I decided to convert the Ansible code to Bash for simplicity.

Ansible role to configure unattended upgrades on Debian.

This role has been tested with Debian 12 (bookworm).

See the official Debian wiki for more information about unattended upgrades.

1. Install this role using the ansible-galaxy CLI tool
2. You can then include it into the tasks section of your Ansible Playbook. See test/playbook.yml for an example of how to do that. Remember to replace the role name with dmotte.unattended_upgrades.

💡 Tip: if you want to see how a systemd calendar event expression will behave, you can use the systemd-analyze command:

systemd-analyze calendar '*-*-* 6,18:00' --iterations 10

See the systemd.time manual for more information.

Note: this role must be run as root (ansible_become: true).

Note: this role may not respect trailing newlines at the end of the file contents. In addition, if you choose to use the lookup('ansible.builtin.file', ...) filter, you should know that it performs an rstrip on the file contents by default (see this and this). In any case there should be no problem, as empty lines in the unattended-upgrades and systemd configuration files are ignored.

See defaults/main.yml.

If you want to contribute to this project, you can use the test/playbook.yml file to test the role while editing it.

Place your inventory file (e.g. hosts.yml) inside the test folder.

Edit the vars section of the test/playbook.yml file to match your scenario.

You can then execute the playbook against your host:

cd test/
ansible-playbook -i hosts.yml playbook.yml