we currently have automated upgrades for the day-to-day debian package upgrades, through unattended-upgrades (#31957). but major upgrades are not scripted, other than ad-hoc commands copy-pasted from an otherwise excellent wiki page. we should automate this. ~~during the %"Debian 12 bookworm upgrade", tor weather suffered a catastrophic failure (#41388) due to a flaw in the postgresql upgrade procedure, so that should probably be our first target: automate that procedure, which would normally keep that kind of problem from occuring again (as we can do error checking better).~~ moved to #41879 but ideally, we'd automate the entire procedure. See also https://wiki.debian.org/AutomatedUpgrade