diff --git a/hieradata/os/AlmaLinux/AlmaLinux8.yaml b/hieradata/os/AlmaLinux/AlmaLinux8.yaml
index 3447bca..ef48076 100644
--- a/hieradata/os/AlmaLinux/AlmaLinux8.yaml
+++ b/hieradata/os/AlmaLinux/AlmaLinux8.yaml
@@ -2,8 +2,9 @@
 ---
 profiles::yum::managed_repos:
   - 'base'
-  - 'extras'
   - 'appstream'
   - 'epel'
+  - 'powertools'
+  - 'highavailability'
   - 'puppet7'
   - 'yum.postgresql.org'
diff --git a/hieradata/os/AlmaLinux/AlmaLinux9.yaml b/hieradata/os/AlmaLinux/AlmaLinux9.yaml
index 2613c77..40c32c1 100644
--- a/hieradata/os/AlmaLinux/AlmaLinux9.yaml
+++ b/hieradata/os/AlmaLinux/AlmaLinux9.yaml
@@ -2,7 +2,6 @@
 ---
 profiles::yum::managed_repos:
   - 'base'
-  - 'extras'
   - 'appstream'
   - 'epel'
   - 'puppet7'
diff --git a/hieradata/os/AlmaLinux/all_releases.yaml b/hieradata/os/AlmaLinux/all_releases.yaml
index bdb6ccb..105a19a 100644
--- a/hieradata/os/AlmaLinux/all_releases.yaml
+++ b/hieradata/os/AlmaLinux/all_releases.yaml
@@ -1,7 +1,7 @@
 # hieradata/os/almalinux/all_releases.yaml
 ---
-profiles::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au
-profiles::yum::epel::baseurl: http://mirror.aarnet.edu.au/pub/epel
+profiles::yum::base::baseurl: http://repos.main.unkin.net/almalinux
+profiles::yum::epel::baseurl: http://repos.main.unkin.net/epel
 profiles::firewall::firewalld::ensure_package: 'absent'
 profiles::firewall::firewalld::ensure_service: 'stopped'
 profiles::firewall::firewalld::enable_service: false
diff --git a/hieradata/roles/infra/packagerepo.yaml b/hieradata/roles/infra/packagerepo.yaml
index 1644516..123fbaa 100644
--- a/hieradata/roles/infra/packagerepo.yaml
+++ b/hieradata/roles/infra/packagerepo.yaml
@@ -28,6 +28,13 @@ profiles::reposync::repos_list:
     release: '8.8'
     baseurl: 'http://mirror.aarnet.edu.au/pub/almalinux/8.8/PowerTools/x86_64/os/'
     gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
+  almalinux_8_8_extras:
+    repository: 'extras'
+    description: 'AlmaLinux 8.8 - extras'
+    osname: 'almalinux'
+    release: '8.8'
+    baseurl: 'http://mirror.aarnet.edu.au/pub/almalinux/8.8/extras/x86_64/os/'
+    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
   epel_8_everything:
     repository: 'Everything'
     description: 'EPEL 8 Everything'
diff --git a/site/profiles/manifests/puppet/client.pp b/site/profiles/manifests/puppet/client.pp
index 360e296..68ab61a 100644
--- a/site/profiles/manifests/puppet/client.pp
+++ b/site/profiles/manifests/puppet/client.pp
@@ -29,6 +29,20 @@ class profiles::puppet::client (
     ensure => $puppet_version,
   }
 
+  # if puppet-version is anything other than latest, set a versionlock
+  $puppet_versionlock_ensure = $puppet_version ? {
+    'latest' => 'absent',
+    default  => 'present',
+  }
+  $puppet_versionlock_version = $puppet_version ? {
+    'latest' => undef,
+    default  => $puppet_version,
+  }
+  yum::versionlock{'puppet-agent':
+    ensure  => $puppet_versionlock_ensure,
+    version => $puppet_versionlock_version,
+  }
+
   # Ensure the puppet service is running
   service { 'puppet':
     ensure     => 'running',
diff --git a/site/profiles/manifests/yum/base.pp b/site/profiles/manifests/yum/base.pp
index 4d2ea53..48c38f0 100644
--- a/site/profiles/manifests/yum/base.pp
+++ b/site/profiles/manifests/yum/base.pp
@@ -1,6 +1,6 @@
 # Class: profiles::yum::base
 #
-# This class manages the 'base', extras' and 'appstream' yum 
+# This class manages the 'base', extras' and 'appstream' yum
 # repositories for a system, based on the provided list of managed repositories.
 #
 # Parameters:
@@ -17,7 +17,7 @@
 # - Sets up the 'base', extras', and 'appstream' yum repositories
 #   as specified in the $managed_repos parameter, all using the provided baseurl.
 #
-# - Each repo configuration includes the baseurl parameterized with the OS 
+# - Each repo configuration includes the baseurl parameterized with the OS
 #   release version and architecture, and specifies the GPG key.
 #
 # Example usage:
@@ -31,8 +31,13 @@
 class profiles::yum::base (
   Array[String] $managed_repos,
   String        $baseurl,
+  Enum[
+    'daily',
+    'weekly',
+    'monthly'
+  ]             $snapshot = 'daily',
 ) {
-  $releasever = $facts['os']['release']['major']
+  $release = $facts['os']['release']['full']
   $basearch = $facts['os']['architecture']
 
   if 'base' in $managed_repos {
@@ -40,7 +45,7 @@ class profiles::yum::base (
       name    => 'base',
       descr   => 'base repository',
       target  => '/etc/yum.repos.d/base.repo',
-      baseurl => "${baseurl}/${releasever}/BaseOS/${basearch}/os/",
+      baseurl => "${baseurl}/${release}/BaseOS-${snapshot}/${basearch}/os/",
       gpgkey  => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
     }
   }
@@ -50,7 +55,7 @@ class profiles::yum::base (
       name    => 'extras',
       descr   => 'extras repository',
       target  => '/etc/yum.repos.d/extras.repo',
-      baseurl => "${baseurl}/${releasever}/extras/${basearch}/os/",
+      baseurl => "${baseurl}/${release}/extras-${snapshot}/${basearch}/os/",
       gpgkey  => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
     }
   }
@@ -60,7 +65,27 @@ class profiles::yum::base (
       name    => 'appstream',
       descr   => 'appstream repository',
       target  => '/etc/yum.repos.d/appstream.repo',
-      baseurl => "${baseurl}/${releasever}/AppStream/${basearch}/os/",
+      baseurl => "${baseurl}/${release}/AppStream-${snapshot}/${basearch}/os/",
+      gpgkey  => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
+    }
+  }
+
+  if 'powertools' in $managed_repos {
+    yumrepo { 'powertools':
+      name    => 'powertools',
+      descr   => 'powertools repository',
+      target  => '/etc/yum.repos.d/powertools.repo',
+      baseurl => "${baseurl}/${release}/PowerTools-${snapshot}/${basearch}/os/",
+      gpgkey  => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
+    }
+  }
+
+  if 'highavailability' in $managed_repos {
+    yumrepo { 'highavailability':
+      name    => 'highavailability',
+      descr   => 'highavailability repository',
+      target  => '/etc/yum.repos.d/highavailability.repo',
+      baseurl => "${baseurl}/${release}/HighAvailability-${snapshot}/${basearch}/os/",
       gpgkey  => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
     }
   }
diff --git a/site/profiles/manifests/yum/epel.pp b/site/profiles/manifests/yum/epel.pp
index fe2be21..f0e39d9 100644
--- a/site/profiles/manifests/yum/epel.pp
+++ b/site/profiles/manifests/yum/epel.pp
@@ -11,14 +11,10 @@
 # --------
 # - Checks the OS release version.
 #
-# - If the release version is 7, 8, or 9, it sets up the 'epel' yum repository 
-#   and installs the EPEL release RPM from the provided baseurl.
+# - If the release version is 7, 8, or 9, it sets up the 'epel' yum repository
 #
 # - If the release version is not supported, it raises an error.
 #
-# - The repo configuration includes the baseurl parameterized with the OS
-#   release version and architecture, and specifies the GPG key.
-#
 # Example usage:
 # --------------
 # To use this class with the default parameters:
@@ -31,27 +27,22 @@
 class profiles::yum::epel (
   Array[String] $managed_repos,
   String        $baseurl,
+  Enum[
+    'daily',
+    'weekly',
+    'monthly'
+  ]             $snapshot = 'daily',
 ) {
-  $releasever = $facts['os']['release']['major']
+  $release = $facts['os']['release']['major']
   $basearch = $facts['os']['architecture']
 
   if 'epel' in $managed_repos {
-    if ($releasever in [7,8,9]) {
-      $source = "${baseurl}/epel-release-latest-${releasever}.noarch.rpm"
-
-      yum::install { 'epel-release':
-        ensure => present,
-        source => $source,
-      }
-    } else {
-      err("Unsupported OS release ${releasever}")
-    }
     yumrepo { 'epel':
       name    => 'epel',
       descr   => 'epel repository',
       target  => '/etc/yum.repos.d/epel.repo',
-      baseurl => "${baseurl}/${releasever}/Everything/${basearch}/",
-      gpgkey  => "${baseurl}/RPM-GPG-KEY-EPEL-${releasever}",
+      baseurl => "${baseurl}/${release}/Everything-${snapshot}/${basearch}/os/",
+      gpgkey  => "${baseurl}/RPM-GPG-KEY-EPEL-${release}",
     }
   }
 }
diff --git a/site/profiles/manifests/yum/global.pp b/site/profiles/manifests/yum/global.pp
index 70481c7..eca5715 100644
--- a/site/profiles/manifests/yum/global.pp
+++ b/site/profiles/manifests/yum/global.pp
@@ -42,6 +42,7 @@
 #
 class profiles::yum::global (
   Array[String] $managed_repos = lookup('profiles::yum::managed_repos'),
+  Boolean       $purge         = true,
 ){
   class { 'yum':
     keep_kernel_devel => true,
@@ -58,14 +59,9 @@ class profiles::yum::global (
     mirrorlist => 'absent',
   }
 
-#  tidy { '/etc/yum.repos.d':
-#    matches => ['*.repo', '!*.managed.repo'],
-#    recurse => true,
-#    rmdirs  => false,
-#    age     => '0s',
-#    backup  => false,
-#    type    => 'ctime',
-#  }
+  resources { 'yumrepo':
+    purge => $purge,
+  }
 
   # Generate the content for the .managed file
   $managed_file_content = $managed_repos.map |$repo_name| { "${repo_name}.repo" }.join("\n")
@@ -76,15 +72,6 @@ class profiles::yum::global (
     content => $managed_file_content,
   }
 
-  # Define exec resource to remove .repo files not listed in .managed
-  exec { 'cleanup_yum_repos':
-    command => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort)
-                <(sort /etc/yum.repos.d/.managed) | 
-                xargs -n1 rm -f /etc/yum.repos.d/{}"',
-    onlyif  => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort)
-                <(sort /etc/yum.repos.d/.managed) | grep .repo"',
-  }
-
   # Setup base repos
   class { 'profiles::yum::base':
     managed_repos => $managed_repos,
diff --git a/site/profiles/manifests/yum/puppet7.pp b/site/profiles/manifests/yum/puppet7.pp
index 4ceb7a1..2733ff2 100644
--- a/site/profiles/manifests/yum/puppet7.pp
+++ b/site/profiles/manifests/yum/puppet7.pp
@@ -47,7 +47,6 @@ class profiles::yum::puppet7 (
       err("Unsupported OS release ${releasever}")
     }
 
-
     yumrepo { 'puppet7':
       name    => 'puppet7',
       descr   => 'puppet7 repository',