Set up unattended upgrades on Raspberry Pis running Debian Bullseye or Bookworm

uu_setup.sh

#!/bin/bash

# Function to setup unattended upgrades based on the Debian version
setup_unattended_upgrades() {
    local debian_version=$1

    sudo apt-get update
    sudo apt-get upgrade -y

    sudo apt-get install unattended-upgrades apt-listchanges -y
    sudo dpkg-reconfigure --priority=low unattended-upgrades

    if [ "$debian_version" == "bullseye" ]; then
        sudo tee /etc/apt/apt.conf.d/50unattended-upgrades > /dev/null <<EOL
// Automatically upgrade packages from these origins
Unattended-Upgrade::Origins-Pattern {
        "o=Debian,a=stable";
        "o=Debian,a=stable-updates";
        "o=Debian,a=proposed-updates";
        "o=Debian,a=stable-backports";
        "o=Raspbian,a=stable";
        "o=Raspbian,a=stable-updates";
};

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
};

// Send email to this address for problems or packages upgrades
//Unattended-Upgrade::Mail "root";

// Set this value to "true" to get emails only on errors.
//Unattended-Upgrade::MailOnlyOnError "true";

// Do automatic removal of unused packages after upgrade
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot WITHOUT CONFIRMATION if the file
// /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "true";
// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
// Default is "now"
//Unattended-Upgrade::Automatic-Reboot-Time "02:00";

// Use apt bandwidth limit feature, this example limits download speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
EOL
    else
        sudo tee /etc/apt/apt.conf.d/50unattended-upgrades > /dev/null <<EOL
// Automatically upgrade packages from these origins
Unattended-Upgrade::Origins-Pattern {
        "o=Debian,a=stable";
        "o=Debian,a=stable-updates";
        "o=Debian,a=proposed-updates";
        "o=Debian,a=stable-backports";
        "o=Raspbian,a=stable";
        "o=Raspbian,a=stable-updates";
};

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
};

// Send email to this address for problems or packages upgrades
//Unattended-Upgrade::Mail "root";

// Set this value to "true" to get emails only on errors.
//Unattended-Upgrade::MailOnlyOnError "true";

// Do automatic removal of unused packages after upgrade
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot WITHOUT CONFIRMATION if the file
// /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "true";
// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
// Default is "now"
//Unattended-Upgrade::Automatic-Reboot-Time "02:00";

// Use apt bandwidth limit feature, this example limits download speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
EOL
    fi

    sudo tee /etc/apt/apt.conf.d/20auto-upgrades > /dev/null <<EOL
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOL

    sudo systemctl enable unattended-upgrades
    sudo systemctl start unattended-upgrades

    echo "Unattended upgrades have been set up successfully for $debian_version."
}

# Prompt user for the Debian version
echo "Please choose your Debian version:"
echo "1. Bullseye"
echo "2. Bookworm (default)"
read -p "Enter your choice (1 or 2): " choice

# Set default to Bookworm if input is empty or invalid
case $choice in
    1)
        setup_unattended_upgrades "bullseye"
        ;;
    2|"")
        setup_unattended_upgrades "bookworm"
        ;;
    *)
        echo "Invalid input. Defaulting to Bookworm."
        setup_unattended_upgrades "bookworm"
        ;;
esac