diff --git a/tasks/main.yml b/tasks/main.yml
index d512d455af50a215792d3b3da9da984e817cf88a..3783e2aacd3bb39f555447c710a3102693768494 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -95,21 +95,24 @@
     purge: true
     state: absent
   when: ansible_os_family == "Debian" and inventory_hostname not in groups.maintenance_contract
+  tags: unattended-upgrade
 
 - name: Install Unattended Upgrades
   apt:
     name: "unattended-upgrades"
     state: present
   when: ansible_os_family == "Debian" and inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
 
 - name: Copy Unattended Upgrades configuration
-  ansible.builtin.copy:
-    src: 'apt-unattended-upgrades'
+  template:
+    src: 'apt-unattended-upgrades.j2'
     dest: '/etc/apt/apt.conf.d/50unattended-upgrades'
     owner: root
     group: root
     mode: '0644'
   when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
 
 - name: Create apt-daily timer directory if it does not exist
   ansible.builtin.file:
@@ -119,6 +122,7 @@
     group: root
     mode: '0755'
   when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
 
 - name: override apt-daily timer
   ansible.builtin.copy:
@@ -128,6 +132,7 @@
     group: root
     mode: '0644'
   when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
   notify:
     - restart-apt-update-timer
 
@@ -139,6 +144,7 @@
     group: root
     mode: '0755'
   when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
 
 - name: override apt-daily-upgrade timer
   ansible.builtin.copy:
@@ -148,6 +154,7 @@
     group: root
     mode: '0644'
   when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
   notify:
     - restart-apt-upgrade-timer
 
diff --git a/files/apt-unattended-upgrades b/templates/apt-unattended-upgrades.j2
similarity index 83%
rename from files/apt-unattended-upgrades
rename to templates/apt-unattended-upgrades.j2
index a5cc28f3acc83c772263baa2edf31cf9d8a31041..37519209bbeaecb8711487c1a1abbf0f6e3fa6ab 100644
--- a/files/apt-unattended-upgrades
+++ b/templates/apt-unattended-upgrades.j2
@@ -1,7 +1,13 @@
 Unattended-Upgrade::Allowed-Origins {
-	"${distro_id}:${distro_codename}";
-	"${distro_id}:${distro_codename}-security";
-	"${distro_id}:${distro_codename}-updates";
+    "${distro_id}:${distro_codename}";
+    "${distro_id}:${distro_codename}-security";
+    "${distro_id}:${distro_codename}-updates";
+    "Docker:${distro_codename}";
+    "elastic:stable";
+{% if inventory_hostname in groups.gitlab %}
+    "packages.gitlab.com/gitlab/gitlab-ce:${distro_codename}";
+    "packages.gitlab.com/runner/gitlab-runner:${distro_codename}";
+{% endif %}
 };
 
 Unattended-Upgrade::Package-Blacklist {};