Add new modules content.

This module is designed differently. It makes no attempt to manage templates. It still attempts to manage machines, but this should probably move to Puppet tasks or similar, with the static configuration mostly doing cleanup.
author: Hugo Hörnquist <hugo@lysator.liu.se> 2023-06-23 17:33:17 +0200
committer: Hugo Hörnquist <hugo@lysator.liu.se> 2023-06-23 17:33:17 +0200
commit: aede37be1b70ed4e53081682a6ec4814c348cb49 (patch)
tree: 3d29d58540a0ec9a71a3894a90268d3be6088a77 /types
parent: Remove everything. (diff)
download: nspawn-aede37be1b70ed4e53081682a6ec4814c348cb49.tar.gz
nspawn-aede37be1b70ed4e53081682a6ec4814c348cb49.tar.xz
3 files changed, 134 insertions, 0 deletions
diff --git a/types/systemd/bind.pp b/types/systemd/bind.pp
new file mode 100644
index 0000000..9554e9a
--- /dev/null
+++ b/types/systemd/bind.pp
@@ -0,0 +1,12 @@
+type Nspawn::Systemd::Bind = Variant[
+  String,
+  Tuple[String, String],
+  # TODO Typecheck options
+  Tuple[String, String, Array[String]],
+  Struct[{
+      'source'  => String,
+      'dest'    => String,
+      # TODO Typecheck options
+      'options' => Optional[Array[String]],
+  }],
+]
diff --git a/types/systemd/nspawn.pp b/types/systemd/nspawn.pp
new file mode 100644
index 0000000..1b488c8
--- /dev/null
+++ b/types/systemd/nspawn.pp
@@ -0,0 +1,115 @@
+type Nspawn::Systemd::Nspawn = Struct[{
+    'Exec'    => Struct[{
+        'Boot'              => Optional[Boolean],
+        'Ephemeral'         => Optional[Boolean],
+        'ProcessTwo'        => Optional[Boolean],
+        'Parameters'        => Optional[Variant[
+            String,
+            Array[String],
+        ]],
+        'Environment'       => Optional[Hash[String, String]],
+        'User'              => Optional[String],
+        'WorkingDirectory'  => Optional[Stdlib::Unixpath],
+        'PivotRoot'         => Optional[Stdlib::Unixpath],
+        'Capability'        => Optional[Variant[Enum['all'], Array[String]]],
+        'DropCapability'    => Optional[Variant[Enum['all'], Array[String]]],
+        'AmbientCapability' => Optional[Array[String]],
+        'NoNewPrivileges'   => Optional[Boolean],
+        # See signal(7) for valid signals
+        'KillSignal'        => Optional[String],
+        'Personality'       => Optional[Enum['x86', 'x86-64']],
+        'MachineID'         => Optional[Pattern[/\A[A-fa-f0-9]{32}\Z/]],
+        'PrivateUsers'      => Optional[Variant[
+            Integer,
+            Tuple[Integer, Integer],
+            Boolean,
+            Enum['yes', 'no', 'identity', 'pick']
+        ]],
+        'NotifyReady'       => Optional[Boolean],
+        # If first element is '~', then this is a blacklist
+        'SystemCallFilter'  => Optional[Array[String]],
+        'LimitCPU'          => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitFSIZE'        => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitDATA'         => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitSTACK'        => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitCORE'         => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitRSS'          => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitNOFILE'       => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitAS'           => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitNPROC'        => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitMEMLOCK'      => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitLOCKS'        => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitSIGPENDING'   => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitMSGQUEUE'     => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitNICE'         => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitRTPRIO'       => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitRTTIME'       => Optional[Nspawn::Systemd::ResourceLimit],
+        'OOMScoreAdjust'    => Optional[Integer[-1000, 1000]],
+        'CPUAffinity'       => Optional[Array[Variant[Integer, Tuple[Integer, Integer]]]],
+        'Hostname'          => Optional[String],
+        'ResolvConf'        => Optional[Enum[
+            'off',
+            'copy-host',
+            'copy-static',
+            'copy-uplink',
+            'copy-stub',
+            'replace-host',
+            'replace-static',
+            'replace-uplink',
+            'replace-stub',
+            'bind-host',
+            'bind-static',
+            'bind-uplink',
+            'bind-stub',
+            'delete',
+            'auto',
+        ]],
+        'Timezone'          => Optional[Enum[
+            'off',
+            'copy',
+            'bind',
+            'symlink',
+            'delete',
+            'auto',
+        ]],
+        'LinkJournal'       => Optional[Enum[
+            'no',
+            'host',
+            'try-host',
+            'guest',
+            'try-guest',
+            'auto',
+        ]],
+    }],
+    'Files'   => Struct[{
+        'ReadOnly'              => Optional[Boolean],
+        'Volatile'              => Optional[Variant[Boolean, Enum['state']]],
+        'Bind'                  => Optional[Array[Nspawn::Systemd::Bind]],
+        'BindReadOnly'          => Optional[Array[Nspawn::Systemd::Bind]],
+        # TODO Can binduser appear multiple times?
+        'BindUser'              => Optional[Array[String]],
+        # TODO Can tmpfs appear multiple times?
+        # TODO options type
+        'TemporaryFileSystem'   => Optional[Array[Variant[String, Tuple[String, String]]]],
+        'Inaccessible'          => Optional[Array[Stdlib::Unixpath]],
+        'Overlay'               => Optional[Array[Array[String, 2]]],
+        'OverlayReadOnly'       => Optional[Array[Array[String, 2]]],
+        'PrivateUsersOwnership' => Optional[Enum['off', 'chown', 'map', 'auto']],
+    }],
+    'Network' => Struct[{
+        'Private'              => Optional[Boolean],
+        'VirtualEthernet'      => Optional[Boolean],
+        'VirtualEthernetExtra' => Optional[Array[Variant[String, Tuple[String, String]]]],
+        'Interface'            => Optional[Array[String]],
+        'MACVLAN'              => Optional[Array[String]],
+        'IPVLAN'               => Optional[Array[String]],
+        'Bridge'               => Optional[String],
+        'Zone'                 => Optional[String],
+        'Port'                 => Optional[Array[Variant[
+              Tuple[Enum['tcp', 'udp'], Stdlib::Port, Stdlib::Port],
+              Tuple[Enum['tcp', 'udp'], Stdlib::Port],
+              Tuple[Stdlib::Port, Stdlib::Port],
+              Tuple[Stdlib::Port],
+        ]]],
+    }],
+}]
diff --git a/types/systemd/resourcelimit b/types/systemd/resourcelimit
new file mode 100644
index 0000000..3558fb5
--- /dev/null
+++ b/types/systemd/resourcelimit
@@ -0,0 +1,7 @@
+type Nspawn::Systemd::ResourceLimit = Variant[
+  Variant[Integer, enum['infinity']],
+  Tuple[
+    Variant[Integer, enum['infinity']],
+    Variant[Integer, enum['infinity']],
+  ]
+]
author	Hugo Hörnquist <hugo@lysator.liu.se>	2023-06-23 17:33:17 +0200
committer	Hugo Hörnquist <hugo@lysator.liu.se>	2023-06-23 17:33:17 +0200
commit	aede37be1b70ed4e53081682a6ec4814c348cb49 (patch)
tree	3d29d58540a0ec9a71a3894a90268d3be6088a77 /types
parent	Remove everything. (diff)
download	nspawn-aede37be1b70ed4e53081682a6ec4814c348cb49.tar.gz nspawn-aede37be1b70ed4e53081682a6ec4814c348cb49.tar.xz