diff --git a/site-modules/profile/manifests/manifests/base_linux.pp b/site-modules/profile/manifests/manifests/base_linux.pp
new file mode 100644
index 0000000..12386e5
--- /dev/null
+++ b/site-modules/profile/manifests/manifests/base_linux.pp
@@ -0,0 +1,45 @@
+# @summary A short summary of the purpose of this class
+#
+# A description of what this class does
+#
+# @example
+#   include profile::base_linux
+#
+# profile::base:linux
+#
+
+
+class profile::base_linux {
+
+
+
+  $root_ssh_key = lookup('base_linux::root_ssh_key')
+  $linux_sw_pkg = lookup('base_linux::linux_sw_pkg')
+# careful when configuring ntp to avoid misuse (opening for DDOS)
+  class { 'ntp':
+    servers => [ 'ntp.ntnu.no' ],
+    restrict => [
+      'default kod nomodify notrap nopeer noquery',
+      '-6 default kod nomodify notrap nopeer noquery',
+    ],
+  }
+  class { 'timezone':
+    timezone => 'Europe/Oslo',
+  }
+  package { $linux_sw_pkg:
+    ensure => latest,
+  }
+# root@manager should be able to ssh without password to all
+  file { '/root/.ssh':
+    owner => 'root',
+    group => 'root',
+    mode => '0700',
+    ensure => 'directory',
+  }
+  ssh_authorized_key { 'root@manager':
+    user => 'root',
+    type => 'ssh-rsa',
+    key => $root_ssh_key,
+    require => File['/root/.ssh'],
+  }
+}
diff --git a/site-modules/profile/manifests/manifests/base_windows.pp b/site-modules/profile/manifests/manifests/base_windows.pp
new file mode 100644
index 0000000..566f162
--- /dev/null
+++ b/site-modules/profile/manifests/manifests/base_windows.pp
@@ -0,0 +1,34 @@
+#  
+# profile::base_windows
+#
+class profile::base_windows {
+  $win_sw_pkg = lookup('base_windows::win_sw_pkg')
+# set default package provider on windows to chocolatey, please read https://chocolatey.org/security in 
+# the future maybe use DSC instead when this is ready: 
+# https://github.com/PowerShell/PackageManagementProviderResource
+  include chocolatey
+# set chocolatey as default package provider on Windows
+  case $::operatingsystem {
+    'windows':
+      { Package { provider => chocolatey, } }
+    default:
+      { Package { provider => windows, } }
+  }
+  package { $win_sw_pkg:
+    ensure => 'latest',
+  }
+# a specific version of vim I know is trusted
+  package { 'vim':
+    ensure => '8.0.604',
+  }
+# use PowerShell DSC to set timezone
+  dsc_xtimezone { 'Oslo':
+    dsc_timezone => 'W. Europe Standard Time',
+    dsc_issingleinstance => 'yes',
+  }
+# use PowerShell DSC protect against wannacry :)
+  dsc_windowsfeature {'FS-SMB1':
+    dsc_ensure => 'absent',
+    dsc_name => 'FS-SMB1',
+  }
+}
diff --git a/site-modules/profile/manifests/manifests/consul/client.pp b/site-modules/profile/manifests/manifests/consul/client.pp
new file mode 100644
index 0000000..5945c1a
--- /dev/null
+++ b/site-modules/profile/manifests/manifests/consul/client.pp
@@ -0,0 +1,16 @@
+class profile::consul::client {
+  package { 'unzip':
+    ensure => latest,
+  }
+  class { '::consul':
+    version => '1.6.0',
+    config_hash => {
+      'data_dir' => '/opt/consul',
+      'datacenter' => 'NTNU',
+      'log_level' => 'INFO',
+      'node_name' => $facts['hostname'],
+      'retry_join' => [ $::serverip ],
+    },
+    require => Package['unzip'],
+  }
+}
diff --git a/site-modules/profile/manifests/manifests/consul/server.pp b/site-modules/profile/manifests/manifests/consul/server.pp
new file mode 100644
index 0000000..c616d1c
--- /dev/null
+++ b/site-modules/profile/manifests/manifests/consul/server.pp
@@ -0,0 +1,18 @@
+class profile::consul::server {
+  package { 'unzip':
+    ensure => latest,
+  }
+  class { '::consul':
+    version => '1.6.0',
+    config_hash => {
+      'bootstrap_expect' => 3,
+      'data_dir' => '/opt/consul',
+      'datacenter' => 'NTNU',
+      'log_level' => 'INFO',
+      'node_name' => $facts['hostname'],
+      'server' => true,
+      'retry_join' => [ $::serverip ],
+    },
+    require => Package['unzip'],
+  }
+}
diff --git a/site-modules/profile/manifests/manifests/dns/client.pp b/site-modules/profile/manifests/manifests/dns/client.pp
new file mode 100644
index 0000000..600b148
--- /dev/null
+++ b/site-modules/profile/manifests/manifests/dns/client.pp
@@ -0,0 +1,33 @@
+class profile::dns::client {
+  $dir_ip = lookup( 'Address', undef, undef, '1.1.1.1' )
+  case $facts['os']['name'] {
+    'windows': {
+      dsc_dnsserveraddress { $dir_ip:
+        dsc_address => $dir_ip,
+        dsc_interfacealias => $facts['networking']['primary'],
+        dsc_addressfamily => 'IPv4',
+        dsc_validate => true,
+      }
+      dsc_dnsclientglobalsetting { 'domainname':
+        dsc_issingleinstance => yes,
+        dsc_suffixsearchlist => 'node.consul',
+      }
+    }
+    /^(Debian|Ubuntu)$/: {
+      class { 'netplan':
+        config_file => '/etc/netplan/50-cloud-init.yaml',
+        ethernets => {
+          'ens3' => {
+            'dhcp4' => true,
+            'nameservers' => {
+              'search' => ['node.consul'],
+              'addresses' => [ "$dir_ip" ],
+            }
+          }
+        },
+        netplan_apply => true,
+      }
+    }
+    default: { notify { 'Which OS? What?': } }
+  }
+}
diff --git a/site-modules/profile/manifests/manifests/dns/server.pp b/site-modules/profile/manifests/manifests/dns/server.pp
new file mode 100644
index 0000000..c4c996e
--- /dev/null
+++ b/site-modules/profile/manifests/manifests/dns/server.pp
@@ -0,0 +1,14 @@
+class profile::dns::server {
+  include dns::server
+  # Forwarders
+  dns::server::options { '/etc/bind/named.conf.options':
+    dnssec_enable => false,
+    dnssec_validation => no,
+    forwarders => [ '129.241.0.201' ],
+  }
+  dns::zone { 'consul':
+    zone_type => forward,
+    forward_policy => only,
+    allow_forwarder => [ '127.0.0.1 port 8600' ],
+  }
+}