diff --git a/roles/arch_update/tasks/aur_rebuild.yaml b/roles/arch_update/tasks/aur_rebuild.yaml
index 8aa4ca5..bb4f61f 100644
--- a/roles/arch_update/tasks/aur_rebuild.yaml
+++ b/roles/arch_update/tasks/aur_rebuild.yaml
@@ -1,14 +1,17 @@
-- name:  Get list of AUR Python packages that need to be rebuilt
+- name: Get list of AUR Python packages that need to be rebuilt
   ansible.builtin.shell:
     cmd:
       comm -12 <(pactree -lrud1 {{ package_pattern }} | sort -u) <(pacman -Qqm | sort -u)
+    executable: /bin/bash
   register: aur_packages
-- name:  Rebuild AUR Python packages
+  changed_when: false
+  failed_when: false
+
+- name: Rebuild AUR Python packages
   aur:
-    use:  "{{ aur_helper }}"
-    name:  '{{ item }}'
-    aur_only:  true
-    extra_args:  --rebuild
-  loop:  '{{ aur_packages.stdout.split() }}'
-
-
+    use: "{{ aur_helper }}"
+    name: '{{ item }}'
+    aur_only: true
+    extra_args: --rebuild
+  loop: '{{ aur_packages.stdout_lines | default([]) }}'
+  when: aur_packages.stdout_lines | default([]) | length > 0
diff --git a/roles/arch_update/tasks/repo_upgrade.yaml b/roles/arch_update/tasks/repo_upgrade.yaml
index fd9a8e9..651d1a7 100644
--- a/roles/arch_update/tasks/repo_upgrade.yaml
+++ b/roles/arch_update/tasks/repo_upgrade.yaml
@@ -6,12 +6,10 @@
     upgrade: true
     extra_args: "--noconfirm"
   register: arch_upgrade_result
-  #- name: Debug full Arch upgrade output
-  #  ansible.builtin.debug:
-  #    var: arch_upgrade_result
   failed_when: 
     - arch_upgrade_result.failed == true
-    # We ignore the failure if it's just 'nothing to do', 
-  #  # but otherwise, we let it fail so you can step in.
-    - "'Nothing to upgrade' not in arch_upgrade_result.msg"
+    - "'there is nothing to do' not in (arch_upgrade_result.stdout | default('') | lower)"
+- name: Debug full Arch upgrade output
+  ansible.builtin.debug:
+    var: arch_upgrade_result
 
diff --git a/roles/debian_update/tasks/apt_upgrade.yaml b/roles/debian_update/tasks/apt_upgrade.yaml
deleted file mode 100644
index 3eb3260..0000000
--- a/roles/debian_update/tasks/apt_upgrade.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: Full system upgrade
-  become: true
-  ansible.builtin.apt:
-    update_cache: true
-    upgrade:  full
diff --git a/roles/debian_update/tasks/main.yaml b/roles/debian_update/tasks/main.yaml
index 63237ec..1706f22 100644
--- a/roles/debian_update/tasks/main.yaml
+++ b/roles/debian_update/tasks/main.yaml
@@ -1,2 +1,6 @@
-- name: Perform official repository updates
-  ansible.builtin.import_tasks: apt_upgrade.yaml
+---
+- name: Full system upgrade
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+    upgrade: full
diff --git a/roles/reboot/files/check_reboot.zsh b/roles/reboot/files/check_reboot.sh
old mode 100644
new mode 100755
similarity index 99%
rename from roles/reboot/files/check_reboot.zsh
rename to roles/reboot/files/check_reboot.sh
index 8ff7599..9e2ca74
--- a/roles/reboot/files/check_reboot.zsh
+++ b/roles/reboot/files/check_reboot.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env zsh
+#!/usr/bin/env bash
 
 # Exit code 0 = Reboot required
 # Exit code 1 = System is up to date / No reboot needed
diff --git a/roles/reboot/handlers/main.yaml b/roles/reboot/handlers/main.yaml
index 94733f0..2e91f64 100644
--- a/roles/reboot/handlers/main.yaml
+++ b/roles/reboot/handlers/main.yaml
@@ -5,6 +5,7 @@
     name: mollyguard.service
     state: stopped
   listen: Reboot system
+  failed_when: false
 
 - name: Execute System Reboot
   become: true
diff --git a/roles/reboot/tasks/main.yaml b/roles/reboot/tasks/main.yaml
index dde1672..b2e0956 100644
--- a/roles/reboot/tasks/main.yaml
+++ b/roles/reboot/tasks/main.yaml
@@ -1,6 +1,6 @@
 ---
 - name: Check if kernel or microcode update requires reboot
-  ansible.builtin.script: check_reboot.zsh  # Your script placed in files/
+  ansible.builtin.script: check_reboot.sh  # Your script placed in files/
   register: reboot_check
   # Prevent Ansible from failing if the script returns false (exit code 1)
   failed_when: false
diff --git a/systemd-creds.yaml b/systemd-creds.yaml
index 4377469..c5a04e6 100644
--- a/systemd-creds.yaml
+++ b/systemd-creds.yaml
@@ -22,6 +22,6 @@
     - name:  Create override
       ansible.builtin.shell:
         cmd: |
-          printf {{ passphrase }} | (echo "[Service]"; systemd-creds encrypt --name={{ creds_name }} --pretty - -) >> /etc/systemd/system/shared.d/00-systemd-creds.conf
+          printf '%s' {{ passphrase | quote }} | (echo "[Service]"; systemd-creds encrypt --name={{ creds_name }} --pretty - -) >> /etc/systemd/system/shared.d/00-systemd-creds.conf
           printf "Environment=%s=%%d/%s\n" {{ creds_var }} {{ creds_name }} >> /etc/systemd/system/shared.d/00-systemd-creds.conf
         #creates:  /etc/systemd/system/shared.d/00-systemd-creds.conf