Did tweaks for a new host, added a publickey for my ipad added an update play, made a couple of scripts, because I am too forgetful to remember the full command. Other stuff too, but I kinda forget all of it.

update.yaml

@@ -0,0 +1,72 @@
+---
+- name: Update and reboot all hosts
+  hosts: all, !stephanie
+  gather_facts: true
+  become: true
+
+  tasks:
+    - name: Perform a dist-upgrade.
+      ansible.builtin.apt:
+        upgrade: dist
+        update_cache: true
+      when: ansible_distribution in debian_derivatives
+    # This is equivalent to: apk update && apk upgrade
+    - name: Update cache and upgrade packages
+      community.general.apk:
+        upgrade: true
+        update_cache: true
+      when: ansible_distribution == "Alpine"
+
+    - name: Check if a reboot is required.
+      ansible.builtin.stat:
+        path: /var/run/reboot-required
+        get_checksum: true
+      register: reboot_required_file
+    # Set a variable for the currently *installed* linux-lts package version.
+    # Importantly, the shell command reformats the package version string using
+    # awk and sed into a string that we can match against what will be reported
+    # by `uname -r`.
+    #
+    # I am no awk or sed expert and perhaps my abomination is overly verbose, but
+    # it works and I can understand it. Longer awk/sed programs tend to confuse me.
+    - name: Register installed linux-lts kernel version
+      register: installed_kernel_version
+      ansible.builtin.shell: |
+        set -o pipefail
+        apk list linux-lts --installed | awk '{ print $1 }' | sed 's/linux-lts-//' | sed 's/-r/\n/g' | awk '{printf("%s-",$0)}' | awk '{printf("%slts", $0)}'
+      changed_when: installed_kernel_version != ""
+      when: ansible_distribution == "Alpine"
+    # Set a variable for the currently *running* linux-lts kernel version. We use
+    # sed to strip off the arch.
+    - name: Register running linux-lts kernel version
+      register: running_kernel_version
+      ansible.builtin.shell: |
+        set -o pipefail
+        uname -r | sed 's/-ARCH//'
+      changed_when: running_kernel_version != ""
+      when: ansible_distribution == "Alpine"
+    # This is debugging output to tell us when the installed kernel version doesn't
+    # match the running kernel version. The real magic happens in the following task.
+    - name: Check installed_kernel_version != running_kernel_version = ???
+      ansible.builtin.debug:
+        msg: "{{ installed_kernel_version.stdout }} !=
+          {{ running_kernel_version.stdout }} =
+          {{ installed_kernel_version.stdout != running_kernel_version.stdout }}"
+      when: ansible_distribution == "Alpine"
+    # Now compare installed_kernel_version with running_kernel_version. When they
+    # don't match, this means that we need to reboot. This is not a very sophisticated
+    # heuristic, but it works.
+    - name: Reboot if the running kernel version is not the installed kernel version
+      ansible.builtin.reboot:
+        reboot_timeout: 30 # These are very simple Alpine servers. They should boot extremely fast.
+      when: (ansible_distribution == "Alpine") and (installed_kernel_version.stdout != running_kernel_version.stdout)
+
+
+    - name: Reboot the server (if required).
+      ansible.builtin.reboot:
+      when: reboot_required_file.stat.exists
+
+    - name: Remove dependencies that are no longer required.
+      ansible.builtin.apt:
+        autoremove: true
+      when: ansible_distribution in debian_derivatives