A system maintainers job is to keep everything up-to-date. Especially security updates should get installed as soon as possible.

For those lazy maintainers like me, there is dnf-automatic which keeps the servers up to date. If you have a large set of servers, there are more suitable solutions available, but for my case dnf-automatic would be sufficient.

Install dnf-automatic with

dnf install -y dnf-automatic

now we configure dnf-automatic to automatically install security updates.

# set upgrade type to security to only install security updates, 
# if you'd set it to default it would install all updates.
# non-security updates might need you to intervene more often, 
# so we keep installing them manually
sed -i 's/upgrade_type = .*/upgrade_type = security/g' /etc/dnf/automatic.conf

# set apply_updates to 'yes' otherwise they wouldn't get installed.
sed -i 's/apply_updates = .*/apply_updates = yes/g' /etc/dnf/automatic.conf

to automatically download and install security updates in a defined interval.

Now we can just enable the systemd timer to make it work.

systemctl enable --now dnf-automatic-install.timer