#!/usr/bin/env -S ansible-playbook
---
- hosts: localhost,all
  become: true
  tasks:
    - block:
        - name: needs-restarting command
          copy:
            content: |
              #!/bin/bash

              [ ! -f /var/run/reboot-required ]
            dest: /usr/local/bin/needs-restarting
            mode: 0755

        - name: unattended-upgrades installed
          apt:
            name: unattended-upgrades
            state: present

        - name: periodic updates disabled
          file:
            path: "{{ item }}"
            state: absent
          loop:
            - /etc/apt/apt.conf.d/20auto-upgrades
            - /etc/apt/apt.conf.d/02periodic
      when: ansible_os_family == 'Debian'

    - name: needs-restarting command
      dnf: name=yum-utils state=present
      when: (ansible_os_family == 'RedHat')

    - name: reboot required?
      command: needs-restarting -r
      register: result
      changed_when: result['rc'] == 1
      failed_when: result['rc'] > 1
...