Enabling automatic (security) updates on Debian (12)

Steps to enable automatic security updates on Debian systems.

Install required packages

sudo apt update
sudo apt install unattended-upgrades apt-listchanges

Create config file (we remove the old config first)

rm /etc/apt/apt.conf.d/50unattended-upgrades
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Add config

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
};

Unattended-Upgrade::Package-Blacklist {
};

Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";

Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";

Enable automatic updates

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

Add/change following lines

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Test

sudo unattended-upgrades --dry-run --debug