diff --git a/Puppetfile b/Puppetfile
index d38a073..b559a1b 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -9,8 +9,8 @@ mod 'puppetlabs-vcsrepo', '7.0.0'
 mod 'puppetlabs-yumrepo_core', '2.1.0'
 mod 'puppetlabs-apt', '10.0.1'
 mod 'puppetlabs-lvm', '3.0.1'
-mod 'puppetlabs-puppetdb', '8.1.0'
-mod 'puppetlabs-postgresql', '10.5.0'
+mod 'puppetlabs-puppetdb', '7.14.0'
+mod 'puppetlabs-postgresql', '9.2.0'
 mod 'puppetlabs-firewall', '8.1.4'
 mod 'puppetlabs-accounts', '8.2.2'
 mod 'puppetlabs-mysql', '16.2.0'
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index ece85d6..ecd78e5 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -165,6 +165,10 @@ profiles::ntp::client::peers:
 profiles::base::puppet_servers:
   - 'prodinf01n01.main.unkin.net'
 
+consul::install_method: 'package'
+consul::manage_repo: false
+consul::bin_dir: /usr/bin
+
 profiles::dns::master::basedir: '/var/named/sources'
 profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
 profiles::dns::base::use_ns: 'region'
diff --git a/hieradata/os/AlmaLinux/AlmaLinux9.yaml b/hieradata/os/AlmaLinux/AlmaLinux9.yaml
index 7c98e9c..f3f218e 100644
--- a/hieradata/os/AlmaLinux/AlmaLinux9.yaml
+++ b/hieradata/os/AlmaLinux/AlmaLinux9.yaml
@@ -3,12 +3,28 @@
 crypto_policies::policy: 'DEFAULT:SHA1'
 
 profiles::yum::global::repos:
+  baseos:
+    baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/baseos-daily/%{facts.os.architecture}/os/
+    gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/baseos-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
+    mirrorlist: absent
+  extras:
+    baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/extras-daily/%{facts.os.architecture}/os/
+    gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/extras-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
+    mirrorlist: absent
+  appstream:
+    baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/appstream-daily/%{facts.os.architecture}/os/
+    gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/appstream-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
+    mirrorlist: absent
+  highavailability:
+    baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/ha-daily/%{facts.os.architecture}/os/
+    gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/ha-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
+    mirrorlist: absent
   crb:
     name: crb
     descr: crb repository
     target: /etc/yum.repos.d/crb.repo
-    baseurl: https://edgecache.query.consul/almalinux/%{facts.os.release.full}/CRB/%{facts.os.architecture}/os
-    gpgkey: http://edgecache.query.consul/almalinux/RPM-GPG-KEY-AlmaLinux-%{facts.os.release.major}
+    baseurl: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/crb-daily/%{facts.os.architecture}/os/
+    gpgkey: https://packagerepo.service.consul/almalinux/%{facts.os.release.full}/crb-daily/%{facts.os.architecture}/os//RPM-GPG-KEY-AlmaLinux-9
     mirrorlist: absent
   unkin:
     name: unkin
diff --git a/hieradata/os/Debian/all_releases.yaml b/hieradata/os/Debian/all_releases.yaml
index bd8f426..efd71f9 100644
--- a/hieradata/os/Debian/all_releases.yaml
+++ b/hieradata/os/Debian/all_releases.yaml
@@ -13,3 +13,7 @@ profiles::packages::include:
 
 lm-sensors::package: lm-sensors
 networking::nwmgr_dns_none: false
+
+consul::install_method: 'url'
+consul::manage_repo: false
+consul::bin_dir: /usr/local/bin
diff --git a/hieradata/roles/infra/puppetboard/server.eyaml b/hieradata/roles/infra/puppetboard/server.eyaml
new file mode 100644
index 0000000..29c7cb3
--- /dev/null
+++ b/hieradata/roles/infra/puppetboard/server.eyaml
@@ -0,0 +1 @@
+profiles::puppet::puppetboard::secret_key: ENC[PKCS7,MIIB+wYJKoZIhvcNAQcDoIIB7DCCAegCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAoCr9JTtrnMaVjJlEpA0NYNt/QAgTGiEmS3kPn2oJ80Ay7fUl79pop95uLQIfw6C3e8WGUhxYt31wmzent4Bfbced7uF/tjhP2cniKPmZGuf/tmVrGIHIh4T4g0Wz2K0DIU/dGWUlgE03ICRxXlAy0atjUuAp02ehj7bzLuMf+vZbghm8vnOoDCTKjeZNAJEkDvBkIzwUu9JiM9Gn6BzoLLGdEERqs/LR832vjjNmF7KUEH/Ntt47wbLdfCzawsZsBNLggEb1HNGu0aSb0qBXYBPRq6w1L/RU8gX2dCqGRbhDZymihebaOcwU1AtbLEBdHTYQpga+c4bcTz9rJplLtjCBvQYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQAdSjLEaZPK47TY7LDCB7b4CBkOTvHbi4nb+pB/Kng+Z3N9ocZPZdGbV6WzMNGxsxmhWXoi+XKEzEvfB10UhQwDcvZXd2W9hhiRkakq7+S0uLWzCX1jNMH2LXZAzoiyGM4FFvGpx7Z64OhmVrOJuKnxD+3zK6PZqvMb3g7CjZeAr5vyhcT/zO75krhJuYp11ZFpLCRcuASf0ru+Jq5OKD4+ZI/g==]
diff --git a/hieradata/roles/infra/reposync/syncer.yaml b/hieradata/roles/infra/reposync/syncer.yaml
index 2c1b63d..2ccd0ae 100644
--- a/hieradata/roles/infra/reposync/syncer.yaml
+++ b/hieradata/roles/infra/reposync/syncer.yaml
@@ -38,6 +38,76 @@ profiles::consul::client::node_rules:
 profiles::reposync::webserver::nginx_listen_mode: both
 profiles::reposync::webserver::nginx_cert_type: vault
 profiles::reposync::repos_list:
+  almalinux_9_5_baseos:
+    repository: 'baseos'
+    description: 'AlmaLinux 9.5 BaseOS'
+    osname: 'almalinux'
+    release: '9.5'
+    mirrorlist: 'https://mirrors.almalinux.org/mirrorlist/9.5/baseos'
+    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux-9'
+  almalinux_9_5_appstream:
+    repository: 'appstream'
+    description: 'AlmaLinux 9.5 AppStream'
+    osname: 'almalinux'
+    release: '9.5'
+    mirrorlist: 'https://mirrors.almalinux.org/mirrorlist/9.5/appstream'
+    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux-9'
+  almalinux_9_5_crb:
+    repository: 'crb'
+    description: 'AlmaLinux 9.5 CRB'
+    osname: 'almalinux'
+    release: '9.5'
+    mirrorlist: 'https://mirrors.almalinux.org/mirrorlist/9.5/crb'
+    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux-9'
+  almalinux_9_5_ha:
+    repository: 'ha'
+    description: 'AlmaLinux 9.5 HighAvailability'
+    osname: 'almalinux'
+    release: '9.5'
+    mirrorlist: 'https://mirrors.almalinux.org/mirrorlist/9.5/highavailability'
+    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux-9'
+  almalinux_9_5_extras:
+    repository: 'extras'
+    description: 'AlmaLinux 9.5 extras'
+    osname: 'almalinux'
+    release: '9.5'
+    mirrorlist: 'https://mirrors.almalinux.org/mirrorlist/9.5/extras'
+    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux-9'
+  almalinux_9_4_baseos:
+    repository: 'baseos'
+    description: 'AlmaLinux 9.4 BaseOS'
+    osname: 'almalinux'
+    release: '9.4'
+    baseurl: 'https://vault.almalinux.org/9.4/BaseOS/x86_64/os/'
+    gpgkey: 'https://vault.almalinux.org/9.4/BaseOS/x86_64/os/RPM-GPG-KEY-AlmaLinux-9'
+  almalinux_9_4_appstream:
+    repository: 'appstream'
+    description: 'AlmaLinux 9.4 AppStream'
+    osname: 'almalinux'
+    release: '9.4'
+    baseurl: 'https://vault.almalinux.org/9.4/AppStream/x86_64/os/'
+    gpgkey: 'https://vault.almalinux.org/9.4/AppStream/x86_64/os/RPM-GPG-KEY-AlmaLinux-9'
+  almalinux_9_4_crb:
+    repository: 'crb'
+    description: 'AlmaLinux 9.4 CRB'
+    osname: 'almalinux'
+    release: '9.4'
+    baseurl: 'https://vault.almalinux.org/9.4/CRB/x86_64/os/'
+    gpgkey: 'https://vault.almalinux.org/9.4/CRB/x86_64/os/RPM-GPG-KEY-AlmaLinux-9'
+  almalinux_9_4_ha:
+    repository: 'ha'
+    description: 'AlmaLinux 9.4 HighAvailability'
+    osname: 'almalinux'
+    release: '9.4'
+    baseurl: 'https://vault.almalinux.org/9.4/HighAvailability/x86_64/os/'
+    gpgkey: 'https://vault.almalinux.org/9.4/HighAvailability/x86_64/os/RPM-GPG-KEY-AlmaLinux-9'
+  almalinux_9_4_extras:
+    repository: 'extras'
+    description: 'AlmaLinux 9.4 extras'
+    osname: 'almalinux'
+    release: '9.4'
+    baseurl: 'https://vault.almalinux.org/9.4/extras/x86_64/os/'
+    gpgkey: 'https://vault.almalinux.org/9.4/extras/x86_64/os/RPM-GPG-KEY-AlmaLinux-9'
   docker_stable_el8:
     repository: 'stable'
     description: 'Docker CE Stable EL8'
diff --git a/site/profiles/manifests/consul/client.pp b/site/profiles/manifests/consul/client.pp
index d1d82d8..fa229c8 100644
--- a/site/profiles/manifests/consul/client.pp
+++ b/site/profiles/manifests/consul/client.pp
@@ -85,4 +85,10 @@ class profiles::consul::client (
     require => File['/root/.config'],
   }
 
+  # cleanup /usr/local/bin/consul which was created by url install method
+  if $facts['os']['family'] == 'RedHat' {
+    file {'/usr/local/bin/consul':
+      ensure  => absent,
+    }
+  }
 }
diff --git a/site/profiles/manifests/puppet/puppetboard.pp b/site/profiles/manifests/puppet/puppetboard.pp
index 08b49aa..c141e73 100644
--- a/site/profiles/manifests/puppet/puppetboard.pp
+++ b/site/profiles/manifests/puppet/puppetboard.pp
@@ -21,7 +21,7 @@ class profiles::puppet::puppetboard (
   Stdlib::Port $nginx_port      = 80,
   Stdlib::Host $nginx_vhost     = 'puppetboard.main.unkin.net',
   Array[Stdlib::Host]  $nginx_aliases = [],
-  #String[1] $secret_key         = "${fqdn_rand_string(32)}",
+  String[1] $secret_key         = "${fqdn_rand_string(32)}",
 ) {
 
   # store puppet-agents ssl settings/certname
@@ -37,7 +37,7 @@ class profiles::puppet::puppetboard (
     basedir             => $basedir,
     virtualenv_dir      => $virtualenv_dir,
     settings_file       => $settings_file,
-    #secret_key         => $secret_key,
+    secret_key          => $secret_key,
     default_environment => $default_environment,
     puppetdb_host       => $puppetdb_host,
     puppetdb_port       => 8081,