diff --git a/bin/package/raspberry/files/0-setup-user.sh b/bin/package/raspberry/files/0-setup-user.sh
index aaf253592b..7b12c6e8a8 100644
--- a/bin/package/raspberry/files/0-setup-user.sh
+++ b/bin/package/raspberry/files/0-setup-user.sh
@@ -1,8 +1,7 @@
 #!/bin/bash -ev
 
-usermod -l myst pi
-usermod -m -d /home/myst myst
-echo 'myst:mystberry'|chpasswd
+useradd -m -d /home/myst -s /bin/bash myst
+usermod --password "$(openssl passwd -6 mystberry)" myst
 
-rm /etc/sudoers.d/010_pi-nopasswd
+rm -f /etc/sudoers.d/010_pi-nopasswd
 install -m 644 myst_sudo_nopasswd /etc/sudoers.d/010_myst-nopasswd
diff --git a/bin/package/raspberry/files/1-setup-node.sh b/bin/package/raspberry/files/1-setup-node.sh
index 41d78c6324..46c5ca572f 100755
--- a/bin/package/raspberry/files/1-setup-node.sh
+++ b/bin/package/raspberry/files/1-setup-node.sh
@@ -10,31 +10,33 @@ add_apt_source() {
   grep -qF "$src" "$src_file" || echo "$src" | tee -a "$src_file"
 }
 
+apt-get update --allow-releaseinfo-change
+
+# Install myst dependencies
+apt-get -y install wireguard openvpn iptables resolvconf wget gpg unattended-upgrades
+  
 # Enable SSH access
 touch /boot/ssh
 
-# Add APT sources
-add_apt_source "deb http://ppa.launchpad.net/mysteriumnetwork/node/ubuntu focal main" "/etc/apt/sources.list.d/mysterium.list"
-apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ECCB6A56B22C536D
-
-add_apt_source "deb http://deb.debian.org/debian/ unstable main" "/etc/apt/sources.list.d/unstable.list"
-wget -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add -
-printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable
+# TODO: remove PPA https://wiki.debian.org/DontBreakDebian
+wget -qO- "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xECCB6A56B22C536D" \
+| gpg --dearmor \
+| tee /usr/share/keyrings/mysterium-ppa.gpg > /dev/null
 
-# Import missing keys
-apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9
-apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6ED0E7B82643E131
+echo "deb [signed-by=/usr/share/keyrings/mysterium-ppa.gpg] \
+http://ppa.launchpad.net/mysteriumnetwork/node/ubuntu focal main" \
+| tee /etc/apt/sources.list.d/mysterium-node.list
 
-apt-get update --allow-releaseinfo-change
+# Add APT sources
+# add_apt_source "deb http://deb.debian.org/debian/ unstable main" "/etc/apt/sources.list.d/unstable.list"
+# wget -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add -
+# printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable
 
-# Install myst dependencies
-apt-get -y install \
-  wireguard \
-  openvpn
+# Import missing keys
+# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9
+# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6ED0E7B82643E131
 
 # Setup unattended upgrades
-apt-get -y install \
-  unattended-upgrades
 if [[ "${RELEASE_BUILD}" == "true" ]]; then
   echo "Release build, setting up auto-update"
   install --mode=644 unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades
diff --git a/bin/package/raspberry/files/unattended-upgrades b/bin/package/raspberry/files/unattended-upgrades
index 2c0d874181..dfc1d19e24 100644
--- a/bin/package/raspberry/files/unattended-upgrades
+++ b/bin/package/raspberry/files/unattended-upgrades
@@ -1,6 +1,7 @@
 Unattended-Upgrade::Origins-Pattern {
-        "origin=Raspbian,codename=${distro_codename},label=Raspbian";
-        "origin=Raspbian,codename=${distro_codename},label=Raspbian-Security";
+        "origin=Debian,codename=${distro_codename}";
+        "origin=Debian,label=Debian-Security";
+        "origin=Raspberry Pi Foundation";
         "o=LP-PPA-mysteriumnetwork-node";
 };
 
diff --git a/ci/packages/raspberry.go b/ci/packages/raspberry.go
index 90615e9e8f..da2e15ea4a 100644
--- a/ci/packages/raspberry.go
+++ b/ci/packages/raspberry.go
@@ -99,7 +99,7 @@ func configureRaspbianImage(raspbianImagePath string) error {
 	if err := shell.NewCmd("sudo apt-get update").Run(); err != nil {
 		return err
 	}
-	if err := shell.NewCmd("sudo apt-get install -y qemu-system qemu-user-static binfmt-support systemd-container").RunWith(envs); err != nil {
+	if err := shell.NewCmd("sudo apt-get install -y openssl qemu-system qemu-user-static binfmt-support systemd-container").RunWith(envs); err != nil {
 		return err
 	}
 	if err := shell.NewCmd("sudo systemctl restart systemd-binfmt").Run(); err != nil {
@@ -172,7 +172,7 @@ func fetchRaspbianImage() (filename string, err error) {
 
 	log.Info().Msg("Looking up Raspbian image file")
 	localRaspbianZip, err := storageClient.GetCacheableFile("raspbian", func(object types.Object) bool {
-		return strings.Contains(aws.ToString(object.Key), "-raspbian-buster-lite")
+		return strings.Contains(aws.ToString(object.Key), "-raspios-trixie-armhf-lite.img.zip")
 	})
 	if err != nil {
 		return "", fmt.Errorf("failed to fetch raspbian image: %w", err)