diff --git a/main.yml b/main.yml
index db233a9..fa26049 100644
--- a/main.yml
+++ b/main.yml
@@ -16,5 +16,20 @@
         cache_valid_time: 3600
         autoclean: true
 
+    - name: Ensure unattended-upgrades is installed and up to date
+      apt:
+        name: unattended-upgrades
+        state: latest
+
+    - name: Setup unattended-upgrades
+      include_role:
+        name: ansible-role-unattended-upgrades
+      vars:
+        unattended_origins_patterns:
+          - 'origin=Debian,archive=buster-security'
+          - 'o=Debian,a=buster-updates'
+        unattended_package_blacklist: [cowsay]
+        unattended_mail: 'root'
+
     - name: Setup httpd
       include_tasks: tasks/httpd.yml