diff --git a/ansible/playbooks/customize.yml b/ansible/playbooks/customize.yml
index b82f1ba..41c2c80 100644
--- a/ansible/playbooks/customize.yml
+++ b/ansible/playbooks/customize.yml
@@ -49,7 +49,7 @@
     # ── Automatic security updates ─────────────────────────────────────────
     # The upstream role installs unattended-upgrades with security-only updates.
     # We extend it here to enable automatic reboots for kernel/libc updates,
-    # scheduled at 03:30 (after the 03:00 config backup).
+    # scheduled at 04:00 — after the 03:00 backup and the Sunday 03:10 e2scrub.
 
     - name: Ensure unattended-upgrades is installed
       ansible.builtin.apt:
@@ -75,9 +75,9 @@
           Unattended-Upgrade::Remove-Unused-Dependencies "true";
           Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
           Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
-          // Reboot at 03:30 if required (after the 03:00 config backup)
+          // Reboot at 04:00 if required (after 03:00 backup + Sunday 03:10 e2scrub)
           Unattended-Upgrade::Automatic-Reboot "true";
-          Unattended-Upgrade::Automatic-Reboot-Time "03:30";
+          Unattended-Upgrade::Automatic-Reboot-Time "04:00";
       notify: Restart unattended-upgrades
 
     - name: Enable daily apt update and upgrade triggers