diff --git a/README.md b/README.md
index 17f52e38..de802649 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,15 @@
 ## Description
 Ansible script to manage servers.
 
+## roles
+The system use the following role namings:
+
+| role prefix | meaning|
+|---|---|
+|system-|system changes|
+|native-|applications which run native on the system|
+|docker-|applications which run on docker containers on the system|
+
 ## Update
 Follow the best [practices for inventories](https://docs.ansible.com/ansible/2.3/playbooks_best_practices.html) and execute ansible via:
 
diff --git a/roles/native-apt-update/readme.md b/roles/native-apt-update/readme.md
new file mode 100644
index 00000000..97befe80
--- /dev/null
+++ b/roles/native-apt-update/readme.md
@@ -0,0 +1,5 @@
+# role native-apt-update
+This role updates the packages
+
+# upgrade
+Keep in mind that you have to do the upgrade manual because debian based distributions are no runing release
diff --git a/roles/native-apt-update/tasks/main.yml b/roles/native-apt-update/tasks/main.yml
new file mode 100644
index 00000000..1f986828
--- /dev/null
+++ b/roles/native-apt-update/tasks/main.yml
@@ -0,0 +1,4 @@
+- name: apt update all packages to their latest version
+  apt:
+    name: "*"
+    state: latest
diff --git a/roles/native-pacman/tasks/main.yml b/roles/native-pacman-update/tasks/main.yml
similarity index 100%
rename from roles/native-pacman/tasks/main.yml
rename to roles/native-pacman-update/tasks/main.yml
diff --git a/roles/native-security/meta/main.yml b/roles/system-security/meta/main.yml
similarity index 57%
rename from roles/native-security/meta/main.yml
rename to roles/system-security/meta/main.yml
index 02b5a5ad..21d8092b 100644
--- a/roles/native-security/meta/main.yml
+++ b/roles/system-security/meta/main.yml
@@ -1,2 +1,3 @@
 dependencies:
 - native-ssh
+- native-user-alarm
diff --git a/roles/system-update/meta/main.yml b/roles/system-update/meta/main.yml
new file mode 100644
index 00000000..febaaf1f
--- /dev/null
+++ b/roles/system-update/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+  - { role: native-pacman-update, when: ansible_distribution == 'Archlinux' }
+  - { role: native-apt-update, when: ansible_distribution == "Debian" }
diff --git a/site.yml b/site.yml
index 97c33271..5922eeb2 100644
--- a/site.yml
+++ b/site.yml
@@ -1,12 +1,15 @@
 ---
-- name: setup arch hosts
-  hosts: arch_hosts
+- name: general host setup
+  hosts: all
+  roles:
+    - system-security
+    - system-update
+  become: true
+- name: setup wireguard hosts
+  hosts: wireguard_hosts
   roles:
-    - native-security
-    - native-pacman
     - native-wireguard
-    - native-user-alarm
-- name: setup primary_backup_hosts
+- name: setup primary backup hosts
   hosts: primary_backup_hosts
   pre_tasks:
     - name: "check if docker is installed"