diff --git a/manifests/common.pp b/manifests/common.pp
index b3571a6..896cefe 100644
--- a/manifests/common.pp
+++ b/manifests/common.pp
@@ -1,10 +1,10 @@
 class puppet::common ($ensure = 'present') {
-  package { 'facter':
-    ensure => $ensure ? {
-      'present' => 'latest',
-      default   => $ensure,
-    }
+  $pkg_ens = $ensure ? {
+    'present' => 'latest',
+    default   => $ensure,
   }
+
+  package { 'facter': ensure => $pkg_ens }
   $ens_dir = $ensure ? {
     'present' => 'directory',
     default   => $ensure,
@@ -18,16 +18,15 @@ class puppet::common ($ensure = 'present') {
       '/etc/facter',
       $facts_d]:
       ensure => $ens_dir,
-      mode   => 0755,
-      owner  => root,
-      group  => root;
+      mode   => '0755',
+      owner  => 'root',
+      group  => 'root';
 
     "${::puppet_vardir}/exported":
       ensure => $ens_dir;
   }
 
   # add facter variable to custom facts.
-  file { '/etc/profile.d/puppet.sh':
-    content => "export FACTERLIB=\"${factpath}\"\n",
+  file { '/etc/profile.d/puppet.sh': content => "export FACTERLIB=\"${::factpath}\"\n",
   }
 }
diff --git a/manifests/defines/privatedir.pp b/manifests/defines/privatedir.pp
new file mode 100644
index 0000000..51f98c9
--- /dev/null
+++ b/manifests/defines/privatedir.pp
@@ -0,0 +1,21 @@
+##########################################################################
+# # define puppet::puppetmaster::privatedir
+# #  $l_fqdn : hostname - lower case letters only
+# #  $title :  hostname - as given in hosts client-cert
+##
+# # $puppet_privdir (declared in site.pp) must already exist!
+
+define puppet::defines::privatedir ($l_fqdn) {
+  file { "${::puppet_privdir}/${l_fqdn}":
+    ensure => directory,
+    owner  => puppet
+  } # file
+
+  # # create link if cert-hostname and DNS-provided fqdn differ
+  if $title != $l_fqdn {
+    file { "${::puppet_privdir}/${title}":
+      ensure  => "${::puppet_privdir}/${l_fqdn}",
+      require => File["${::puppet_privdir}/${l_fqdn}"]
+    } # file
+  } # if
+} # define puppet::puppetmaster::privatedir
diff --git a/manifests/init.pp b/manifests/init.pp
index 226d306..d3dd278 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,18 +1,18 @@
-import "defines/*.pp"
+import 'defines/*.pp'
 
 class puppet (
-  $ensure          = "present",
+  $ensure          = 'present',
   $norunifloggedin = false,
   $daemonize       = true,
-  $run_hour        = "*/1",
-  $run_minute      = "10",
-  $run_if_ipmatch  = "") {
+  $run_hour        = '*/1',
+  $run_minute      = '10',
+  $run_if_ipmatch  = '') {
   $puppet_service = $kernel ? {
-    "Darwin"  => "org.macports.puppet",
-    "FreeBSD" => "puppetd",
-    default   => "puppet"
+    'Darwin'  => 'org.macports.puppet',
+    'FreeBSD' => 'puppetd',
+    default   => 'puppet'
   }
-  $factpath = "/var/lib/puppet/lib/facter"
+  $factpath = '/var/lib/puppet/lib/facter'
 
   require 'puppet::common'
 
@@ -24,113 +24,113 @@ class puppet (
 #    "$fqdn") }
 
   case $kernel {
-    "Linux" : {
-      $puppetpkgs = ["puppet", "puppet-common"]
+    'Linux' : {
+      $puppetpkgs = ['puppet', 'puppet-common']
 
       Package {
-        provider => "apt" }
+        provider => 'apt' }
     }
     default : {
-      $puppetpkgs = "puppet"
+      $puppetpkgs = 'puppet'
     }
   }
   $puppet_linuxversion_real = $::PUPPET_VERSION_LINUX ? {
-    ""      => "latest",
+    ''      => 'latest',
     default => $::PUPPET_VERSION_LINUX,
   }
 
-  package { $puppetpkgs:
-    ensure => $ensure ? {
-      "present" => $kernel ? {
-        "Linux" => $puppet_linuxversion_real,
+  $pkg_ens = $ensure ? {
+      'present' => $::kernel ? {
+        'Linux' => $puppet_linuxversion_real,
         default => $ensure,
-      } },
-    notify => Service["${puppet_service}"],
+      },
+      default => $ensure,
+      }
+  package { $puppetpkgs:
+    ensure => $pkg_ens,
+    notify => Service[$puppet_service],
   }
 
-  service { "${puppet_service}":
+  service { $puppet_service:
     hasstatus => true,
-    enable    => "${daemonize}",
-    ensure    => "${daemonize}",
+    enable    => $daemonize,
+    ensure    => $daemonize,
   }
   $cron_real = $daemonize ? {
-    false   => "present",
-    true    => "absent",
+    false   => 'present',
+    true    => 'absent',
     default => $ensure,
   }
   notice("${fqdn} PUPPET-CRON: cron_real: ${cron_real}, daemonize: ${daemonize}, running: ${service_running}"
   )
 
   cron { 'puppetrun':
-    command => "/usr/local/sbin/puppetd_run.sh",
-    user    => root,
+    command => '/usr/local/sbin/puppetd_run.sh',
+    user    => 'root',
     minute  => $run_minute,
     hour    => $run_hour,
-    ensure  => "${cron_real}",
+    ensure  => $cron_real,
   }
   $maxsleep = 6400
 
-  file { "/usr/local/sbin/puppetd_run.sh":
-    content => template("puppet/puppetd_run.sh.erb"),
-    mode    => 0700,
-    alias   => "puppetd_run.sh",
+  file { '/usr/local/sbin/puppetd_run.sh':
+    content => template('puppet/puppetd_run.sh.erb'),
+    mode    => '0700',
+    alias   => 'puppetd_run.sh',
     ensure  => $ensure;
-    "/var/log/puppet":
+    '/var/log/puppet':
     mode => '0750',
 	owner => 'puppet',
 	group => 'puppet';
   }
 
   case $::kernel {
-    "Darwin" : {
-      file { "/Library/LaunchDaemons/org.macports.puppet.plist":
-        source => "puppet:///modules/puppet/org.macports.puppet.plist",
-        before => Service["${puppet_service}"],
+    'Darwin' : {
+      file { '/Library/LaunchDaemons/org.macports.puppet.plist':
+        source => 'puppet:///modules/puppet/org.macports.puppet.plist',
+        before => Service[$puppet_service],
       }
-
-      file { "/opt/local/lib/ruby/site_ruby/1.8/puppet/provider/package/appdmg.rb"
-      : ensure => "absent", }
     }
-    "Linux"  : {
-#      replace { "enable_puppet":
-#        file        => "/etc/default/puppet",
-#        pattern     => "START=no",
-#        replacement => "START=yes",
-#        before      => Service["${puppet_service}"],
+    'Linux'  : {
+#      replace { 'enable_puppet':
+#        file        => '/etc/default/puppet',
+#        pattern     => 'START=no',
+#        replacement => 'START=yes',
+#        before      => Service[$puppet_service],
 #      }
 
       if defined(Class['monit']) {
-        monit::process { "puppet":
-          start      => "/etc/init.d/puppet start",
-          stop       => "/etc/init.d/puppet stop",
-          pidfile    => "/var/run/puppet/agent.pid",
-          additional => "if totalmem > 400 Mb for 10 cycles then RESTART",
+        monit::process { 'puppet':
+          start      => '/etc/init.d/puppet start',
+          stop       => '/etc/init.d/puppet stop',
+          pidfile    => '/var/run/puppet/agent.pid',
+          additional => 'if totalmem > 400 Mb for 10 cycles then RESTART',
           ensure     => $daemonize ? {
-            "true"  => "present",
-            default => "absent",
+            true  => 'present',
+            default => 'absent',
           },
         }
       }
     }
   }
   $puppet_user = $operatingsystem ? {
-    "Darwin" => $adm,
-    default  => "puppet",
+    'Darwin' => $adm,
+    default  => 'puppet',
   }
   $puppet_group = $operatingsystem ? {
-    "Darwin" => "wheel",
-    default  => "puppet",
+    'Darwin' => 'wheel',
+    default  => 'puppet',
   }
-  # "FreeBSD" => "/usr/local/etc/puppet/puppet.conf",
+  # 'FreeBSD' => '/usr/local/etc/puppet/puppet.conf',
   $puppetconf = $operatingsystem ? {
-    default => "/etc/puppet/puppet.conf",
+    default => '/etc/puppet/puppet.conf',
   }
 
   file { $puppetconf:
-    content => template("puppet/puppet.conf.erb"),
-    mode    => 0644,
+ensure  => $ensure,
+    content => template('puppet/puppet.conf.erb'),
+    mode    => '0644',
     owner   => $puppet_user,
-    ensure  => "${ensure}",
   #     require => [ Package["puppet"] ],
   }
 
diff --git a/manifests/puppet-dashboard.pp b/manifests/puppet-dashboard.pp
index 92f9196..656640c 100644
--- a/manifests/puppet-dashboard.pp
+++ b/manifests/puppet-dashboard.pp
@@ -1,9 +1,9 @@
-class puppet::puppet-dashboard ($ensure = "present") {
+class puppet::puppet-dashboard ($ensure = 'present') {
   require 'puppet::common'
 
-  package { ["libjson-ruby", "puppet-dashboard"]:
+  package { ['libjson-ruby', 'puppet-dashboard']:
     ensure  => $ensure,
-    require => Apt::Source["puppet-dashboard"],
+    require => Apt::Source['puppet-dashboard'],
   }
 
   if !defined(Class['puppet::puppetlabs_apt']) {
@@ -11,28 +11,28 @@ class puppet::puppet-dashboard ($ensure = "present") {
     require 'puppet::puppetlabs_apt'
   }
 
-  apt::source { "puppet-dashboard":
-    key      => "8347A27F",
-    location => "http://apt.puppetlabs.com",
-    repos    => "main",
+  apt::source { 'puppet-dashboard':
+    key      => '8347A27F',
+    location => 'http://apt.puppetlabs.com',
+    repos    => 'main',
     ensure   => 'absent',
   }
 
-  cron { "purge-reports":
-    command  => "cd /usr/share/puppet-dashboard && rake RAILS_ENV=production reports:prune upto=14 unit=day",
-    user     => "www-data",
-    hour     => "23",
-    minute   => "2",
-    monthday => "*/14",
+  cron { 'purge-reports':
+    command  => 'cd /usr/share/puppet-dashboard && rake RAILS_ENV=production reports:prune upto=14 unit=day',
+    user     => 'www-data',
+    hour     => '23',
+    minute   => '2',
+    monthday => '*/14',
     ensure   => $ensure,
   }
 
-  cron { "purge-optimizedb":
-    command  => "cd /usr/share/puppet-dashboard && rake RAILS_ENV=production db:raw:optimize",
-    user     => "www-data",
-    hour     => "23",
-    minute   => "20",
-    monthday => "*/10",
+  cron { 'purge-optimizedb':
+    command  => 'cd /usr/share/puppet-dashboard && rake RAILS_ENV=production db:raw:optimize',
+    user     => 'www-data',
+    hour     => '23',
+    minute   => '20',
+    monthday => '*/10',
     ensure   => $ensure,
   }
 }