diff --git a/CHANGELOG.md b/CHANGELOG.md
index 54bf352..0c18bb5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,4 +11,4 @@
 * Ensure to never remove some packages pattern.
 * Manage general, periodic and dpkg config files.
 * Purge default configuration files sets by others apps.
-* Manage `unattended-upgrades`.
+* Manage `unattended-upgrades` (package and config).
diff --git a/README.md b/README.md
index 25dbaca..c15bf2e 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@ Manage APT repos, preferences and configuration for IPR's servers.
 * **apt_old_pkg_state** : State of old packages [default : `absent`].
 * **apt_old_pkg_manage** : If those old packages should be managed by the role [default : `true`].
 * **apt_unattended_upgrades** : If `unattended-upgrades` should be managed by the role [default : `yes`].
+* **apt_unattended_upgrades_blacklist** : List of packages to not update (regexp are supported) [default : `[]`].
 
 ## Example Playbook
 
@@ -49,11 +50,12 @@ Manage APT repos, preferences and configuration for IPR's servers.
 ## Configuration
 
 ### APT Configuration
-- Ensure to never remove some packages pattern.
-- Set general APT configurations.
-- Set periodic actions.
-- Set dpkg default values.
-- Purge default configuration files sets by others apps.
+* Ensure to never remove some packages pattern.
+* Set general APT configurations.
+* Set periodic actions.
+* Set dpkg default values.
+* Set unattended-upgrades config.
+* Purge default configuration files sets by others apps.
 
 ### Sources List
 Manage Debian's sources.list :
diff --git a/defaults/main.yml b/defaults/main.yml
index 8342e3a..ed7ed27 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -36,3 +36,4 @@ apt_old_pkg_manage: true
 
 # unattended-upgrades
 apt_unattended_upgrades: yes
+apt_unattended_upgrades_blacklist: []
diff --git a/tasks/config.yml b/tasks/config.yml
index ba1975f..95f4113 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -23,6 +23,17 @@
   with_items:
     - "etc/apt/apt.conf.d/20dpkg.conf"
 
+- name: CONFIG unattended-upgrades
+  template:
+    src: "{{ item }}.j2"
+    dest: "/{{ item }}"
+    owner: root
+    group: root
+    mode: 0644
+  with_items:
+    - "etc/apt/apt.conf.d/50unattended-upgrades.conf"
+  when: apt_unattended_upgrades
+
 - name: CONFIG purge default config
   file:
     path: "/etc/apt/apt.conf.d/{{ item }}"
diff --git a/templates/etc/apt/apt.conf.d/50unattended-upgrades.conf.j2 b/templates/etc/apt/apt.conf.d/50unattended-upgrades.conf.j2
new file mode 100644
index 0000000..350c84d
--- /dev/null
+++ b/templates/etc/apt/apt.conf.d/50unattended-upgrades.conf.j2
@@ -0,0 +1,30 @@
+# {{ ansible_managed }}
+
+# Automatically upgrade packages from these (origin:archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+	"${distro_id}:${distro_codename}-security";
+	#"${distro_id}:${distro_codename}-updates";
+	#"${distro_id}:${distro_codename}-proposed";
+	#"${distro_id}:${distro_codename}-backports";
+};
+
+# List of packages to not update (regexp are supported)
+Unattended-Upgrade::Package-Blacklist {
+{% for package in apt_unattended_upgrades_blacklist %}
+	"{{ package }}";
+{% endfor %}
+};
+
+# Send email to this address for problems or packages upgrades
+# If empty or unset then no email is sent, make sure that you
+# have a working mail setup on your system. A package that provides
+# 'mailx' must be installed. E.g. "user@example.com"
+Unattended-Upgrade::Mail "root";
+
+# Set this value to "true" to get emails only on errors. Default
+# is to always send a mail if Unattended-Upgrade::Mail is set
+Unattended-Upgrade::MailOnlyOnError "true";
+
+# Do automatic removal of new unused dependencies after the upgrade
+# (equivalent to apt-get autoremove)
+#Unattended-Upgrade::Remove-Unused-Dependencies "false";