diff --git a/files/apt-auto-upgrades b/files/apt-auto-upgrades
new file mode 100644
index 0000000000000000000000000000000000000000..8d6d7c82fe3fa66362f868eed98fe5c841594c52
--- /dev/null
+++ b/files/apt-auto-upgrades
@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
diff --git a/tasks/main.yml b/tasks/main.yml
index 3783e2aacd3bb39f555447c710a3102693768494..85366fcdbe86d1db76c6915140b1c98d1d80bb28 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,7 +15,7 @@
 - name: Never include APT phased update
   copy:
     src: apt-phased-updates
-    dest:  /etc/apt/apt.conf.d/99-Phased-Updates
+    dest: /etc/apt/apt.conf.d/99-Phased-Updates
     owner: root
     group: root
     mode: '0644'
@@ -82,7 +82,7 @@
 - name: Copy nosnap file
   copy:
     src: nosnap
-    dest:  /etc/apt/preferences.d/nosnap
+    dest: /etc/apt/preferences.d/nosnap
     owner: root
     group: root
     mode: '0644'
@@ -104,6 +104,15 @@
   when: ansible_os_family == "Debian" and inventory_hostname in groups.maintenance_contract
   tags: unattended-upgrade
 
+- name: enable apt auto upgrades
+  copy:
+    src: apt-auto-upgrades
+    dest: /etc/apt/apt.conf.d/20auto-upgrades
+    owner: root
+    group: root
+    mode: '0644'
+  when: ansible_os_family == "Debian"
+
 - name: Copy Unattended Upgrades configuration
   template:
     src: 'apt-unattended-upgrades.j2'