diff --git a/playbooks/provision.yaml b/playbooks/provision.yaml
index 15ac0a7..34011ae 100644
--- a/playbooks/provision.yaml
+++ b/playbooks/provision.yaml
@@ -1,6 +1,14 @@
 ---
+- name: Group hosts by platform
+  hosts: all
+  tags:
+    - always
+  pre_tasks:
+    - include_tasks: tasks/meta/runtime-group-determination.yaml
+
+
 - name: Bootstrap remote ansible environment
-  hosts: all,!network,!network
+  hosts: linux
   tags:
     - always
   tasks:
@@ -51,7 +59,7 @@
 
 
 - name: Configure common server settings
-  hosts: all,!network
+  hosts: linux
   vars_files:
     - vars/packages.yaml
   tasks:
@@ -104,7 +112,7 @@
 
 
 - name: Configure SSH
-  hosts: all,!network
+  hosts: linux
   handlers:
     - name: restart-sshd
       become: true
diff --git a/playbooks/tasks b/playbooks/tasks
new file mode 120000
index 0000000..f82457b
--- /dev/null
+++ b/playbooks/tasks
@@ -0,0 +1 @@
+../tasks
\ No newline at end of file
diff --git a/playbooks/update.yaml b/playbooks/update.yaml
index 11aba6b..d3ae92e 100644
--- a/playbooks/update.yaml
+++ b/playbooks/update.yaml
@@ -1,6 +1,14 @@
 ---
+- name: Group hosts by platform
+  hosts: all
+  tags:
+    - always
+  pre_tasks:
+    - include_tasks: tasks/meta/runtime-group-determination.yaml
+
+
 - name: Update system
-  hosts: all,!network
+  hosts: linux
   tags:
     - packages
   vars_files:
@@ -14,7 +22,7 @@
         state: latest
 
 - name: Update unix accounts
-  hosts: all,!network
+  hosts: linux
   tags:
     - accounts
     - access
@@ -32,11 +40,13 @@
         - "{{ skylab_group }}"
         - "{{ skylab_group_admin }}"
         - "{{ skylab_group_automation }}"
+      loop_control:
+        label: "{{ item.name }},{{ item.gid }}"
 
     - name: Determine existing skylab users
       changed_when: false
       ansible.builtin.shell:
-        cmd: 'grep {{ skylab_group.name }} /etc/group | cut --delimiter : --fields 4 | tr "," "\n"'
+        cmd: 'grep "{{ skylab_group.name }}:" /etc/group | cut --delimiter : --fields 4 | tr "," "\n"'
       register: _existing_skylab_accounts
 
     - name: Delete removed user accounts
diff --git a/tasks/meta/runtime-group-determination.yaml b/tasks/meta/runtime-group-determination.yaml
new file mode 100644
index 0000000..ff9b920
--- /dev/null
+++ b/tasks/meta/runtime-group-determination.yaml
@@ -0,0 +1,12 @@
+---
+- name: Group EdgeOS hosts
+  when: ansible_kernel.endswith('UBNT')
+  changed_when: false
+  group_by:
+    key: edgeos
+
+- name: Group supported Linux hosts
+  when: ansible_distribution == "Rocky"
+  changed_when: false
+  group_by:
+    key: linux