+<% if classes.include?('roles::puppetmaster') -%>
+dir=8/etc/puppet
+<% end -%>
+<% if classes.include?('named::geodns') -%>
+dir=1/etc/bind/geodns
+<% end -%>
+<% if classes.include?('named::authoritative') -%>
+dir=1/etc/bind
+file=/etc/bind/named.conf.debian-zones
+<% end -%>
+dir=3/etc/lvm/archive
+dir=3/etc/lvm/backup
+dir=1/etc/ferm/dsa.d
+dir=1/etc/ferm/conf.d
+dir=3/etc/facter
+file=/etc/ferm/conf.d/me.conf
+file=/etc/ferm/conf.d/defs.conf
+file=/etc/ferm/ferm.conf
+file=/etc/ssl/README
+dir=2/etc/ssl/debian
+dir=1/etc/ssl/certs
+dir=1/etc/ssl/ca-debian
+dir=1/etc/ssl/ca-global
+file=/etc/ca-certificates.conf
+file=/etc/ca-certificates-debian.conf
+file=/etc/ca-certificates-global.conf
+file=/etc/ssl/private/ssl-cert-snakeoil.key
+file=/etc/unbound/unbound.conf
+<% if scope.lookupvar('::fqdn') == "draghi.debian.org" -%>
+file=/etc/openvpn/deb-mgmt-clients.pool
+<% end -%>
+file=/etc/rsyncd/debian.secrets
+
+
+<% if classes.include?('roles::puppetmaster') -%>
+
+# Damn you rails apps and your shoddy packaging
+file=/usr/share/puppet-dashboard/public/stylesheets
+file=/usr/share/puppet-dashboard/public/javascripts
+file=/usr/share/puppet-dashboard/public/stylesheets/all.css
+file=/usr/share/puppet-dashboard/public/javascripts/all.js
+dir=1/usr/share/puppet-dashboard/tmp/pids
+<% end -%>
+
+file=/etc/ssl/private/*.key-certchain
+dir=10/var/lib/puppet/clientbucket