-file=/etc/nagios3/puppetconf.d/auto-serviceextinfo.cfg"
-when "handel.debian.org": extrafiles="dir=8/etc/puppet"
-when "dijkstra.debian.org": extrafiles="dir=4/etc/dsa-kvm"
-when /geo[123].debian.org/: extrafiles="dir=1/etc/bind/geodns"
-when /(senfl|ravel|rietz|klecker).debian.org/: extrafiles="dir=1/etc/bind
-file=/etc/bind/named.conf.debian-zones"
-when /(zandonai|biber).debian.org/: extrafiles="dir=3/etc/lvm"
-end
-extrafiles
-%>
+file=/etc/nagios3/puppetconf.d/auto-serviceextinfo.cfg
+file=/etc/nagios3/puppetconf.d/auto-servicegroups.cfg
+file=/etc/nagios3/puppetconf.d/contacts.cfg
+<% end -%>
+<% if scope.function_has_role(['muninmaster']) -%>
+file=/etc/munin/munin.conf
+<% end -%>
+<% if scope.function_has_role(['puppetmaster']) -%>
+dir=8/etc/puppet
+<% end -%>
+<% if classes.include?('named::geodns') -%>
+dir=1/etc/bind/geodns
+<% end -%>
+<% if classes.include?('named::authoritative') -%>
+dir=1/etc/bind
+file=/etc/bind/named.conf.debian-zones
+<% end -%>
+dir=3/etc/lvm/archive
+dir=3/etc/lvm/backup
+dir=1/etc/ferm/dsa.d
+dir=1/etc/ferm/conf.d
+dir=3/etc/facter
+file=/etc/ferm/conf.d/me.conf
+file=/etc/ferm/conf.d/defs.conf
+file=/etc/ferm/ferm.conf
+file=/etc/ssl/README
+dir=2/etc/ssl/debian
+dir=1/etc/ssl/certs
+dir=1/etc/ssl/ca-debian
+dir=1/etc/ssl/ca-global
+file=/etc/ca-certificates.conf
+file=/etc/ca-certificates-debian.conf
+file=/etc/ca-certificates-global.conf
+file=/etc/ssl/private/ssl-cert-snakeoil.key
+file=/etc/unbound/unbound.conf
+<% if scope.lookupvar('::fqdn') == "draghi.debian.org" -%>
+file=/etc/openvpn/deb-mgmt-clients.pool
+<% end -%>
+file=/etc/rsyncd/debian.secrets
+
+
+<% if scope.function_has_role(['puppetmaster']) %>
+
+# Damn you rails apps and your shoddy packaging
+file=/usr/share/puppet-dashboard/public/stylesheets
+file=/usr/share/puppet-dashboard/public/javascripts
+file=/usr/share/puppet-dashboard/public/stylesheets/all.css
+file=/usr/share/puppet-dashboard/public/javascripts/all.js
+dir=1/usr/share/puppet-dashboard/tmp/pids
+<% end -%>
+
+<% if classes.include?("porterbox") %>
+file=/etc/cron.weekly/puppet-mail-big-homedirs
+<% end -%>
+file=/etc/ssl/private/*.key-certchain