diff --git a/roles/os_agent_auto_update/defaults/main.yml b/roles/os_agent_auto_update/defaults/main.yml
index 3186767..5b4e262 100644
--- a/roles/os_agent_auto_update/defaults/main.yml
+++ b/roles/os_agent_auto_update/defaults/main.yml
@@ -3,3 +3,20 @@
 os_agent_auto_update_playbook_dir: /home/homeassistant/playbooks/
 os_agent_ansible_playbook_cmd_dir: /usr/bin/
 os_agent_auto_update_install_ansible: true
+
+# ansible apt repo URL
+os_agent_auto_update_ansible_repo_url: http://ppa.launchpad.net/ansible/ansible/ubuntu
+
+os_agent_auto_update_ansible_apt_release_channel: main
+# os_agent_auto_update_ansible_apt_distribution is a workaround for mapping the Debian variant to the
+# equivalent Ubuntu variant, which is what Ansible apt package uses for installation
+os_agent_auto_update_ansible_apt_distribution: jammy
+os_agent_auto_update_ansible_apt_repository: >-
+ deb [signed-by=/etc/apt/keyrings/ansible.asc]
+ {{ os_agent_auto_update_ansible_repo_url }}
+ {{ os_agent_auto_update_ansible_apt_distribution | lower }}
+ {{ os_agent_auto_update_ansible_apt_release_channel }}
+os_agent_auto_update_ansible_apt_gpg_key_checksum: "sha256:389ff6776f9d001238cf9ebc4a5e4c2210f497595ac9345f77110c8a2f2c0caf"
+os_agent_auto_update_ansible_apt_ignore_key_error: true
+os_agent_auto_update_ansible_apt_gpg_key: "https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=get&search=0x6125E2A8C77F2818FB7BD15B93C4A3FD7BB9C367"
+os_agent_auto_update_ansible_apt_filename: "ansible"
diff --git a/roles/os_agent_auto_update/tasks/main.yml b/roles/os_agent_auto_update/tasks/main.yml
index c2f8838..5382552 100644
--- a/roles/os_agent_auto_update/tasks/main.yml
+++ b/roles/os_agent_auto_update/tasks/main.yml
@@ -1,28 +1,47 @@
 ---
 # tasks file for os_agent_auto_update
 - name: create directory for auto update playbook
-  file:
+  ansible.builtin.file:
     path: "{{ os_agent_auto_update_playbook_dir }}"
     state: directory
     mode: 0700
 
 - name: copy OS Agent update playbook
-  copy:
+  ansible.builtin.copy:
     src: update_os_agent.yml
     dest: "{{ os_agent_auto_update_playbook_dir }}/update_os_agent.yml"
     mode: 0700
 
+- name: add Ansible apt key
+  ansible.builtin.get_url:
+    url: "{{ os_agent_auto_update_ansible_apt_gpg_key }}"
+    dest: /etc/apt/keyrings/ansible.asc
+    mode: '0644'
+    force: false
+    checksum: "{{ os_agent_auto_update_ansible_apt_gpg_key_checksum | default(omit) }}"
+  register: add_repository_key
+  ignore_errors: "{{ os_agent_auto_update_ansible_apt_ignore_key_error }}"
+  when: os_agent_auto_update_install_ansible | bool
+
+- name: add Ansible repository
+  ansible.builtin.apt_repository:
+    repo: "{{ os_agent_auto_update_ansible_apt_repository }}"
+    state: present
+    filename: "{{ os_agent_auto_update_ansible_apt_filename }}"
+    update_cache: true
+  when: os_agent_auto_update_install_ansible | bool
+
 - name: ensure ansible is installed
-  apt:
+  ansible.builtin.apt:
     name:
-      - python3-ansible
+      - ansible
     state: present
-    update_cache: yes
+    update_cache: true
   become: true
   when: os_agent_auto_update_install_ansible|bool
 
 - name: schedule periodic update of OS Agent
-  cron:
+  ansible.builtin.cron:
     name: "update OS Agent"
     minute: "0"
     hour: "5"