diff --git a/system/base/unattended_upgrades/defaults/main.yml b/system/base/unattended_upgrades/defaults/main.yml
new file mode 100644
index 0000000..1d4b3a9
--- /dev/null
+++ b/system/base/unattended_upgrades/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+system_base_unattended_upgrades_n_days: 1
+system_base_unattended_upgrades_blacklist: []
diff --git a/system/base/unattended_upgrades/files/20auto-upgrades b/system/base/unattended_upgrades/files/20auto-upgrades
deleted file mode 100644
index 8d6d7c8..0000000
--- a/system/base/unattended_upgrades/files/20auto-upgrades
+++ /dev/null
@@ -1,2 +0,0 @@
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Unattended-Upgrade "1";
diff --git a/system/base/unattended_upgrades/meta/argument_specs.yml b/system/base/unattended_upgrades/meta/argument_specs.yml
new file mode 100644
index 0000000..38df4f5
--- /dev/null
+++ b/system/base/unattended_upgrades/meta/argument_specs.yml
@@ -0,0 +1,11 @@
+---
+argument_specs:
+  main:
+    options:
+      system_base_unattended_upgrades_n_days:
+        type: "int"
+        required: true
+      system_base_unattended_upgrades_blacklist:
+        type: "list"
+        elements: "str"
+        required: true
diff --git a/system/base/unattended_upgrades/tasks/main.yml b/system/base/unattended_upgrades/tasks/main.yml
index ee77d8b..b9e9b24 100644
--- a/system/base/unattended_upgrades/tasks/main.yml
+++ b/system/base/unattended_upgrades/tasks/main.yml
@@ -4,13 +4,13 @@
     name: "unattended-upgrades"
 
 - name: "configure unattended-upgrades"
-  ansible.builtin.copy:
-    src: "./50unattended-upgrades"
+  ansible.builtin.template:
+    src: "./50unattended-upgrades.j2"
     dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
     mode: 0644
 
 - name: "enable unattended-upgrades"
-  ansible.builtin.copy:
-    src: "./20auto-upgrades"
+  ansible.builtin.template:
+    src: "./20auto-upgrades.j2"
     dest: "/etc/apt/apt.conf.d/20auto-upgrades"
     mode: 0644
diff --git a/system/base/unattended_upgrades/templates/20auto-upgrades.j2 b/system/base/unattended_upgrades/templates/20auto-upgrades.j2
new file mode 100644
index 0000000..0d09e70
--- /dev/null
+++ b/system/base/unattended_upgrades/templates/20auto-upgrades.j2
@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "{{ system_base_unattended_upgrades_n_days }}";
+APT::Periodic::Unattended-Upgrade "{{ system_base_unattended_upgrades_n_days }}";
diff --git a/system/base/unattended_upgrades/files/50unattended-upgrades b/system/base/unattended_upgrades/templates/50unattended-upgrades.j2
similarity index 98%
rename from system/base/unattended_upgrades/files/50unattended-upgrades
rename to system/base/unattended_upgrades/templates/50unattended-upgrades.j2
index 69ad7b6..cb63f2b 100644
--- a/system/base/unattended_upgrades/files/50unattended-upgrades
+++ b/system/base/unattended_upgrades/templates/50unattended-upgrades.j2
@@ -44,6 +44,9 @@ Unattended-Upgrade::Origins-Pattern {
 
 // Python regular expressions, matching packages to exclude from upgrading
 Unattended-Upgrade::Package-Blacklist {
+{% for package_regex in system_base_unattended_upgrades_blacklist %}
+    "{{ package_regex }}";
+{% endfor %}
     // The following matches all packages starting with linux-
 //  "linux-";