diff --git a/roles/debian_server/files/daily b/roles/debian_server/files/daily
new file mode 100755
index 0000000000000000000000000000000000000000..0bf6a9c74f9bfab678c04e15aa1ce8ea5e002351
--- /dev/null
+++ b/roles/debian_server/files/daily
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -eu
+
+apt-get update
+apt-get dist-upgrade --download-only --yes
+apt-get autoclean
+
+if command -v flatpak >/dev/null 2>&1
+then
+    flatpak --system update --appstream
+    flatpak --system update --assumeyes
+    flatpak --system uninstall --unused --assumeyes
+fi
diff --git a/roles/debian_server/files/update.service b/roles/debian_server/files/update.service
new file mode 100644
index 0000000000000000000000000000000000000000..c9bcee66a1c9ab98419ddf38fbabb6db4811e58d
--- /dev/null
+++ b/roles/debian_server/files/update.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Background system updates
+ConditionACPower=true
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=daily
diff --git a/roles/debian_server/files/update.timer b/roles/debian_server/files/update.timer
new file mode 100644
index 0000000000000000000000000000000000000000..58c705d4d72c2a1b8b1b1e0706d4e03053d72cee
--- /dev/null
+++ b/roles/debian_server/files/update.timer
@@ -0,0 +1,8 @@
+[Unit]
+Description=Background system updates
+
+[Timer]
+OnCalendar=daily
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/debian_server/tasks/main.yml b/roles/debian_server/tasks/main.yml
index 578f4ca9d70c925dd9d90c3a592b32ffc8772d56..ece8e1bbb45cdd77b6386640554f3612792ea6c0 100644
--- a/roles/debian_server/tasks/main.yml
+++ b/roles/debian_server/tasks/main.yml
@@ -208,3 +208,36 @@
     mode: preserve
     owner: root
     src: btrfs-backup
+
+- name: Mail aliases
+  loop:
+    - root
+    - nimrod
+  ansible.builtin.lineinfile:
+    backup: true
+    create: true
+    line: '{{ item }}: {{ item }}@shore.co.il'
+    path: /etc/aliases
+    regexp: '^{{ item }}:'
+    state: present
+
+- name: Copy update script
+  ansible.builtin.copy:
+    dest: /usr/local/sbin/daily
+    mode: 0o0755
+    src: daily
+
+- name: Copy update service and timer
+  loop:
+    - update.service
+    - update.timer
+  ansible.builtin.copy:
+    dest: /etc/systemd/system
+    mode: 0o0644
+    src: '{{ item }}'
+
+- name: Enable the update timer
+  ansible.builtin.systemd:
+    enabled: true
+    name: update.timer
+    state: started