diff --git a/.yamllint.yaml b/.yamllint.yaml
new file mode 100644
index 0000000..784f1d0
--- /dev/null
+++ b/.yamllint.yaml
@@ -0,0 +1,22 @@
+---
+extends: "default"
+
+rules:
+  # 80 chars should be enough, but don't fail if a line is longer
+  line-length:
+    max: 86
+    allow-non-breakable-words: true
+    allow-non-breakable-inline-mappings: true
+  indentation:
+    spaces: 2
+    indent-sequences: true
+  # do not obsess over comment formatting
+  comments-indentation: false
+  comments:
+    require-starting-space: false
+
+ignore: |
+  .gitlab-ci.yml
+  .rubocop.yml
+  .travis.yml
+  appveyor.yml
diff --git a/Puppetfile b/Puppetfile
index cb744bb..6a4b2a0 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -1,17 +1,41 @@
 forge 'https://forge.puppet.com'
-
-# Modules from the Puppet Forge
-# Versions should be updated to be the latest at the time you start
-#mod 'puppetlabs/inifile', '3.0.0'
-#mod 'puppetlabs/stdlib',  '6.0.0'
-#mod 'puppetlabs/concat',  '6.0.0'
-
-# Modules from Git
-# Examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples
-#mod 'apache',
-#  git:    'https://github.com/puppetlabs/puppetlabs-apache',
-#  commit: '1b6f89afdde0df7f9433a163d5c4b5328eac5779'
-
-#mod 'apache',
-#  git:    'https://github.com/puppetlabs/puppetlabs-apache',
-#  branch: 'docs_experiment'
+# mod 'aboe/chrony', '0.3.2'
+# mod 'bodgit-bodgitlib', '2.0.1'
+# mod 'bodgit-dbus', '2.0.1'
+# mod 'herculesteam/augeasproviders', '2.4.1'
+# mod 'herculesteam/augeasproviders_base', '2.1.0'
+# mod 'herculesteam/augeasproviders_core', '2.6.0'
+# mod 'herculesteam/augeasproviders_pam', '2.2.1'
+# mod 'herculesteam/augeasproviders_ssh', commit: 'e4eee3726d0472cba1d2d66a2d09031f1d100914', git: 'https://github.com/hercules-team/augeasproviders_ssh'
+# mod 'inkblot/ipcalc', '2.2.0'
+# mod 'ncsa/pam_access', tag: 'v1.0.3', git: 'https://github.com/ncsa/puppet-pam_access'
+mod 'ncsa/profile_additional_packages', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_additional_packages'
+mod 'ncsa/profile_additional_yumrepos', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_additional_yumrepos'
+# mod 'ncsa/profile_chrony', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_chrony'
+# mod 'ncsa/profile_email', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_email'
+# mod 'ncsa/profile_firewall', tag: 'v1.0.1', git: 'https://github.com/ncsa/puppet-profile_firewall'
+# mod 'ncsa/profile_pam_access', branch: 'include_pam_access', git: 'https://github.com/ncsa/puppet-profile_pam_access'
+# mod 'ncsa/profile_puppet_master', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_puppet_master'
+# mod 'ncsa/profile_sudo', tag: 'v0.1.0', git: 'https://github.com/ncsa/profile_sudo'
+# mod 'ncsa/profile_timezone', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_timezone'
+# mod 'ncsa/sshd', tag: 'v0.2.0', git: 'https://github.com/ncsa/puppet-sshd'
+# mod 'ncsa/sssd', tag: 'v3.0.0', git: 'https://github.com/ncsa/puppet-sssd'
+# mod 'ncsa/telegraf', tag: 'v3.1.1', git: 'https://github.com/ncsa/puppet-telegraf.git'
+# mod 'puppet/epel', '3.0.1'
+# mod 'puppet/python', '4.1.1'
+# mod 'puppet/rsyslog', '5.0.1'
+# mod 'puppetlabs/apt', '7.3.0'
+# mod 'puppetlabs/concat', '6.2.0'
+# mod 'puppetlabs/firewall', '2.5.0'
+# mod 'puppetlabs/inifile', '4.1.0'
+# mod 'puppetlabs/mailalias_core', '1.0.6'
+mod 'puppetlabs/stdlib', '6.3.0'
+# mod 'puppetlabs/translate', '2.1.0'
+# mod 'puppetlabs/xinetd', '3.3.0'
+# mod 'richardc-datacat', '0.6.2'
+# mod 'saz/limits', '3.0.4'
+# mod 'saz/sudo', '6.0.0'
+# mod 'saz/timezone', '6.0.0'
+# mod 'sharumpe/tcpwrappers', '1.0.4'
+# mod 'thrnio-ip', '1.0.1'
+# mod 'woodsbw/augeasfacter', commit: '9aea81311d277ed7ff1e8f2d4f79d13cd25f6ded', git: 'https://github.com/woodsbw/augeasfacter'
diff --git a/examples/role/manifests/xcatmaster_puppetmaster.pp b/examples/role/manifests/xcatmaster_puppetmaster.pp
new file mode 100644
index 0000000..64bedba
--- /dev/null
+++ b/examples/role/manifests/xcatmaster_puppetmaster.pp
@@ -0,0 +1,14 @@
+# @summary xcatmaster and puppetmaster
+class role::xcatmaster_puppetmaster {
+
+  include ::profile::base
+  include ::profile::rsyslog::relay
+  include ::profile::squid_proxy
+  include ::profile::sssd
+  include ::profile_allow_ssh_from_cerberus
+  include ::profile_chrony::server
+  include ::profile_docker
+  include ::profile_puppet_master
+  include ::profile_xcat::master
+
+}
diff --git a/hiera.yaml b/hiera.yaml
index 0f5c657..bcdeccf 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -9,4 +9,7 @@ hierarchy:
     data_hash: yaml_data
     paths:
       - "nodes/%{trusted.certname}.yaml"
+      - "site/%{site}/cluster/%{cluster}.yaml"
+      - "site/%{site}.yaml"
+      - "role/%{role}.yaml"
       - "common.yaml"
diff --git a/manifests/site.pp b/manifests/site.pp
index 11663aa..2324ded 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -12,20 +12,3 @@
 # Disable filebucket by default for all File resources:
 # https://github.com/puppetlabs/docs-archive/blob/master/pe/2015.3/release_notes.markdown#filebucket-resource-no-longer-created-by-default
 File { backup => false }
-
-## Node Definitions ##
-
-# The default node definition matches any node lacking a more specific node
-# definition. If there are no other node definitions in this file, classes
-# and resources declared in the default node definition will be included in
-# every node's catalog.
-#
-# Note that node definitions in this file are merged with node data from the
-# Puppet Enterprise console and External Node Classifiers (ENC's).
-#
-# For more on node definitions, see: https://puppet.com/docs/puppet/latest/lang_node_definitions.html
-node default {
-  # This is where you can declare classes for all nodes.
-  # Example:
-  #   class { 'my_class': }
-}
diff --git a/site-modules/profile/hiera.yaml b/site-modules/profile/hiera.yaml
new file mode 100644
index 0000000..b8822f0
--- /dev/null
+++ b/site-modules/profile/hiera.yaml
@@ -0,0 +1,21 @@
+---
+version: 5
+
+defaults:  # Used for any hierarchy level that omits these keys.
+  datadir: "data"         # This path is relative to hiera.yaml's directory.
+  data_hash: "yaml_data"  # Use the built-in YAML backend.
+
+hierarchy:
+  - name: "osfamily/major release"
+    paths:
+        # Used to distinguish between Debian and Ubuntu
+      - "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
+      - "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
+        # Used for Solaris
+      - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
+  - name: "osfamily"
+    paths:
+      - "os/%{facts.os.name}.yaml"
+      - "os/%{facts.os.family}.yaml"
+  - name: "common"
+    path: "common.yaml"
diff --git a/site-modules/profile/manifests/base.pp b/site-modules/profile/manifests/base.pp
index ae85e65..8ef071f 100644
--- a/site-modules/profile/manifests/base.pp
+++ b/site-modules/profile/manifests/base.pp
@@ -1,5 +1,13 @@
+# Include basic profile classes
 class profile::base {
 
-  #the base profile should include component modules that will be on all nodes
+  include ::profile_additional_packages
+  include ::profile_additional_yumrepos
+#  include ::profile_email
+#  include ::profile_pam_access
+#  include ::profile_sudo
+#  include ::profile_timezone
+#  include ::sshd
+#  include ::tcpwrappers
 
 }
diff --git a/site-modules/profile/manifests/example.pp b/site-modules/profile/manifests/example.pp
deleted file mode 100644
index 0b48c3a..0000000
--- a/site-modules/profile/manifests/example.pp
+++ /dev/null
@@ -1,3 +0,0 @@
-class profile::example {
-
-}
diff --git a/site-modules/role/manifests/database_server.pp b/site-modules/role/manifests/database_server.pp
deleted file mode 100644
index aacc912..0000000
--- a/site-modules/role/manifests/database_server.pp
+++ /dev/null
@@ -1,7 +0,0 @@
-class role::database_server {
-
-  #This role would be made of all the profiles that need to be included to make a database server work
-  #All roles should include the base profile
-  include profile::base
-
-}
diff --git a/site-modules/role/manifests/default.pp b/site-modules/role/manifests/default.pp
new file mode 100644
index 0000000..82c40db
--- /dev/null
+++ b/site-modules/role/manifests/default.pp
@@ -0,0 +1,11 @@
+# @summary Default role
+
+class role::default {
+
+  include ::profile::base
+  # include ::profile::rsyslog::client
+  # include ::profile_chrony::client
+  # include ::profile_firewall
+  # include ::profile_telegraf # depends on github.com/ncsa/puppet-profile_telegraf
+
+}
diff --git a/site-modules/role/manifests/example.pp b/site-modules/role/manifests/example.pp
deleted file mode 100644
index 2c1d2d7..0000000
--- a/site-modules/role/manifests/example.pp
+++ /dev/null
@@ -1,3 +0,0 @@
-class role::example {
-
-}
diff --git a/site-modules/role/manifests/webserver.pp b/site-modules/role/manifests/webserver.pp
deleted file mode 100644
index 314fa55..0000000
--- a/site-modules/role/manifests/webserver.pp
+++ /dev/null
@@ -1,7 +0,0 @@
-class role::webserver {
-
-  #This role would be made of all the profiles that need to be included to make a webserver work
-  #All roles should include the base profile
-  include profile::base
-
-}