Investigate kexec for quicker and less painful reboots
PrivateStorageio regularly is running on old kernels and holds on to some very old software due to us updating it frequently, but seldomly rebooting. Rebooting currently is a drag and incurs downtime because we manually have to upload the secrets after a reboot. We could try to skip a full reboot and instead execute the new kernel in-place:
https://old.nixaid.com/enable-kexec-reboots-by-default/
This would be good for security since we'd be running recent kernels, it would be good for saving disk space and complexity since it would let us get rid of old software generations, and - I haven't verified this yet - it could well be that this keeps the secrets too, making for a smoother upgrade procedure.