diff --git a/playbooks/roles/base/server/files/20auto-upgrades b/playbooks/roles/base/server/files/20auto-upgrades
new file mode 100644
index 0000000000..8d6d7c82fe
--- /dev/null
+++ b/playbooks/roles/base/server/files/20auto-upgrades
@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
diff --git a/playbooks/roles/base/server/tasks/Debian.yaml b/playbooks/roles/base/server/tasks/Debian.yaml
index c93fd00a20..0f94c18afc 100644
--- a/playbooks/roles/base/server/tasks/Debian.yaml
+++ b/playbooks/roles/base/server/tasks/Debian.yaml
@@ -56,6 +56,7 @@
     src: debian_limits.conf
     dest: /etc/security/limits.d/60-nofile-limit.conf
 
+# TODO combine 10periodic and 20auto-upgrades
 - name: Install apt-daily 10periodic file for unattended-upgrades
   copy:
      mode: 0444
@@ -64,6 +65,14 @@
      owner: root
      group: root
 
+- name: Install 20auto-upgrades file for unattended-upgrades
+  copy:
+     mode: 0444
+     src: 20auto-upgrades
+     dest: /etc/apt/apt.conf.d/20auto-upgrades
+     owner: root
+     group: root
+
 - name: Install 50unattended-upgrades file for unattended-upgrades
   copy:
      mode: 0444
diff --git a/testinfra/test_base.py b/testinfra/test_base.py
index 4fde49cb7a..e7b9c566c3 100644
--- a/testinfra/test_base.py
+++ b/testinfra/test_base.py
@@ -97,6 +97,11 @@ def test_unattended_upgrades(host):
         assert cfg_file.contains('^APT::Periodic::Unattended-Upgrade "1"')
         assert cfg_file.contains('^APT::Periodic::RandomSleep "1800"')
 
+        cfg_file = host.file("/etc/apt/apt.conf.d/20auto-upgrades")
+        assert cfg_file.exists
+        assert cfg_file.contains('^APT::Periodic::Update-Package-Lists "1"')
+        assert cfg_file.contains('^APT::Periodic::Unattended-Upgrade "1"')
+
         cfg_file = host.file("/etc/apt/apt.conf.d/50unattended-upgrades")
         assert cfg_file.contains('^Unattended-Upgrade::Mail "root"')