diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp
index c19dcd6b85..6660e0f4da 100644
--- a/modules/gerrit/manifests/init.pp
+++ b/modules/gerrit/manifests/init.pp
@@ -45,7 +45,6 @@
 #       http://tarballs.openstack.org/ci/gerrit-2.3.0.war
 #     Gerrit will be upgraded on the next puppet run.
 
-# TODO: move closing github pull requests to another module
 # TODO: move apache configuration to another module
 # TODO: move mysql configuration to another module
 # TODO: make more gerrit options configurable here
@@ -68,7 +67,6 @@ class gerrit($virtual_hostname='',
       $httpd_minthreads='',
       $httpd_maxthreads='',
       $httpd_maxwait='',
-      $github_projects = [],
       $commentlinks = [],
       $logo,
       $war,
@@ -77,8 +75,6 @@ class gerrit($virtual_hostname='',
       $script_site,
       $enable_melody = 'false',
       $melody_session = 'false',
-      $github_user,
-      $github_token,
       $mysql_password,
       $email_private_key
   ) {
@@ -102,7 +98,6 @@ class gerrit($virtual_hostname='',
   }
 
   $packages = ["gitweb",
-               "python-dev",
 	       "openjdk-6-jre-headless",
 	       "mysql-server",
 	       "python-mysqldb",      # for launchpad sync script
@@ -114,17 +109,6 @@ class gerrit($virtual_hostname='',
     ensure => present,
   }
 
-  package { "python-pip":
-    ensure => present,
-    require => Package[python-dev]
-  }
-
-  package { "PyGithub":
-    ensure => latest,  # okay to use latest for pip
-    provider => pip,
-    require => Package[python-pip]
-  }
-
   # Skip cron jobs if we're in test mode
   if ($testmode == false) {
 
@@ -135,13 +119,6 @@ class gerrit($virtual_hostname='',
       require => File['/usr/local/gerrit/scripts'],
     }
 
-    cron { "gerritclosepull":
-      user => gerrit2,
-      minute => "*/5",
-      command => 'sleep $((RANDOM\%60+90)) && python /usr/local/gerrit/scripts/close_pull_requests.py',
-      require => File['/usr/local/gerrit/scripts'],
-    }
-
     cron { "expireoldreviews":
       user => gerrit2,
       hour => 6,
@@ -209,16 +186,6 @@ class gerrit($virtual_hostname='',
     require => File["/home/gerrit2/review_site"]
   }
 
-  file { '/home/gerrit2/github.config':
-    owner => 'root',
-    group => 'root',
-    mode => 444,
-    ensure => 'present',
-    content => template('gerrit/github.config.erb'),
-    replace => 'true',
-    require => User["gerrit2"]
-  }
-
   file { '/home/gerrit2/review_site/static/title.png':
     ensure => 'present',
     source => "puppet:///modules/gerrit/${logo}",
@@ -294,17 +261,6 @@ class gerrit($virtual_hostname='',
   }
 
   # Secret files.
-  # TODO: move the first two into other modules since they aren't for gerrit.
-
-  file { '/home/gerrit2/github.secure.config':
-    owner => 'root',
-    group => 'gerrit2',
-    mode => 440,
-    ensure => 'present',
-    content => template('gerrit/github.secure.config.erb'),
-    replace => 'true',
-    require => User['gerrit2']
-  }
 
   # Gerrit sets these permissions in 'init'; don't fight them.  If
   # these permissions aren't set correctly, gerrit init will write a
diff --git a/modules/gerrit/templates/github.secure.config.erb b/modules/gerrit/templates/github.secure.config.erb
deleted file mode 100644
index c23de8ca36..0000000000
--- a/modules/gerrit/templates/github.secure.config.erb
+++ /dev/null
@@ -1,3 +0,0 @@
-[github]
-username = <%= github_user %>
-oauth_token = <%= github_token %>
diff --git a/modules/gerrit/files/scripts/close_pull_requests.py b/modules/github/files/scripts/close_pull_requests.py
similarity index 100%
rename from modules/gerrit/files/scripts/close_pull_requests.py
rename to modules/github/files/scripts/close_pull_requests.py
diff --git a/modules/github/manifests/init.pp b/modules/github/manifests/init.pp
new file mode 100644
index 0000000000..b2fc5ce0b7
--- /dev/null
+++ b/modules/github/manifests/init.pp
@@ -0,0 +1,87 @@
+class github (
+              $username,
+              $oauth_token,
+              $projects = []
+             ) {
+
+  package { "python-dev":
+    ensure => present,
+  }
+
+  package { "python-pip":
+    ensure => present,
+    require => Package[python-dev]
+  }
+
+  package { "PyGithub":
+    ensure => latest,  # okay to use latest for pip
+    provider => pip,
+    require => Package[python-pip]
+  }
+
+  group { "github":
+    ensure => present
+  }
+
+  user { "github":
+    ensure => present,
+    comment => "Github API User",
+    shell => "/bin/bash",
+    gid => "github",
+    require => Group["github"]
+  }
+
+  file { '/etc/github':
+    owner => 'root',
+    group => 'root',
+    mode => 755,
+    ensure => 'directory',
+  }
+
+  file { '/etc/github/github.config':
+    owner => 'root',
+    group => 'root',
+    mode => 444,
+    ensure => 'present',
+    content => template('github/github.config.erb'),
+    replace => 'true',
+    require => File['/etc/github'],
+  }
+
+  file { '/etc/github/github.secure.config':
+    owner => 'root',
+    group => 'github',
+    mode => 440,
+    ensure => 'present',
+    content => template('gerrit/github.secure.config.erb'),
+    replace => 'true',
+    require => [Group['github'], File['/etc/github']],
+  }
+
+  file { '/usr/local/github':
+    owner => 'root',
+    group => 'root',
+    mode => 755,
+    ensure => 'directory',
+  }
+
+  file { '/usr/local/github/scripts':
+    owner => 'root',
+    group => 'root',
+    mode => 755,
+    ensure => 'directory',
+    recurse => true,
+    require => File['/usr/local/github'],
+    source => [
+                "puppet:///modules/github/scripts",
+              ],
+  }
+
+  cron { "githubclosepull":
+    user => github,
+    minute => "*/5",
+    command => 'sleep $((RANDOM\%60+90)) && python /usr/local/github/scripts/close_pull_requests.py',
+    require => File['/usr/local/github/scripts'],
+  }
+
+}
diff --git a/modules/gerrit/templates/github.config.erb b/modules/github/templates/github.config.erb
similarity index 80%
rename from modules/gerrit/templates/github.config.erb
rename to modules/github/templates/github.config.erb
index 6a55734f35..2945ae9356 100644
--- a/modules/gerrit/templates/github.config.erb
+++ b/modules/github/templates/github.config.erb
@@ -1,7 +1,7 @@
 # This file is managed by puppet.
 # https://github.com/openstack/openstack-ci-puppet
 
-<% github_projects.each do |project| -%>
+<% projects.each do |project| -%>
 [project "<%= project['name'] %>"]
 close_pull = <%= project['close_pull'] %>
 <% end -%>
diff --git a/modules/github/templates/github.secure.config.erb b/modules/github/templates/github.secure.config.erb
new file mode 100644
index 0000000000..92e1493c7b
--- /dev/null
+++ b/modules/github/templates/github.secure.config.erb
@@ -0,0 +1,3 @@
+[github]
+username = <%= username %>
+oauth_token = <%= oauth_token %>
diff --git a/modules/openstack_project/manifests/gerrit.pp b/modules/openstack_project/manifests/gerrit.pp
index 67d8bc7b7b..a03f275990 100644
--- a/modules/openstack_project/manifests/gerrit.pp
+++ b/modules/openstack_project/manifests/gerrit.pp
@@ -49,7 +49,6 @@ class openstack_project::gerrit (
     httpd_minthreads => $httpd_minthreads,
     httpd_maxthreads => $httpd_maxthreads,
     httpd_maxwait => $httpd_maxwait,
-    github_projects => $github_projects,
     commentlinks => [ { name => 'changeid',
                         match => '(I[0-9a-f]{8,40})',
                         link => '#q,$1,n,z' },
@@ -65,9 +64,12 @@ class openstack_project::gerrit (
     war => $war,
     script_user => $script_user,
     script_key_file => $script_key_file,
-    github_user => $github_user,
-    github_token => $github_token,
     mysql_password => $mysql_password,
     email_private_key => $email_private_key
   }
+  class { 'github':
+    github_projects => $github_projects,
+    github_user => $github_username,
+    github_token => $github_oauth_token,
+  }
 }
diff --git a/modules/openstack_project/manifests/review.pp b/modules/openstack_project/manifests/review.pp
index 310ebb075e..efb27fda7a 100644
--- a/modules/openstack_project/manifests/review.pp
+++ b/modules/openstack_project/manifests/review.pp
@@ -37,12 +37,12 @@ class openstack_project::review {
     core_packedgitwindowsize => '16k',
     sshd_threads => '100',
     httpd_maxwait => '5000min',
-    github_projects => $openstack_project::project_list,
     war => 'http://tarballs.openstack.org/ci/gerrit-2.4.1-10-g63110fd.war',
     script_user => 'launchpadsync',
     script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
-    github_user => 'openstack-gerrit',
-    github_token => hiera('gerrit_github_token'),
+    github_projects => $openstack_project::project_list,
+    github_username => 'openstack-gerrit',
+    github_oauth_token => hiera('gerrit_github_token'),
     mysql_password => hiera('gerrit_mysql_password'),
     email_private_key => hiera('gerrit_email_private_key'),
   }
diff --git a/modules/openstack_project/manifests/review_dev.pp b/modules/openstack_project/manifests/review_dev.pp
index 6b364ae8c1..af879d2509 100644
--- a/modules/openstack_project/manifests/review_dev.pp
+++ b/modules/openstack_project/manifests/review_dev.pp
@@ -4,15 +4,15 @@ class openstack_project::review_dev {
     ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
     ssl_chain_file => '',
     email => "review-dev@openstack.org",
+    war => 'http://tarballs.openstack.org/ci/gerrit-2.4.2-10-g93ffc27.war',
+    script_user => 'update',
+    script_key_file => '/home/gerrit2/.ssh/id_rsa',
     github_projects => [ {
                          name => 'gtest-org/test',
                          close_pull => 'true'
                          } ],
-    war => 'http://tarballs.openstack.org/ci/gerrit-2.4.2-10-g93ffc27.war',
-    script_user => 'update',
-    script_key_file => '/home/gerrit2/.ssh/id_rsa',
-    github_user => 'openstack-gerrit-dev',
-    github_token => hiera('gerrit_dev_github_token'),
+    github_username => 'openstack-gerrit-dev',
+    github_oauth_token => hiera('gerrit_dev_github_token'),
     mysql_password => hiera('gerrit_dev_mysql_password'),
     email_private_key => hiera('gerrit_dev_email_private_key')
   }