# setup-auto-updates.sh

**Universal unattended-upgrades configurator for Debian and Ubuntu systems**

This script configures automatic system updates using `unattended-upgrades`, offering full control over update scope, reboot behavior, and compatibility with both classic and deb822-style APT sources.

## Features

- ✅ **Supports Debian (Bookworm/Trixie+) and Ubuntu (Noble+)**
- ✅ **Interactive prompt to choose:**
  - Full updates (standard + security)
  - Security-only updates
- ✅ **Safe for systems using deb822 sources**
- ✅ **Smart reboot behavior** (`04:00` by default)
- ✅ **Clears fragile legacy config entries**
- ✅ **Systemd timer activation**
- ✅ **Dry-run validation to verify settings**
- ✅ **Re-run safe** — overwrites 50unattended-upgrades and 20auto-upgrades

## Usage

Download and run:

```bash
wget https://example.com/setup-auto-updates.sh
chmod +x setup-auto-updates.sh
sudo ./setup-auto-updates.sh
```

You will be prompted:

```
Configure automatic updates for:
  [1] Full updates (recommended)
  [2] Security updates only
Select [1/2]:
```

### Non-interactive usage

Set the `UPDATE_SCOPE` environment variable before running:

```bash
sudo UPDATE_SCOPE=security ./setup-auto-updates.sh
```

Valid values: `full` (default) or `security`.

### Reboot time

You may override the default automatic reboot time by setting:

```bash
REBOOT_TIME=02:30 ./setup-auto-updates.sh
```

## What it Does

- Installs and configures `unattended-upgrades`
- Sets `APT::Periodic` options
- Writes `/etc/apt/apt.conf.d/50unattended-upgrades` with `Origins-Pattern`
- Enables systemd timers (if available)
- Runs a dry-run check to validate behavior
- Prompts to delete the script after successful configuration

## Limitations

- This script **does not configure third-party repositories** for auto updates.
- Kernel packages will be updated if they are included in the chosen update scope (e.g. under `-updates` or `-security`).

## License

[MIT License](https://opensource.org/license/mit)