diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades
new file mode 100644
index 0000000..fd62386
--- /dev/null
+++ b/files/50unattended-upgrades
@@ -0,0 +1,6 @@
+Unattended-Upgrade::Origins-Pattern {
+	"origin=*";
+};
+
+Unattended-Upgrade::Package-Blacklist {
+};
diff --git a/tasks/main.yml b/tasks/main.yml
index 5b16043..312c4c7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -7,12 +7,21 @@
   tags:
   - update
 
-- name: setup unattended updates
+- name: install unattended-upgrades
   apt:
     name: unattended-upgrades
     purge: yes
     state: "{% if update.unattended %}present{% else %}absent{% endif %}"
 
+- name: configure unattended-upgrades
+  ansible.builtin.copy:
+    src: "50unattended-upgrades"
+    dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
+    owner: root
+    group: root
+    mode: 0644
+  when: update.unattended
+
 - name: clean
   command: apt-get clean
   changed_when: False