A system maintainers job is to keep everything up-to-date. Especially security updates should get installed as soon as possible.
For those lazy maintainers like me, there is
dnf-automatic which keeps the servers up to date. If you have a large
set of servers, there are more suitable solutions available, but for my case
dnf-automatic would be sufficient.
dnf install -y dnf-automatic
now we configure
dnf-automatic to automatically install security updates.
# set upgrade type to security to only install security updates,
# if you'd set it to default it would install all updates.
# non-security updates might need you to intervene more often,
# so we keep installing them manually
sed -i 's/upgrade_type = .*/upgrade_type = security/g' /etc/dnf/automatic.conf
# set apply_updates to 'yes' otherwise they wouldn't get installed.
sed -i 's/apply_updates = .*/apply_updates = yes/g' /etc/dnf/automatic.conf
to automatically download and install security updates in a defined interval.
Now we can just enable the systemd timer to make it work.
systemctl enable --now dnf-automatic-install.timer