diff --git a/roles/ynh_config/README-FR.md b/roles/ynh_config/README-FR.md
index bc959f04487dc2e7862055db3a8f17812c47d2a5..ef811bc518eeec976eea92fa53b4a5a196f477b2 100644
--- a/roles/ynh_config/README-FR.md
+++ b/roles/ynh_config/README-FR.md
@@ -26,7 +26,7 @@ ynh_smtp_relay:
Yunohost possède son propre serveur SMTP natif mais il est aussi possible de configurer Yunohost pour qu'il utilise un relais SMTP à la place.
Pour faire cela, créez la variable `ynh_smtp_relay` et mettez vos propres valeurs. Vous pouvez en apprendre plus sur les relais SMTP [ici](https://yunohost.org/fr/administrate/specific_use_cases/email_relay).
-### Configuration des mises à jour
+### Configuration des mises à jour de Yunohost
```yml
# Autoupdate Yunohost and its apps
@@ -50,6 +50,25 @@ Si des mises à jour sont disponibles, elles sont faites automatiquement. En cas
Pour en savoir plus sur le fonctionnement des mises à jour dans Yunohost vous pouvez vous rendre [ici](https://yunohost.org/fr/update). Le changelog des versions de Yunohost est aussi disponible [ici](https://forum.yunohost.org/tag/ynh_release).
+### Configuration des mises à jour du système Debian
+
+```yml
+ynh_autoupdate_scheduled: true
+hifis_ansible_unattended_upgrades_version: v2.0.1
+unattended_mail: "{{ admin_mail }}"
+unattended_mail_only_on_error: true
+unattended_automatic_reboot: true
+unattended_automatic_reboot_time: 01:00
+```
+
+- `ynh_autoupdate_scheduled` : Activer la gestion automatique des mises à jour Debian en mettant la valeur à `true`. Par défaut, la valeur est à `false`. Attention, vous êtes responsables de vos actions sur le serveur. Cette gestion automatisée peut créer des problèmes inattendus avec YunoHost.
+- `hifis_ansible_unattended_upgrades_version` : Vous permet de spécifier la version du rôle Ansible unattended upgrades à utiliser. La version par défaut du rôle est v2.0.1. Vous pouvez vérifier les versions du rôle [ici](https://github.com/hifis-net/ansible-role-unattended-upgrades/releases).
+- `unattended_mail` : Adresse mail à utiliser pour envoyer des informations sur les mises à jour qui ont eu lieues ou s'il y a eu des problèmes. La valeur par défaut est à `false`, ce qui n'envoie pas de mails.
+- `unattended_mail_only_on_error` : Envoie un mail uniquement en cas d'erreur (valeur par défaut, `true`) ou envoie un mail à chaque mise à jour système (valeur à `false`).
+- `unattended_automatic_reboot` : Redémarre le système si des paquets mis à jour en ont besoin.
+- `unattended_automatic_reboot_time` : Vous permet de spécifier l'heure à laquelle redémarrer le système si des paquets mis à jour en ont besoin. L'heure par défaut est réglée à 1h du matin.
+Pour en savoir plus sur le fonctionnement de ce rôle, rendez vous [ici](https://github.com/hifis-net/ansible-role-unattended-upgrades).
+
## Dépendances
Aucune.
diff --git a/roles/ynh_config/README.md b/roles/ynh_config/README.md
index 829ccc54738c760cc7bba11f226a6dcc2699a1f5..4aea843e4b8ff1056bc82baca85fe40837ddfb91 100644
--- a/roles/ynh_config/README.md
+++ b/roles/ynh_config/README.md
@@ -50,6 +50,25 @@ If available, updates are done automatically. In case of problems following an a
To learn more about how updates work in Yunohost you can go [here](https://yunohost.org/fr/update). The changelog of Yunohost versions is also available [here](https://forum.yunohost.org/tag/ynh_release).
+### Configure Debian unattended upgrades
+
+``yml
+ynh_autoupdate_scheduled: true
+hifis_ansible_unattended_upgrades_version: v2.0.1
+unattended_mail: "{{ admin_mail }}"
+unattended_mail_only_on_error: true
+unattended_automatic_reboot: true
+unattended_automatic_reboot_time: 01:00
+```
+
+- `ynh_autoupdate_scheduled`: Enable automatic Debian update management by setting the value to `true`. By default, the value is `false`. Be careful, you are responsible for your actions on the server. This automated management can create unexpected problems with YunoHost.
+- `hifis_ansible_unattended_upgrades_version`: Allows you to specify the version of the Ansible unattended upgrades role to use. The default version of the role is v2.0.1. You can check the versions of the role [here](https://github.com/hifis-net/ansible-role-unattended-upgrades/releases).
+- unattended_mail`: Email address to use to send feedback about upgrades that have been performed or if there have been any issues. The default value is `false`, which does not send mail.
+- unattended_mail_only_error`: Send mail only on error (default is `true`) or send mail on every system update (default is `false`).
+- unattended_automatic_reboot`: Reboot the system if updated packages need it.
+- unattended_automatic_reboot_time`: Allows you to specify the time to reboot the system if updated packages need it. The default time is set to 1am.
+To learn more about how this role works, go [here](https://github.com/hifis-net/ansible-role-unattended-upgrades).
+
## Dependencies
None.
diff --git a/roles/ynh_config/defaults/main.yml b/roles/ynh_config/defaults/main.yml
index 502df6d8d41cca0bbf81fb651606b9de245d7113..1f836270bfd01c905170a139bc0e86bf0d975350 100644
--- a/roles/ynh_config/defaults/main.yml
+++ b/roles/ynh_config/defaults/main.yml
@@ -38,3 +38,12 @@ ynh_autoupdate:
# apps: True
# system: True
# dest_script: "/usr/local/bin/"
+
+# https://galaxy.ansible.com/hifis/unattended_upgrades
+# https://github.com/YunoHost-Apps/unattended_upgrades_ynh
+unattended_upgrade_scheduled: false
+# hifis_ansible_unattended_upgrades_version: v2.0.1
+# unattended_mail: "{{ admin_mail }}"
+# unattended_mail_only_on_error: true
+# unattended_automatic_reboot: true
+# unattended_automatic_reboot_time: 01:00
diff --git a/roles/ynh_config/tasks/main.yml b/roles/ynh_config/tasks/main.yml
index e9d1561d5dd32519af1171caa01c0c09417d786d..25f14582ac521c567a7f7c907089f0344f536580 100644
--- a/roles/ynh_config/tasks/main.yml
+++ b/roles/ynh_config/tasks/main.yml
@@ -26,9 +26,16 @@
- yunohost
- smtp
-- name: Configures Yunohost autoupdate
- ansible.builtin.include_tasks: autoupdate.yml
+- name: Configure Yunohost autoupdate
+ ansible.builtin.include_tasks: ynh_autoupdate.yml
when: ynh_autoupdate.scheduled
tags:
- yunohost
- update
+
+- name: Configure System unattended upgrades
+ ansible.builtin.include_tasks: unattended_upgrade.yml
+ when: unattended_upgrade_scheduled
+ tags:
+ - linux
+ - update
diff --git a/roles/ynh_config/tasks/unattended_upgrade.yml b/roles/ynh_config/tasks/unattended_upgrade.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c6fe32aa52e652cf70aef39e646a51b871e05ec8
--- /dev/null
+++ b/roles/ynh_config/tasks/unattended_upgrade.yml
@@ -0,0 +1,34 @@
+---
+#-----------------------------------------------------------------------------#
+# ansible-yunohost allows to deploy Yunohost using Ansible #
+# Copyright 2021-present Lydra https://www.lydra.fr/ #
+# #
+# this program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# this program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+#-----------------------------------------------------------------------------#
+
+ - name: Download unattended upgrades
+ ansible.builtin.command: ansible-galaxy install hifis.unattended_upgrades,"{{ hifis_ansible_unattended_upgrades_version }}" -p "{{ _ansible_role_directory }}"
+ delegate_to: localhost
+ become: false
+ tags:
+ - linux
+ - update
+
+ - name: Gather facts for the role
+ ansible.builtin.setup:
+
+ - name: Run the role
+ ansible.builtin.include_role:
+ name: hifis_unattended_upgrades
diff --git a/roles/ynh_config/tasks/autoupdate.yml b/roles/ynh_config/tasks/ynh_autoupdate.yml
similarity index 100%
rename from roles/ynh_config/tasks/autoupdate.yml
rename to roles/ynh_config/tasks/ynh_autoupdate.yml
diff --git a/roles/ynh_config/vars/main.yml b/roles/ynh_config/vars/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a4ffd614c72f8c4b67c68627d286f37bfa3bcd30
--- /dev/null
+++ b/roles/ynh_config/vars/main.yml
@@ -0,0 +1,21 @@
+---
+#-----------------------------------------------------------------------------#
+# ansible-yunohost allows to deploy Yunohost using Ansible #
+# Copyright 2021-present Lydra https://www.lydra.fr/ #
+# #
+# this program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# this program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+#-----------------------------------------------------------------------------#
+
+_ansible_role_directory: "~/.ansible/roles"