If it’s a personal server that can manage being down for 15min or so. You could just setup auto updates with email if anything goes wrong and reboot off hours. Containers also make it less risky although it does fail to update every once in a great while.
The auto updates tools in Debian does allow you to specify security only or security and packages but not kernel. Mix and match, specify a version to stay on, include back ports, etc.
If it’s a personal server that can manage being down for 15min or so. You could just setup auto updates with email if anything goes wrong and reboot off hours. Containers also make it less risky although it does fail to update every once in a great while.
All of that can also be tested in a preproduction environment as well, downtime is really a poor excuse for not patching
The auto updates tools in Debian does allow you to specify security only or security and packages but not kernel. Mix and match, specify a version to stay on, include back ports, etc.