diff --git a/README.md b/README.md
index 72b0e5d9e0e865bdbc04b1eae2f7353b409f40dc..68ba444b063a2578b5f35b1e7be8d81900c02c18 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,3 @@
-# ansible-role-template
+# ansible_role-unattended_upgrades
+
+Install & configure `unattended-upgrades` package and configure systemd apt timers.
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c9c35760c160dd1571143c343b2f28e75d4864b2
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,10 @@
+unattended_upgrades_enable: true
+
+unattended_upgrades_reboot: true
+unattended_upgrades_reboot_time: "06:45"
+
+unattended_upgrades_update_calendar: "*-*-* 6,18:00"
+unattended_upgrades_update_delay: "12h"
+
+unattended_upgrades_upgrade_calendar: "*-*-* 22:00"
+unattended_upgrades_upgrade_delay: "60m"
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0628294f2935bff19bcaf7ab0742cb44e05f42db
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,11 @@
+- name: Restart unattended-upgrades service
+ ansible.builtin.systemd:
+ state: restarted
+ enabled: true
+ masked: false
+ daemon_reload: true
+ name: unattended-upgrades.service
+
+- name: Reload systemd
+ ansible.builtin.systemd:
+ daemon_reload: true
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a3ae838936ad2344683083e6fb0a5c1750bf110b
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,89 @@
+- name: Install packages
+ ansible.builtin.apt:
+ state: present
+ update_cache: true
+ install_recommends: false
+ pkg:
+ - unattended-upgrades
+ - powermgmt-base
+ - python3-gi
+ tags:
+ - unattended_upgrades
+
+- name: Template a file to /etc/apt/apt.conf.d/20auto-upgrades
+ ansible.builtin.copy:
+ content: |
+ APT::Periodic::Update-Package-Lists "1";
+ APT::Periodic::Unattended-Upgrade "{{ unattended_upgrades_enable | ternary('1', '0') }}";
+ dest: /etc/apt/apt.conf.d/20auto-upgrades
+ owner: root
+ group: root
+ mode: "0644"
+ notify: Restart unattended-upgrades service
+ tags:
+ - unattended_upgrades
+
+- name: Template a file to /etc/apt/apt.conf.d/50unattended-upgrades
+ ansible.builtin.copy:
+ content: |
+ Unattended-Upgrade::Origins-Pattern {
+ "o=*";
+ };
+ Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+ Unattended-Upgrade::MinimalSteps "true";
+ Unattended-Upgrade::InstallOnShutdown "false";
+ Unattended-Upgrade::Mail "root";
+ Unattended-Upgrade::MailOnlyOnError "false";
+ Unattended-Upgrade::Remove-Unused-Dependencies "true";
+ Unattended-Upgrade::Automatic-Reboot-Time "{{ unattended_upgrades_reboot_time | default('06:45') }}";
+ Unattended-Upgrade::Automatic-Reboot "{{ unattended_upgrades_reboot | default(true) | bool }}";
+ dest: /etc/apt/apt.conf.d/50unattended-upgrades
+ owner: root
+ group: root
+ mode: "0644"
+ notify: Restart unattended-upgrades service
+ tags:
+ - unattended_upgrades
+
+- name: Template a file to /etc/systemd/system/apt-daily.timer
+ ansible.builtin.copy:
+ content: |
+ [Unit]
+ Description=Daily apt download activities
+
+ [Timer]
+ OnCalendar={{ unattended_upgrades_update_calendar }}
+ RandomizedDelaySec={{ unattended_upgrades_update_delay }}
+ Persistent=true
+
+ [Install]
+ WantedBy=timers.target
+ dest: /etc/systemd/system/apt-daily.timer
+ owner: root
+ group: root
+ mode: "0644"
+ notify: Reload systemd
+ tags:
+ - unattended_upgrades
+
+- name: Template a file to /etc/systemd/system/apt-daily-upgrade.timer
+ ansible.builtin.copy:
+ content: |
+ [Unit]
+ Description=Daily apt upgrade and clean activities
+ After=apt-daily.timer
+
+ [Timer]
+ OnCalendar={{ unattended_upgrades_upgrade_calendar }}
+ RandomizedDelaySec={{ unattended_upgrades_upgrade_delay }}
+ Persistent=true
+
+ [Install]
+ WantedBy=timers.target
+ dest: /etc/systemd/system/apt-daily-upgrade.timer
+ owner: root
+ group: root
+ mode: "0644"
+ notify: Reload systemd
+ tags:
+ - unattended_upgrades