diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-23 17:33:17 +0200 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-23 17:33:17 +0200 |
commit | aede37be1b70ed4e53081682a6ec4814c348cb49 (patch) | |
tree | 3d29d58540a0ec9a71a3894a90268d3be6088a77 /types/systemd/nspawn.pp | |
parent | Remove everything. (diff) | |
download | nspawn-aede37be1b70ed4e53081682a6ec4814c348cb49.tar.gz nspawn-aede37be1b70ed4e53081682a6ec4814c348cb49.tar.xz |
Add new modules content.
This module is designed differently. It makes no attempt to manage
templates. It still attempts to manage machines, but this should
probably move to Puppet tasks or similar, with the static configuration
mostly doing cleanup.
Diffstat (limited to '')
-rw-r--r-- | types/systemd/nspawn.pp | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/types/systemd/nspawn.pp b/types/systemd/nspawn.pp new file mode 100644 index 0000000..1b488c8 --- /dev/null +++ b/types/systemd/nspawn.pp @@ -0,0 +1,115 @@ +type Nspawn::Systemd::Nspawn = Struct[{ + 'Exec' => Struct[{ + 'Boot' => Optional[Boolean], + 'Ephemeral' => Optional[Boolean], + 'ProcessTwo' => Optional[Boolean], + 'Parameters' => Optional[Variant[ + String, + Array[String], + ]], + 'Environment' => Optional[Hash[String, String]], + 'User' => Optional[String], + 'WorkingDirectory' => Optional[Stdlib::Unixpath], + 'PivotRoot' => Optional[Stdlib::Unixpath], + 'Capability' => Optional[Variant[Enum['all'], Array[String]]], + 'DropCapability' => Optional[Variant[Enum['all'], Array[String]]], + 'AmbientCapability' => Optional[Array[String]], + 'NoNewPrivileges' => Optional[Boolean], + # See signal(7) for valid signals + 'KillSignal' => Optional[String], + 'Personality' => Optional[Enum['x86', 'x86-64']], + 'MachineID' => Optional[Pattern[/\A[A-fa-f0-9]{32}\Z/]], + 'PrivateUsers' => Optional[Variant[ + Integer, + Tuple[Integer, Integer], + Boolean, + Enum['yes', 'no', 'identity', 'pick'] + ]], + 'NotifyReady' => Optional[Boolean], + # If first element is '~', then this is a blacklist + 'SystemCallFilter' => Optional[Array[String]], + 'LimitCPU' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitFSIZE' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitDATA' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitSTACK' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitCORE' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitRSS' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitNOFILE' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitAS' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitNPROC' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitMEMLOCK' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitLOCKS' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitSIGPENDING' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitMSGQUEUE' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitNICE' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitRTPRIO' => Optional[Nspawn::Systemd::ResourceLimit], + 'LimitRTTIME' => Optional[Nspawn::Systemd::ResourceLimit], + 'OOMScoreAdjust' => Optional[Integer[-1000, 1000]], + 'CPUAffinity' => Optional[Array[Variant[Integer, Tuple[Integer, Integer]]]], + 'Hostname' => Optional[String], + 'ResolvConf' => Optional[Enum[ + 'off', + 'copy-host', + 'copy-static', + 'copy-uplink', + 'copy-stub', + 'replace-host', + 'replace-static', + 'replace-uplink', + 'replace-stub', + 'bind-host', + 'bind-static', + 'bind-uplink', + 'bind-stub', + 'delete', + 'auto', + ]], + 'Timezone' => Optional[Enum[ + 'off', + 'copy', + 'bind', + 'symlink', + 'delete', + 'auto', + ]], + 'LinkJournal' => Optional[Enum[ + 'no', + 'host', + 'try-host', + 'guest', + 'try-guest', + 'auto', + ]], + }], + 'Files' => Struct[{ + 'ReadOnly' => Optional[Boolean], + 'Volatile' => Optional[Variant[Boolean, Enum['state']]], + 'Bind' => Optional[Array[Nspawn::Systemd::Bind]], + 'BindReadOnly' => Optional[Array[Nspawn::Systemd::Bind]], + # TODO Can binduser appear multiple times? + 'BindUser' => Optional[Array[String]], + # TODO Can tmpfs appear multiple times? + # TODO options type + 'TemporaryFileSystem' => Optional[Array[Variant[String, Tuple[String, String]]]], + 'Inaccessible' => Optional[Array[Stdlib::Unixpath]], + 'Overlay' => Optional[Array[Array[String, 2]]], + 'OverlayReadOnly' => Optional[Array[Array[String, 2]]], + 'PrivateUsersOwnership' => Optional[Enum['off', 'chown', 'map', 'auto']], + }], + 'Network' => Struct[{ + 'Private' => Optional[Boolean], + 'VirtualEthernet' => Optional[Boolean], + 'VirtualEthernetExtra' => Optional[Array[Variant[String, Tuple[String, String]]]], + 'Interface' => Optional[Array[String]], + 'MACVLAN' => Optional[Array[String]], + 'IPVLAN' => Optional[Array[String]], + 'Bridge' => Optional[String], + 'Zone' => Optional[String], + 'Port' => Optional[Array[Variant[ + Tuple[Enum['tcp', 'udp'], Stdlib::Port, Stdlib::Port], + Tuple[Enum['tcp', 'udp'], Stdlib::Port], + Tuple[Stdlib::Port, Stdlib::Port], + Tuple[Stdlib::Port], + ]]], + }], +}] |