    path:
+
+    # # Azure Azure Blob Storage Pool
+    # type: azure
+    # # Container Name
+    # container: pool1
+    # # Prefix (optional)
+    # # Publishing under specified prefix in the container, defaults to no prefix (container root)
+    # prefix: ""
+    # # Credentials
+    # # Azure storage account access key to access blob storage
+    # account_name: ""
+    # account_key: ""
+    # # Endpoint URL
+    # # See: Azure documentation https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string
+    # # defaults to "https://<accountName>.blob.core.windows.net"
+    # endpoint: ""
+