diff --git a/defaults/main.yml b/defaults/main.yml
index 25fb2cc..a507bb4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,4 @@
 update:
   unattended: no
+  apt_daily_time: "*-*-* {{ 24|random(seed=(inventory_hostname + 'apt_daily_h')) }}:{{ 60|random(seed=(inventory_hostname + 'apt_daily_m')) }}"
+  apt_daily_upgrade_time: "*-*-* 6:{{ 60|random(seed=(inventory_hostname + 'apt_daily_upgrade_time')) }}"
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..be5b28c
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,11 @@
+- name: restart apt-daily.timer
+  ansible.builtin.systemd:
+    name: apt-daily.timer
+    daemon_reload: yes
+    state: restarted
+
+- name: restart apt-daily-upgrade.timer
+  ansible.builtin.systemd:
+    name: apt-daily-upgrade.timer
+    daemon_reload: yes
+    state: restarted
diff --git a/tasks/main.yml b/tasks/main.yml
index c3a9995..8e114a0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -9,20 +9,52 @@
   tags:
   - update
 
-- name: install unattended-upgrades
+- name: install unattended upgrades
   apt:
     name: unattended-upgrades
     purge: yes
     state: "{% if update.unattended %}present{% else %}absent{% endif %}"
 
-- name: configure unattended-upgrades
+- name: configure unattended upgrades
+  when: update.unattended
   ansible.builtin.copy:
     src: "50unattended-upgrades"
     dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
     owner: root
     group: root
     mode: 0644
+
+- name: overwrite apt-daily.timer
   when: update.unattended
+  ansible.builtin.template:
+    src: "apt-daily.timer.j2"
+    dest: "/etc/systemd/system/apt-daily.timer"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+  - restart apt-daily.timer
+
+- name: overwrite apt-daily-upgrade.timer
+  when: update.unattended
+  ansible.builtin.template:
+    src: "apt-daily-upgrade.timer.j2"
+    dest: "/etc/systemd/system/apt-daily-upgrade.timer"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+  - restart apt-daily-upgrade.timer
+
+- name: enable auto upgrades
+  when: update.unattended
+  ansible.builtin.copy:
+    src: "/usr/share/unattended-upgrades/20auto-upgrades"
+    dest: "/etc/apt/apt.conf.d/20auto-upgrades"
+    owner: root
+    group: root
+    mode: 0644
+    remote_src: yes
 
 - name: clean
   command: apt-get clean
diff --git a/templates/apt-daily-upgrade.timer.j2 b/templates/apt-daily-upgrade.timer.j2
new file mode 100644
index 0000000..62e2225
--- /dev/null
+++ b/templates/apt-daily-upgrade.timer.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Daily apt upgrade and clean activities
+After=apt-daily.timer
+
+[Timer]
+OnCalendar={{ update.apt_daily_upgrade_time }}
+
+[Install]
+WantedBy=timers.target
diff --git a/templates/apt-daily.timer.j2 b/templates/apt-daily.timer.j2
new file mode 100644
index 0000000..cb92e24
--- /dev/null
+++ b/templates/apt-daily.timer.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Daily apt download activities
+
+[Timer]
+OnCalendar={{ update.apt_daily_time }}
+
+[Install]
+WantedBy=timers.target