Auto Updates with Unattended Upgrades

Install Unattended Upgrades

sudo apt update
sudo apt install -y unattended-upgrades apt-listchanges

Configure what You want to Update

sudo vim /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Origins-Pattern {
        // OS:
        "origin=Debian,codename=${distro_codename}-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

        // Software:  (can be copy and basted from "apt-cache policy", but without the b=***)
        "o=Tailscale,n=bookworm,l=Tailscale,c=main";
};

Unattended-Upgrade::Package-Blacklist {
};

Unattended-Upgrade::AutoFixInterruptedDpkg "true";
Unattended-Upgrade::InstallOnShutdown "false";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
Unattended-Upgrade::Automatic-Reboot-Time "04:00";
Unattended-Upgrade::OnlyOnACPower "false";

Configure when You want to Update

sudo vim /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::CleanInterval "2";

Enable and Start the Service

sudo systemctl enable --now unattended-upgrades

Troubleshoot

Check the logs

sudo tail /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
sudo tail /var/log/unattended-upgrades/unattended-upgrades.log
sudo tail /var/log/unattended-upgrades/unattended-upgrades-shutdown.log

Dry Run Mode

sudo unattended-upgrades -d --dry-run

Manual Run

sudo unattended-upgrades -d

^[1]

Relevant Note(s): Linux Basics