1. Install the required packages

apt-get install unattended-upgrades apt-listchanges

2. Edit the configuration file

This assumes you will configure the Tor Project's package repository for Debian/Ubuntu, which is documented here.

Put the lines below into the configuration file /etc/apt/apt.conf.d/50unattended-upgrades, everything that was originally inside the generated file can be removed before you add the lines below.

Debian:

Unattended-Upgrade::Origins-Pattern {
    "origin=Debian,codename=${distro_codename},label=Debian-Security";
    "origin=TorProject";
};
Unattended-Upgrade::Package-Blacklist {
};

Ubuntu:

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
    "TorProject:${distro_codename}";
};
Unattended-Upgrade::Package-Blacklist {
};

Debian and Ubuntu:

Update the file /etc/apt/apt.conf.d/20auto-upgrades with the following content

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";

3. Automatically reboot

If you want to automatically reboot add the following at the the end of the file /etc/apt/apt.conf.d/50unattended-upgrades:

Unattended-Upgrade::Automatic-Reboot "true";

4. Test

You can test your unattended-upgrades setup with the following command:

# unattended-upgrade --debug

If you just want to see the debug output but don't change anything use:

# unattended-upgrade --debug --dry-run