diff --git a/README.md b/README.md
index 7b4b00a..98400bf 100644
--- a/README.md
+++ b/README.md
@@ -37,10 +37,14 @@ Before you can run our Ansible playbooks, you need to meet the following
 prerequisites:
 
 * Create a DigitalOcean API token, and pass it to the inventory generator by
-  setting the `DO_API_TOKEN` environment variable.
+  setting the `DO_API_TOKEN` environment variable. The API token must have
+  access to the following scopes:
+    - Read: droplet, firewall, monitoring, project, ssh_key
+    - Create: droplet
+    - Update: droplet, monitoring, project
 * If you are creating a new droplet, and want to configure DNS as well, then
-  create a CloudFlare API token, and pass it to the Ansible playbook by setting
-  the `CLOUDFLARE_TOKEN` environment variable.
+  create a CloudFlare API token with DNS edit permissions, and pass it to the
+  Ansible playbook by setting the `CLOUDFLARE_TOKEN` environment variable.
 * Set the vault decryption password of the Ansible vaulted file with our
   secrets. This may be done by setting the `ANSIBLE_VAULT_PASSWORD_FILE`
   environment variable to point to a file containing the password.
@@ -117,7 +121,7 @@ Initial setup
 The summary of the initial setup is:
 
 1. Create the droplet with monitoring and relevant SSH keys.
-2. Assign new droplet to the matplotlib.org project and the Web firewall.
+2. Assign new droplet to the matplotlib.org project.
 3. Add DNS entries pointing to the server on CloudFlare.
 4. Grab the SSH host fingerprints.
 5. Reboot.
@@ -144,7 +148,8 @@ ansible-playbook create.yml --extra-vars "host=pluto functional=web99 ssh_keys='
 
 The playbook will create the server, as well as add DNS records on CloudFlare.
 Note, you must set `DO_API_TOKEN` and `CLOUDFLARE_TOKEN` in the environment to
-access these services.
+access these services. The droplet ID and IP address will be printed at the
+end of the playbook.
 
 Then, to ensure you are connecting to the expected server, you should grab the
 SSH host keys via the DigitalOcean Droplet Console:
@@ -159,16 +164,21 @@ Note down the outputs to verify later, e.g.,
 
 ```
 # Use these for comparison when connecting yourself.
-1024 SHA256:J2sbqvhI/VszBtVvPabgxyz6sRnGLrZUn0kqfv4doAM root@mercury.matplotlib.org (DSA)
-256 SHA256:J0rOMayXhL1+5wbm4WQNpAvmscDjqwJjAtk1SLemRMI root@mercury.matplotlib.org (ECDSA)
-256 SHA256:y8EDRGMpLWOW72x47MVKsAfSAl8JHjsOc/RGaiMTPGs root@mercury.matplotlib.org (ED25519)
-3072 SHA256:AyuNO8FES5k9vobv0Pu9XpvtjVFZ1bTTNxb1lo+AuRA root@mercury.matplotlib.org (RSA)
+256 SHA256:p6MiA8+IO1WcpXHDOQ4rhiVCo+MDxWB7ehfNfxvbDkU root@venus.matplotlib.org (ECDSA)
+256 SHA256:RfDahJqnQFLeFN+zl9f+hmB+W05OoZK26NfNQkj6KtY root@venus.matplotlib.org (ED25519)
+3072 SHA256:tYwdULlz5/XP5Ze7PCj9XpO3VIMEZkiOiFuhr9nke34 root@venus.matplotlib.org (RSA)
 ```
 
 Finally, you should reboot the droplet. This is due to a bug in cloud-init on
 DigitalOcean, which generates a new machine ID after startup, causing system
 logs to be seem invisible.
 
+This can be done from the Console, or via the CLI:
+
+```
+doctl compute droplet-action reboot <droplet-id>
+```
+
 Running Ansible
 ---------------
 
diff --git a/collections/requirements.yml b/collections/requirements.yml
index 4a795f3..712d59b 100644
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@@ -2,5 +2,5 @@
 collections:
   - name: ansible.posix
   - name: community.general
-    version: ">=2.0.0"
+    version: ">=8.0.0"
   - name: community.digitalocean
diff --git a/create.yml b/create.yml
index ea0a501..47a4a0a 100644
--- a/create.yml
+++ b/create.yml
@@ -91,9 +91,7 @@
       community.digitalocean.digital_ocean_droplet:
         state: present
         name: "{{ host }}.matplotlib.org"
-        firewall:
-          - Web
-        image: fedora-39-x64
+        image: fedora-41-x64
         monitoring: true
         project: matplotlib.org
         region: tor1
@@ -117,6 +115,8 @@
             map(attribute='ip_address') |
             first
           }}
+        tags:
+          - website
         zone: matplotlib.org
 
     - name: Setup functional DNS for droplet on CloudFlare
@@ -126,8 +126,23 @@
         record: "{{ functional }}"
         type: CNAME
         value: "{{ host }}.matplotlib.org"
+        tags:
+          - website
         zone: matplotlib.org
 
+    - name: Print droplet info
+      ansible.builtin.debug:
+        msg:
+          - "Droplet ID is {{ new_droplet.data.droplet.id }}"
+          - >-
+              First Public IPv4 is {{
+                (new_droplet.data.droplet.networks.v4 | selectattr('type', 'equalto', 'public')).0.ip_address |
+                default('<none>', true) }}
+          - >-
+              First Private IPv4 is {{
+                (new_droplet.data.droplet.networks.v4 | selectattr('type', 'equalto', 'private')).0.ip_address |
+                default('<none>', true) }}
+
   vars:
     # We currently name servers based on planets in the Solar System.
     valid_planets:
diff --git a/files/dnf5-automatic.conf b/files/dnf5-automatic.conf
new file mode 100644
index 0000000..5d40e60
--- /dev/null
+++ b/files/dnf5-automatic.conf
@@ -0,0 +1,2 @@
+[commands]
+apply_updates = yes
diff --git a/matplotlib.org.yml b/matplotlib.org.yml
index dee35ab..f9be944 100644
--- a/matplotlib.org.yml
+++ b/matplotlib.org.yml
@@ -45,7 +45,7 @@
         - name: Install server maintenance
           ansible.builtin.dnf:
             name:
-              - dnf-automatic
+              - dnf5-plugin-automatic
               - fail2ban
             state: present
 
@@ -63,8 +63,8 @@
             name:
               - golang-github-prometheus
               - golang-github-prometheus-alertmanager
-              - golang-github-prometheus-node-exporter
               - grafana
+              - node-exporter
               # Remove this when Loki is packaged.
               - podman
             state: present
@@ -77,9 +77,14 @@
 
     # Automatic updates
     # #################
+    - name: Configure automatic updates
+      ansible.builtin.copy:
+        src: dnf5-automatic.conf
+        dest: /etc/dnf/dnf5-plugins/automatic.conf
+
     - name: Enable automatic updates
       ansible.builtin.systemd:
-        name: dnf-automatic-install.timer
+        name: dnf5-automatic.timer
         enabled: true
         state: started
 

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/matplotlib/matplotlib.org/pull/45.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/matplotlib/matplotlib.org/pull/45.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/matplotlib/matplotlib.org/pull/45.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/matplotlib/matplotlib.org/pull/45.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>