re-do allow apt to perform security updates on its own

Move this into system.sh rather than anagement.sh.

This reverts commit eab28c97ff.

setup/system.sh

@@ -11,18 +11,22 @@ hide_output apt-get -y upgrade
 #	haveged: Provides extra entropy to /dev/random so it doesn't stall
 #	         when generating random numbers for private keys (e.g. during
 #	         ldns-keygen).
+#	unattended-upgrades: Apt tool to install security updates automatically.
+#   	ntp: keeps the system time correct
+#   	fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
 
-apt_install python3 python3-pip wget curl bind9-host haveged
+apt_install python3 python3-pip \
+	wget curl bind9-host \
+	haveged unattended-upgrades ntp fail2ban
 
-# Turn on basic services:
-#
-#   ntp: keeps the system time correct
-#
-#   fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
-#
-# These services don't need further configuration and are started immediately after installation.
+# Allow apt to install system updates automatically every day.
 
-apt_install ntp fail2ban
+cat > /etc/apt/apt.conf.d/02periodic <<EOF;
+APT::Periodic::MaxAge "7";
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+APT::Periodic::Verbose "1";
+EOF
 
 if [ -z "$DISABLE_FIREWALL" ]; then
 	# Turn on the firewall. First allow incoming SSH, then turn on the firewall.