diff --git a/README.md b/README.md
index 8ea3468..d32736b 100644
--- a/README.md
+++ b/README.md
@@ -36,8 +36,7 @@ Given the phone number `+123456789`, the following lookup logic will be performe
 - Forwarder: Proxy the request to other configurable identity servers.
 
 # Packages
-## Native installer
-See releases for native installers of supported systems.  
+See [releases]((https://github.com/kamax-io/mxisd/releases)) for native installers of supported systems.  
 If none is available, please use other packages or build from source.
 
 ## Docker
@@ -52,7 +51,20 @@ docker run -v /data/mxisd/etc:/etc/mxisd -v /data/mxisd/var:/var/mxisd -p 8090:8
 ```
 
 ## Debian
-TODO
+### Download
+See the [releases section](https://github.com/kamax-io/mxisd/releases).
+
+### From source
+Requirements:
+- fakeroot
+- dpkg-deb
+
+Run:
+```
+./gradlew buildDeb 
+```
+
+You will find the debian package in `build/dist`
 
 # From Source
 ## Requirements
@@ -68,8 +80,9 @@ cd mxisd
 ## Configure
 1. Create a new local config: `cp application.example.yaml application.yaml`
 2. Set the `server.name` value to the domain value used in your Home Server configuration
-3. Provide the LDAP attributes you want to use for lookup
-4. Edit an entity in your LDAP database and set the configure attribute with a Matrix ID (e.g. `@john.doe:example.org`)
+3. Set an absolute location for the signing keys using `key.path`
+4. Provide the LDAP attributes you want to use for lookup, if you want to use one
+5. Edit an entity in your LDAP database and set the configure attribute with a Matrix ID (e.g. `@john.doe:example.org`)
 
 ## Test build and configuration
 Start the server in foreground to validate the build:
diff --git a/application.example.yaml b/application.example.yaml
index 36908d4..cacbe8b 100644
--- a/application.example.yaml
+++ b/application.example.yaml
@@ -6,7 +6,7 @@ server:
   # HTTPS can be configured using Tomcat configuration properties.
   port: 8090
 
-  # Realm under which this Identity Server is authoritative.
+  # Realm under which this Identity Server is authoritative, required.
   #
   # This is used to avoid unnecessary connections and endless recursive lookup.
   # e.g. domain name in e-mails.
@@ -16,12 +16,14 @@ server:
 
 key:
 
-  # Where the Identity Server signing key will be stored.
+  # Absolute path for the Identity Server signing key, required.
+  # During testing, /var/tmp/mxisd.key is a possible value
   #
-  # /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\
-  # /!\  CHANGE THIS TO A MORE PERMANENT LOCATION!  /!\
-  # /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\ /!\
-  path: '/var/tmp/mxis-signing.key'
+  # For production, use a stable location like:
+  #   - /var/opt/mxisd/sign.key
+  #   - /var/local/mxisd/sign.key
+  #   - /var/lib/mxisd/sign.key
+  path: '%SIGNING_KEYS_PATH%'
 
 
 
@@ -97,7 +99,7 @@ lookup:
 
 
 ldap:
-  enabled: true
+  enabled: false
   tls: false
   host: 'localhost'
   port: 389
diff --git a/build.gradle b/build.gradle
index b9de6ad..7e785b7 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,3 +1,5 @@
+import java.util.regex.Pattern
+
 /*
  * mxisd - Matrix Identity Server Daemon
  * Copyright (C) 2017 Maxime Dor
@@ -21,6 +23,34 @@
 apply plugin: 'groovy'
 apply plugin: 'org.springframework.boot'
 
+def confFileName = "application.example.yaml"
+def distDir = "${project.buildDir}/dist"
+
+def debBinPath = "/usr/lib/mxisd"
+def debConfPath = "/etc/mxisd"
+def debDataPath = "/var/lib/mxisd"
+def debSystemdPath = "/etc/systemd/system"
+
+def debConfFileName = "mxisd-sample.yaml"
+
+def debBuildBasePath = "${project.buildDir}/tmp/debian"
+def debBuildDebianPath = "${debBuildBasePath}/DEBIAN"
+def debBuildBinPath = "${debBuildBasePath}${debBinPath}"
+def debBuildConfPath = "${debBuildBasePath}${debConfPath}"
+def debBuildDataPath = "${debBuildBasePath}${debDataPath}"
+def debBuildSystemdPath = "${debBuildBasePath}${debSystemdPath}"
+
+String gitVersion() {
+    def versionPattern = Pattern.compile("v(\\d+\\.)?(\\d+\\.)?(\\d+)(-.*)?")
+    ByteArrayOutputStream out = new ByteArrayOutputStream()
+    exec {
+        commandLine = [ 'git', 'describe', '--always', '--dirty' ]
+        standardOutput = out
+    }
+    def v = out.toString().replace(System.lineSeparator(), '')
+    return versionPattern.matcher(v).matches() ? v.substring(1) : v
+}
+
 buildscript {
     repositories {
         mavenCentral()
@@ -73,3 +103,82 @@ springBoot {
             confFolder: "/etc/default"
     ]
 }
+
+task buildDeb(dependsOn: build) {
+    doLast {
+        def v = gitVersion()
+        println "Version for package: ${v}"
+        mkdir distDir
+        mkdir debBuildBasePath
+        mkdir "${debBuildBasePath}/DEBIAN"
+        mkdir debBuildBinPath
+        mkdir debBuildConfPath
+        mkdir debBuildDataPath
+        mkdir debBuildSystemdPath
+
+        copy {
+            from "${project.buildDir}/libs/mxisd.jar"
+            into debBuildBinPath
+        }
+
+        ant.chmod(
+            file: "${debBuildBinPath}/mxisd.jar",
+            perm: 'a+x'
+        )
+
+        copy {
+            from(project.file(confFileName)) {
+                rename confFileName, debConfFileName
+            }
+            into debBuildConfPath
+        }
+
+        ant.replace(
+            file: "${debBuildConfPath}/${debConfFileName}",
+            token: '%SIGNING_KEYS_PATH%',
+            value: "${debDataPath}/signing.key"
+        )
+
+        copy {
+            from project.file('src/debian')
+            into debBuildDebianPath
+        }
+
+        ant.replace(
+            file: "${debBuildDebianPath}/control",
+            token: 'Version: 0',
+            value: "Version: ${v}"
+        )
+
+        ant.replace(
+            file: "${debBuildDebianPath}/postinst",
+            token: '%DEB_DATA_DIR%',
+            value: debDataPath
+        )
+
+        ant.chmod(
+            file: "${debBuildDebianPath}/postinst",
+            perm: 'a+x'
+        )
+
+        ant.chmod(
+            file: "${debBuildDebianPath}/prerm",
+            perm: 'a+x'
+        )
+
+        copy {
+            from "${project.file('src/systemd/mxisd.service')}"
+            into debBuildSystemdPath
+        }
+
+        exec {
+            commandLine(
+                'fakeroot',
+                'dpkg-deb',
+                '-b',
+                debBuildBasePath,
+                "${project.buildDir}/dist"
+            )
+        }
+    }
+}
diff --git a/src/debian/control b/src/debian/control
new file mode 100644
index 0000000..e3c837c
--- /dev/null
+++ b/src/debian/control
@@ -0,0 +1,7 @@
+Package: mxisd
+Maintainer: Kamax.io <foss@kamax.io>
+Homepage: https://github.com/kamax-io/mxisd
+Description: Federated Matrix Identity Server
+Architecture: all
+Depends: openjdk-8-jre | openjdk-8-jre-headless | openjdk-8-jdk | openjdk-8-jdk-headless
+Version: 0
diff --git a/src/debian/postinst b/src/debian/postinst
new file mode 100755
index 0000000..4b1c5ad
--- /dev/null
+++ b/src/debian/postinst
@@ -0,0 +1,13 @@
+#!/bin/bash -e
+
+# Add service account
+useradd -r mxisd || true
+
+# Set permissions for data directory
+chown -R mxisd:mxisd %DEB_DATA_DIR%
+
+# Create symlink to mxusd
+ln -sfT /usr/lib/mxisd/mxisd.jar /usr/bin/mxisd
+
+# Enable systemd service
+systemctl enable mxisd.service
diff --git a/src/debian/prerm b/src/debian/prerm
new file mode 100644
index 0000000..05a65f4
--- /dev/null
+++ b/src/debian/prerm
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Stop running instance if needed
+systemctl stop mxisd.service
+
+# Disable service if exists
+systemctl disable mxisd.service
+
+# remove symlink
+rm /usr/bin/mxisd