diff --git a/playbooks/dnf.yml b/playbooks/dnf.yml
new file mode 100644
index 0000000..97b269b
--- /dev/null
+++ b/playbooks/dnf.yml
@@ -0,0 +1,5 @@
+- name: Setup dnf.
+  hosts: dnf
+  roles:
+    - role: dnf
+      become: true
diff --git a/roles/dnf/defaults/main.yml b/roles/dnf/defaults/main.yml
new file mode 100644
index 0000000..fa7447b
--- /dev/null
+++ b/roles/dnf/defaults/main.yml
@@ -0,0 +1,31 @@
+dnf_install_epel: false
+
+# For more information refer to https://github.com/rpm-software-management/dnf/blob/master/doc/automatic.rst
+
+# [commands]
+dnf_install_updates: true
+dnf_download_updates: true
+# one of 'security', 'all',
+dnf_upgrade_type: security
+dnf_random_sleep: 300
+dnf_network_online_timeout: 60
+
+# [emitters]
+dnf_emit_via: stdio
+dnf_system_name: "{{ ansible_nodename }}"
+
+# [command]
+dnf_command_format: cat
+dnf_stdin_format: "{body}"
+
+# [command_email]
+dnf_email_command_format: mail -Ssendwait -s {subject} -r {email_from} {email_to}
+dnf_email_stdin_format: "{body}"
+
+# [email]
+dnf_email_from: root
+dnf_email_to: root
+dnf_email_host: localhost
+
+# [base]
+dnf_base_overrides: {}
diff --git a/roles/dnf/meta/main.yml b/roles/dnf/meta/main.yml
new file mode 100644
index 0000000..54bcdde
--- /dev/null
+++ b/roles/dnf/meta/main.yml
@@ -0,0 +1,27 @@
+galaxy_info:
+  author: histalek
+  description: Configure automatic updates with dnf.
+
+  issue_tracker_url: https://git.histalek.de/histalek-de/infrastructure/-/issues
+
+  license: GPL-3.0-only
+
+  min_ansible_version: "2.10"
+
+  platforms:
+    - name: Fedora
+      versions:
+        - "32"
+        - "33"
+        - "34"
+        - "35"
+        - "36"
+    - name: EL
+      versions:
+        - "9"
+
+  standalone: true
+
+  galaxy_tags: []
+
+dependencies: []
diff --git a/roles/dnf/tasks/main.yml b/roles/dnf/tasks/main.yml
new file mode 100644
index 0000000..610ef69
--- /dev/null
+++ b/roles/dnf/tasks/main.yml
@@ -0,0 +1,35 @@
+- name: Install EPEL repository
+  ansible.builtin.dnf:
+    name: epel-release
+    state: present
+  when: dnf_install_epel
+  become: true
+
+- name: Install dnf-plugin-tracer.
+  ansible.builtin.dnf:
+    name: dnf-plugin-tracer
+    state: present
+  when: ansible_facts['distribution'] == "Fedora"
+  become: true
+
+- name: Install dnf-automatic
+  ansible.builtin.dnf:
+    name: dnf-automatic
+    state: present
+  become: true
+
+- name: Deploy automatic.conf
+  ansible.builtin.template:
+    src: automatic.conf.j2
+    dest: /etc/dnf/automatic.conf
+    mode: '0700'
+    owner: 'root'
+    group: 'root'
+  become: true
+
+- name: Start and enable systemd timer for dnf-automatic
+  ansible.builtin.systemd:
+    name: dnf-automatic.timer
+    state: started
+    enabled: true
+  become: true
diff --git a/roles/dnf/templates/automatic.conf.j2 b/roles/dnf/templates/automatic.conf.j2
new file mode 100644
index 0000000..d1c47af
--- /dev/null
+++ b/roles/dnf/templates/automatic.conf.j2
@@ -0,0 +1,42 @@
+{{ ansible_managed | comment }}
+
+# Ref: https://github.com/rpm-software-management/dnf/blob/master/doc/automatic.rst
+
+[commands]
+
+apply_updates = {{ dnf_install_updates }}
+download_updates = {{ dnf_download_updates }}
+network_online_timeout = {{ dnf_network_online_timeout }}
+random_sleep = {{ dnf_random_sleep }}
+upgrade_type = {{ dnf_upgrade_type }}
+
+[emitters]
+
+emit_via = {{ dnf_emit_via }}
+system_name = {{ dnf_system_name }}
+
+[command]
+
+command_format = {{ dnf_command_format }}
+stdin_format = {{ dnf_stdin_format }}
+
+[command_email]
+
+command_format = {{ dnf_email_command_format }}
+email_from = {{ dnf_email_from }}
+email_to = {{ dnf_email_to }}
+stdin_format = {{ dnf_email_stdin_format }}
+
+[email]
+
+email_from = {{ dnf_email_from }}
+email_host = {{ dnf_email_host }}
+email_to = {{ dnf_email_to }}
+
+[base]
+
+{% if dnf_base_overrides is mapping %}
+{% for key, value in dnf_base_overrides.items() %}
+{{ key }}={{ value }}
+{% endfor %}
+{% endif %}