Linux

Fully Automatic Updates in Debian

Joshua Martin

Sep 24, 2024 — 1 min read

I was searching for an image of a progress bar and found this. So there's that.

Irrelevant cover photos aside, It is in fact possible to set up Debian to automatically update all of the things and reboot if necessary. Is it smart? Probably not. Do I use it? Yes.

There are plenty of tutorials online for enabling automatic updates only for vital security patches, without automatic rebooting. This isn't that. This is more of a bull-in-the-china-shop update-everything-without-asking-and-reboot, nails & broken glass for breakfast kinda deal.

In all seriousness, I use the unattended-upgrades package to automatically update non-vital virtual machines that I take nightly backups of. That way if anything goes wrong it's as simple as restoring from Proxmox backup server. I do NOT use unattended-upgrades on my Hypervisor, NAS, Backup Server, or any other vital systems.

If you choose to forge forward, first you'll need to install the package:

apt install unattended-upgrades -y

Now let's remove the existing config and edit a new blank one:

rm /etc/apt/apt.conf.d/50unattended-upgrades
nano /etc/apt/apt.conf.d/50unattended-upgrades

Now replace the contents with this:

Unattended-Upgrade::Origins-Pattern {
    "origin=*";
};

Unattended-Upgrade::Package-Blacklist {
};

Unattended-Upgrade::AutoFixInterruptedDpkg "true";

Unattended-Upgrade::MinimalSteps "true";

Unattended-Upgrade::InstallOnShutdown "false";

Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

Unattended-Upgrade::Remove-New-Unused-Dependencies "true";

Unattended-Upgrade::Remove-Unused-Dependencies "true";

Unattended-Upgrade::Automatic-Reboot "true";

Unattended-Upgrade::Automatic-Reboot-WithUsers "true";

Unattended-Upgrade::Automatic-Reboot-Time "now";

Unattended-Upgrade::OnlyOnACPower "false";

Unattended-Upgrade::Skip-Updates-On-Metered-Connections "false";

Unattended-Upgrade::Allow-APT-Mark-Fallback "true";

Now let's enable it and start the service (It will prompt for confirmation.):

dpkg-reconfigure --priority=low unattended-upgrades
systemctl start unattended-upgrades
systemctl enable unattended-upgrades

By default this runs at 6am every day using a systemd timer. You can check that out or edit the time here; It's pretty self explanatory:

nano apt-daily-upgrade.timer

All Done!

So you changed your FOG Project Server's IP and everything broke?

If you, like me, choose to deploy your operating systems via PXE boot using FOG Project instead of Microsoft's WDS/MDT, good for you! There are literally dozens of us! I recently discovered, having changed the IP address of the underlying OS (Debian, of course) that FOG itself

Enabling Hardware Passthrough on Proxmox

I won't lie, this post is in large part for my own benefit. I set up a lot of Proxmox systems, and there are a few steps that need to happen for hardware passthrough to work correctly. This is the quick and dirty guide to get it working.

Wiping a Drive on Linux

This may be the shortest post I ever make. Sometimes a disk fights with you, and all you want to do is quickly obliterate the entire partition table & every partition on it. The command I have found to work the vast majority of the time, even when dealing with

Encrypting a Drive or Partition in Linux with LUKS

Say we have a system where we need a single encrypted drive for all our rare and expensive Linux ISOs. Say we don't want to enter a password to decrypt the drive every time we boot. Say in the event the drive gets stolen or tossed, we don&

Read more

So you changed your FOG Project Server's IP and everything broke?

Enabling Hardware Passthrough on Proxmox

Wiping a Drive on Linux

Encrypting a Drive or Partition in Linux with LUKS