diff --git a/Puppetfile b/Puppetfile
index acc5fb2..7633622 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -1,9 +1,10 @@
 forge "http://forge.puppetlabs.com"
 
-mod 'camptocamp/augeas', '0.0.1'
 mod 'hunner/wordpress', '0.6.0'
+mod 'jfryman/nginx', '0.0.9'
 mod 'puppetlabs/apache', '0.10.0'
+mod 'puppetlabs/firewall', '1.0.2'
 mod 'puppetlabs/mysql', '2.2.3'
-mod 'saz/ssh', '1.2.0'
+mod 'saz/ssh', '2.3.3'
 mod 'saz/sudo', '2.4.3'
 
diff --git a/Puppetfile.lock b/Puppetfile.lock
index ce36212..80f7013 100644
--- a/Puppetfile.lock
+++ b/Puppetfile.lock
@@ -1,28 +1,35 @@
 FORGE
   remote: http://forge.puppetlabs.com
   specs:
-    camptocamp/augeas (0.0.1)
     hunner/wordpress (0.6.0)
       puppetlabs/concat (>= 1.0.0)
       puppetlabs/mysql (>= 2.1.0)
       puppetlabs/stdlib (>= 2.3.1)
+    jfryman/nginx (0.0.9)
+      puppetlabs/apt (>= 1.0.0)
+      puppetlabs/concat (>= 1.0.0)
+      puppetlabs/stdlib (>= 0.1.6)
     puppetlabs/apache (0.10.0)
       puppetlabs/concat (>= 1.0.0)
       puppetlabs/stdlib (>= 2.4.0)
+    puppetlabs/apt (1.4.2)
+      puppetlabs/stdlib (>= 2.2.1)
     puppetlabs/concat (1.1.0-rc1)
       puppetlabs/stdlib (>= 3.0.0)
+    puppetlabs/firewall (1.0.2)
     puppetlabs/mysql (2.2.3)
       puppetlabs/stdlib (>= 3.2.0)
     puppetlabs/stdlib (4.1.0)
-    saz/ssh (1.2.0)
+    saz/ssh (2.3.3)
       puppetlabs/stdlib (>= 2.2.1)
     saz/sudo (2.4.3)
 
 DEPENDENCIES
-  camptocamp/augeas (= 0.0.1)
   hunner/wordpress (= 0.6.0)
+  jfryman/nginx (= 0.0.9)
   puppetlabs/apache (= 0.10.0)
+  puppetlabs/firewall (= 1.0.2)
   puppetlabs/mysql (= 2.2.3)
-  saz/ssh (= 1.2.0)
+  saz/ssh (= 2.3.3)
   saz/sudo (= 2.4.3)
 
diff --git a/README.md b/README.md
index fccfc16..f619c21 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,32 @@
 # TC362 - Web Administration
 
+## Installation
+
+Download the bootstrap script, set as executable, and run as root.
+
+## Usage
+
+```
+./bootstrap -s
+```
+
+Setup a server using the site.pp manifest and the master branch.
+
+```
+./bootstrap -s -m final.pp
+```
+
+Setup the server from the final project manifest
+
+```
+./bootstrap
+```
+
+Run the site.pp manifest file without the initial setup configurations.
+
+```
+./bootstrap -m final.pp atomaka/feature/final
+```
+
+Run the final.pp manifest file on the ```atomaka/feature/final``` branch of the
+project.
diff --git a/bootstrap.sh b/bootstrap.sh
index 2533559..5108048 100644
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -3,13 +3,16 @@
 # BOOSTRAP SCRIPT
 # Can take a single param to allow a specific branch to be installed
 
-usage() { echo "Usage: $0 [-s] [branch]" 1>&2; exit 1; }
+usage() { echo "Usage: $0 [-s] [-m MANIFEST_FILE] [BRANCH]" 1>&2; exit 1; }
 
-while getopts "s" o; do
+while getopts "sm:" o; do
   case "${o}" in
     s)
       SETUP=true
       ;;
+    m)
+      MANIFEST=${OPTARG}
+      ;;
     *)
       usage
       ;;
@@ -36,11 +39,16 @@ if [ "$SETUP" = true ] ; then
   dpkg-reconfigure --frontend noninteractive tzdata
 
   # UPGRADE ALL CURRENT PACKAGES
-  apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
+  apt-get update && apt-get upgrade -y
 
   # INSTALL GIT
   apt-get install git -y
 
+  # INSTALL RUBY 1.9.3 (for rails)
+  apt-get install ruby1.9.3 -y
+  update-alternatives --set ruby /usr/bin/ruby1.9.1
+  update-alternatives --set gem /usr/bin/gem1.9.1
+
   # INSTALL RUBYGEMS
   apt-get install rubygems -y
 
@@ -68,4 +76,4 @@ fi
 librarian-puppet install
 
 # RUN MANIFEST
-puppet apply manifests/site.pp --modulepath=modules/
+puppet apply manifests/$MANIFEST --modulepath=modules/
diff --git a/final/server.txt b/final/server.txt
new file mode 100644
index 0000000..7f48b1e
--- /dev/null
+++ b/final/server.txt
@@ -0,0 +1 @@
+final.atomaka.com (162.243.53.120)
diff --git a/manifests/final.pp b/manifests/final.pp
new file mode 100644
index 0000000..0fd4828
--- /dev/null
+++ b/manifests/final.pp
@@ -0,0 +1,162 @@
+# Create a non root user with sudo permissions
+# jeff, with password
+user { 'jeff':
+  ensure     => present,
+  groups     => ['sudo'],
+  managehome => true,
+  shell      => '/bin/bash',
+  password   => '$6$.AURF9sE09Q$..S10CFY7G.AVXzSW//w6GoV6yPzBzdvyUl8a7oyYbW/XzBU.o6AdHxTgTkCSWb64zmN3QoKovoUyLJhE/MFP/',
+}
+
+class { '::ssh::server':
+  storeconfigs_enabled => false,
+  options              => {
+    # Logging in with the root user must be disabled
+    'PermitRootLogin'  => 'no',
+    # SSH must be enabled on a non-standard port
+    'Port'             => [22984],
+  },
+}
+
+# Install a working MySQL server
+class { '::mysql::server': }
+
+# A fully functioning Ruby on Rails installation must be present at your domain
+# name or IP address using the Nginx web server (must show the Rails welcome
+# page)
+# You may use any Rails deployment that works with Nginx
+
+# install nginx
+class { 'nginx': }
+
+# configure nginx proxy
+nginx::resource::upstream { 'welcome_app':
+  members => ['localhost:3000'],
+}
+nginx::resource::vhost { 'final.atomaka.com':
+  proxy => 'http://welcome_app',
+}
+
+# install rails
+package { 'rails':
+  provider => 'gem',
+}
+
+# add rails depends
+package { ['libsqlite3-dev', 'build-essential', 'nodejs']:
+  before => Exec['install rails app']
+}
+
+# add rails user and application
+user { 'rails':
+  ensure     => present,
+  groups     => ['sudo'],
+  managehome => true,
+  shell      => '/bin/bash',
+}
+exec { 'create rails app':
+  command     => 'rails new welcome',
+  user        => 'rails',
+  environment => ['HOME=/home/rails'],
+  path        => '/usr/bin:/usr/local/bin',
+  cwd         => '/home/rails',
+  creates     => '/home/rails/welcome',
+  require     => [
+    Package['rails'],
+    User['rails'],
+  ],
+}
+exec { 'install rails app':
+  command     => 'bundle install --path vendor/bundle',
+  user        => 'rails',
+  environment => ['HOME=/home/rails'],
+  path        => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+  cwd         => '/home/rails/welcome',
+  unless      => 'bundle check',
+  require     => Exec['create rails app'],
+  notify      => Exec['start rails app'],
+}
+exec { 'start rails app':
+  command     => 'rails server -d',
+  user        => 'rails',
+  environment => ['HOME=/home/rails'],
+  path        => '/usr/bin:/usr/local/bin',
+  cwd         => '/home/rails/welcome',
+  refreshonly => true,
+}
+
+# A working firewall using iptables or another Linux firewall
+resources { 'firewall':
+  purge => true,
+}
+class { '::firewall':
+  require => Class['::ssh::server'],
+}
+firewall { '000 accept all icmp':
+  proto  => 'icmp',
+  action => 'accept',
+} ->
+firewall { '001 accept all to lo interface':
+  proto   => 'all',
+  iniface => 'lo',
+  action  => 'accept',
+}->
+firewall { '002 accept related established rules':
+  proto   => 'all',
+  state   => ['RELATED', 'ESTABLISHED'],
+  action  => 'accept',
+}->
+firewall { '100 accept ssh (non-default port)':
+  proto  => 'tcp',
+  dport  => '22984',
+  action => 'accept',
+} ->
+firewall { '200 accept http':
+  proto  => 'tcp',
+  dport  => '80',
+  action => 'accept',
+}
+
+firewall { '999 drop all':
+  proto  => 'all',
+  action => 'drop',
+  before => undef,
+}
+
+# STUFF OUTSIDE SCOPE OF ASSIGNMENT
+# convenience stuff
+package { 'mosh': }
+package { 'zsh': }
+
+# atomaka, with SSH key
+user { 'atomaka':
+  ensure     => present,
+  groups     => ['sudo'],
+  managehome => true,
+  shell      => '/bin/zsh',
+  require    => [
+    Package['zsh'],
+  ],
+}
+file { '/home/atomaka/.ssh':
+  ensure  => directory,
+  owner   => 'atomaka',
+  group   => 'atomaka',
+  mode    => '0700',
+  require => User['atomaka'],
+}
+file { '/home/atomaka/.ssh/authorized_keys':
+  ensure  => present,
+  owner   => 'atomaka',
+  group   => 'atomaka',
+  mode    => '0600',
+  content => file('/tmp/puppet/files/keys/atomaka'),
+  require => File['/home/atomaka/.ssh'],
+}
+
+# sudo no password
+include sudo
+sudo::conf { 'sudo':
+  priority => 10,
+  content  => "%sudo ALL=(ALL) NOPASSWD: ALL\n",
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index cc117d4..97e1ffc 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -65,8 +65,21 @@ package { 'mailutils': }
 include augeas
 include sudo
 
+ssh::server::configline { 'Port': value => '22984' }
+ssh::server::configline { 'PermitRootLogin': value => 'no' }
+ssh::server::configline { 'PasswordAuthentication': value => 'yes' }
+ssh::server::configline { 'AllowUsers/1': value => 'atomaka' }
+ssh::server::configline { 'AllowUsers/2': value => 'jeff' }
+
 class { '::ssh::server':
-  require => Class['augeas'],
+  storeconfigs_enabled       => false,
+  options                    => {
+    'Port'                   => [22984],
+    'PermitRootLogin'        => 'no',
+    'PasswordAuthentication' => 'yes',
+    'AllowUsers/1'           => 'atomaka',
+    'AllowUsers/2'           => 'jeff',
+  },
 }
 
 class { '::apache':
@@ -87,12 +100,6 @@ class { '::wordpress':
 }
 
 # CONFIGURATIONS
-ssh::server::configline { 'Port': value => '22984' }
-ssh::server::configline { 'PermitRootLogin': value => 'no' }
-ssh::server::configline { 'PasswordAuthentication': value => 'yes' }
-ssh::server::configline { 'AllowUsers/1': value => 'atomaka' }
-ssh::server::configline { 'AllowUsers/2': value => 'jeff' }
-
 sudo::conf { 'sudo':
   priority => 10,
   content  => "%sudo ALL=(ALL) NOPASSWD: ALL\n",