sync roles with changes from OWS

site.yml

@@ -1,8 +1,7 @@
 ---
-## Main Playbook for the staging DTSV Infrastructure
-
-# waiting for terraform provisioning
+## Main DTSV Infrastructure Playbook
 
+# Waiting for terraform provisioning
 - name: Wait for provisioning
   hosts: label_env_prod
   gather_facts: false
@@ -21,8 +20,7 @@
       retries: 50
       delay: 5
 
-# install terraformed servers
-
+# Install terraformed servers
 - name: Install common packages
   hosts: label_env_prod
   roles:
@@ -30,5 +28,36 @@
     - node_exporter
   become: true
 
-- import_playbook: db.yml
-- import_playbook: web.yml
+- name: DB playbook
+  import_playbook: db.yml
+- name: WEB playbook
+  import_playbook: web.yml
+
+- name: Maintenance
+  hosts: label_env_prod
+  become: true
+  tasks:
+    - name: Start apt upgrade
+      block:
+        - name: Perform upgrade
+          apt:
+            name: "*"
+            state: latest
+            update_cache: true
+            cache_valid_time: 3600
+
+        - name: Check if a reboot is required
+          stat:
+            path: /var/run/reboot-required
+          register: reboot_required_file  # noqa: var-naming[no-role-prefix]
+
+        - name: Reboot the server (if required)
+          reboot:
+          when: reboot_required_file.stat.exists
+
+        - name: Wait for instance to become reachable/usable
+          wait_for_connection:  # host_key_checking must be disabled
+
+        - name: Remove dependencies that are no longer required.
+          apt:
+            autoremove: true