diff --git a/ansible/playbooks/os.automatic-upgrades.setup.yml b/ansible/playbooks/os.automatic-upgrades.setup.yml
new file mode 100644
index 0000000..037938d
--- /dev/null
+++ b/ansible/playbooks/os.automatic-upgrades.setup.yml
@@ -0,0 +1,49 @@
+---
+
+- name: Configure automatic updates
+  tags: configure_automatic_updates
+  hosts: all
+  tasks:
+    - name: Configure 'unattended-upgrades' on APT-based systems
+      when: ansible_pkg_mgr | lower == 'apt'
+      block:
+        - name: Install 'unattended-upgrades'
+          become: true
+          ansible.builtin.apt:
+            name: unattended-upgrades
+            install_recommends: false
+            update_cache: true
+        - name: Configure 'unattended-upgrades'
+          become: true
+          ansible.builtin.copy:
+            dest: /etc/apt/apt.conf.d/20auto-upgrades
+            content: |-
+              APT::Periodic::Update-Package-Lists "1";
+              APT::Periodic::Unattended-Upgrade "1";
+            owner: root
+            group: root
+            mode: u=rw,g=r,o=r
+            backup: true
+        - name: Test configuration with a dry run
+          tags:
+            - never
+            - test_unattended_upgrades
+          become: true
+          ansible.builtin.command: unattended-upgrade --dry-run
+    - name: Configure 'unattended-upgrades' on DNF and YUM-based systems
+      when: ansible_pkg_mgr | lower in ['dnf', 'yum']
+      block:
+        - name: Install a cron daemon
+          become: true
+          ansible.builtin.package:
+            name: chrony
+        - name: Create the cron job
+          ansible.builtin.copy:
+            dest: /etc/cron.daily/security-updates
+            content: |-
+              #!/bin/bash
+              {{ ansible_pkg_mgr }} -y upgrade --bugfix --security
+            owner: root
+            group: root
+            mode: u=rwx,g=rx,o=rx
+            backup: true
diff --git a/knowledge base/apt.md b/knowledge base/apt.md
index 6ed137a..e2fb838 100644
--- a/knowledge base/apt.md	
+++ b/knowledge base/apt.md	
@@ -90,11 +90,14 @@ EOF
 Leverage `unattended-upgrades` for this.
 
 ```sh
-# Configure the packages to keep up to date.
+# Install the tool.
+sudo apt install 'unattended-upgrades'
+
+# Configure self updating.
 sudo dpkg-reconfigure -p 'low' 'unattended-upgrades'
 
-# Check what packages would be installed.
-sudo unattended-upgrade -d --dry-run
+# Check what packages would be installed or upgraded.
+sudo unattended-upgrade --debug --dry-run
 
 # Run manually.
 sudo unattended-upgrade
@@ -184,7 +187,8 @@ sudo apt update
          100 /var/lib/dpkg/status
    ```
 
-1. The package might depend on other packages which are not upgradable at the moment, i.e. their current version might be required by other packages.<br/>
+1. The package might depend on other packages which are not upgradable at the moment, i.e. their current version might
+   be required by other packages.<br/>
    Try installing/upgrading it specifying the desired release and version of the package:
 
    ```sh
@@ -230,15 +234,10 @@ All the references in the [further readings] section, plus the following:
 - [Fix a "Problem with MergeList" or "status file could not be parsed" error]
 
 <!--
-  References
+  Reference
+  ═╬═Time══
   -->
 
-<!-- Upstream -->
-[apt configuration]: https://wiki.debian.org/AptConfiguration
-[apt_preferences man page]: https://manpages.debian.org/testing/apt/apt_preferences.5.en.html
-[configuring apt sources]: https://wiki.debian.org/SourcesList
-[unattended upgrades]: https://wiki.debian.org/UnattendedUpgrades
-
 <!-- In-article sections -->
 [further readings]: #further-readings
 
@@ -247,6 +246,12 @@ All the references in the [further readings] section, plus the following:
 [dpkg]: dpkg.md
 [netselect-apt]: netselect-apt.md
 
+<!-- Upstream -->
+[apt configuration]: https://wiki.debian.org/AptConfiguration
+[apt_preferences man page]: https://manpages.debian.org/testing/apt/apt_preferences.5.en.html
+[configuring apt sources]: https://wiki.debian.org/SourcesList
+[unattended upgrades]: https://wiki.debian.org/UnattendedUpgrades
+
 <!-- Others -->
 [cheat.sh]: https://cheat.sh/apt
 [fix a "problem with mergelist" or "status file could not be parsed" error]: https://askubuntu.com/questions/30072/how-do-i-fix-a-problem-with-mergelist-or-status-file-could-not-be-parsed-err#30199
diff --git a/snippets/dnf.sh b/snippets/dnf.sh
index 565ba02..533dfa3 100644
--- a/snippets/dnf.sh
+++ b/snippets/dnf.sh
@@ -4,14 +4,15 @@ sudo dnf makecache
 
 sudo dnf list --available --showduplicates 'gitlab-runner'
 
-sudo dnf check-update --bugfix --security
-
 sudo dnf install 'https://prerelease.keybase.io/keybase_amd64.rpm'
 sudo dnf --assumeyes install 'git-lfs'
 sudo dnf --assumeyes install \
 	"https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" \
 	"https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
 
+sudo dnf check-update --bugfix --security
+sudo dnf check-update --releasever='2023.7.20250609' --allowerasing --changelogs
+
 sudo dnf upgrade --security --sec-severity 'Critical' --downloadonly
 sudo dnf -y upgrade --security --nobest --sec-severity 'Important'