Self-Driving Debian


December 1st, 2019

For my home server I’ve come to appreciate using it rather than maintaining it 😏

After replacing some parts starting over I really wanted it to be fully “self-driving” to the extent possible – primarily meaning totally unattended and automatic updates. No manual maintenance.

Automated Updates

Debian 10 “Buster” 🐢 ships with the unattended-upgrades package installed out of the box, but it needs a little configuring to achieve what we want.


The Debian wiki page for this unattended upgrades is pretty good, starting from there I’ve hacked up a basic configuration to do this.

Running the following bash snippet as root (su) will configure this:

 1#!/usr/bin/env bash
 2# this scipt configures debian to automatically upgrade all the things
 3set -o errexit -o nounset -o pipefail
 5# configure options for automatic updates
 6cat <<EOF >/etc/apt/apt.conf.d/50unattended-upgrades
 7Unattended-Upgrade::Origins-Pattern {
 8        // auto-upgrade all the things
 9        "origin=*";
12// cleanup unused dependencies
13Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
14Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
15Unattended-Upgrade::Remove-Unused-Dependencies "true";
17// Automatically reboot when necessary, even if users are logged in
18Unattended-Upgrade::Automatic-Reboot "true";
19Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
22# configure upgrade interval
23cat <<EOF >/etc/apt/apt.conf.d/20auto-upgrades
24APT::Periodic::Update-Package-Lists "1";
25APT::Periodic::Download-Upgradeable-Packages "1";
26APT::Periodic::AutocleanInterval "7";
27APT::Periodic::Unattended-Upgrade "1";
30# go ahead and upgrade once
31unattended-upgrade -d

Automated Everything

To achieve the rest of “self-driving” I’ve embarked on the time-honored tradition of writing a bunch of custom shell scripts to automate configuring / provisioning my setup. :bash:

None of this should be particularly surprising, but I think it bears re-iterating:


I should also note: I am not yet using Kubernetes for the initial (re)setup unlike last time. For a single-node, single-admin server in my apartment running a few simple services I expect less maintenance without it currently.

I’ll revisit this when my usage changes such that leveraging it is more favorable, or when a GKE-like upgrade experience becomes available for my lowly home usage.

The promise of my computers truly working for me still eludes me … I’ve noticed that a few computing devices manage to do this (e.g. chromecasts), but generally I still feel like I spend way too much time updatinng computers, doing their bidding.

Someday we’ll all have self-driving computing, and then us software developers can focus on making it all too complicated again πŸ™ƒ