diff options
Diffstat (limited to 'manifests/machine/nspawn.pp')
| -rw-r--r-- | manifests/machine/nspawn.pp | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/manifests/machine/nspawn.pp b/manifests/machine/nspawn.pp new file mode 100644 index 0000000..f00df40 --- /dev/null +++ b/manifests/machine/nspawn.pp @@ -0,0 +1,165 @@ +# @summary Create a single nspawn file. +# @param config +# Configuration for the nspawn file. +# @param name +# Name of the machine, will be used for the filename. +# @param ensure +# @api private +define nspawn::machine::nspawn ( + Nspawn::Systemd::Nspawn $config, + String $machine_name = $name, + Enum['absent', 'present'] $ensure = 'present', +) { + $exec = $config['Exec'].map |$key, $value| { + if $value =~ Undef { + [] + } elsif $key in [ + 'Boot', 'Ephemeral', 'ProcessTwo', + 'NoNewPrivileges', 'NotifyReady', + ] { + $value_ = if $value { 'yes' } else { 'no' } + ["${key}=${value_}"] + } elsif $key in [ + 'User', 'WorkingDirectory', 'PivotRoot', 'AmbientCapability', + 'KillSignal', 'Personality', 'MachineID', 'Hostname', + 'ResolvConf', 'Timezone', 'LinkJournal', + ] { + ["${key}=${value}"] + } elsif $key == 'Parameters' { + $value_ = $value ? { + String => "${key}=${value}", + default => "${key}=" + ($value.map |$param| { + if ' ' in $param { + if '"' in $param { + "'${param}'" + } else { + "\"${param}\"" + } + } else { + $param + } + }.join(' ')) + } + ["${key}=${value_}"] + } elsif $key in ['Environment'] { + $value.map |$k, $v| { + "Environment=${k}=${v}" + } + } elsif $key in ['Capability', 'DropCapability'] { + $value_ = if $value == 'all' { + 'all' + } else { + $value.join(' ') + } + ["${key}=${value_}"] + } elsif $key in ['PrivateUsers'] { + $value_ = $value ? { + Boolean => if $value { 'yes' } else { 'no' }, + Tuple => $value.join(':'), + default => $value, + } + ["${key}=${value_}"] + } elsif $key in ['SystemCallFilter'] { + ["${key}=${$value.join(' ')}"] + } elsif $key =~ /^Limit.*/ { + $value_ = $value ? { + Tuple => $value.join(':'), + default => $value, + } + ["${key}=${value_}"] + } + } + + $files = $config['Files'].map |$key, $value| { + if $value =~ Undef { + [] + } elsif $key in ['ReadOnly'] { + if $value { + ["${key}=yes"] + } else { + ["${key}=no"] + } + } elsif $key in ['PrivateUsersOwnership'] { + ["${key}=${value}"] + } elsif $key in ['BindUser', 'Inaccessible'] { + $value.map |$v| { + "${key}=${value}" + } + } elsif $key in ['Volatile'] { + $value_ = $value ? { + Boolean => if $value { 'yes' } else { 'no' }, + default => $value, + } + ["${key}=${value_}"] + } elsif $key in ['Bind', 'BindReadOnly'] { + $value_ = $value.map |$v| { + $value_ = $v ? { + Tuple[String, String] => $v.join(':'), + Tuple[String, String, Array] => "${v[0]}:${v[1]}:${v[2].join(':')}", + Struct => "${v['source']}:${v['dest']}" + if $v['options'] =~ Undef { + '' + } else { + $v['options'].join(':') + }, + default => $v, + } + ["${key}=${value_}"] + } + } elsif $key in ['TemporaryFileSystem'] { + $value.map |$v| { + $value_ = $v ? { + Tuple => $v.join(':'), + default => $v, + } + "${key}=${value_}" + } + } elsif $key in ['Overlay'] { + $value.map |$v| { + "${key}=${$v.join(':')}" + } + } + } + + # TODO + $network = $config['Network'].map |$key, $value| { + if $key in [ + 'Private', 'VirtualEthernet', + ] { + if $value { + ["${key}=yes"] + } else { + ["${key}=no"] + } + } elsif $key in [ + 'Bridge', 'Zone', + ] { + ["${key}=${value}"] + } elsif $key in ['MACVLAN', 'IPVLAN', 'Interface'] { + "${key}=${value.join(' ')}" + } elsif $key in ['VirtualEthernetExtra'] { + $value.map |$v| { + $value_ = $v ? { + Tuple => $v.join(':'), + default => $v, + } + "${key}=${value_}" + } + } elsif $key in ['Port'] { + $value.map |$v| { + "${key}=${v.join(':')}" + } + } + } + + $hash = { + 'Exec' => $files.reduce([]) |$a, $b| { $a + $b }, + 'Files' => $exec.reduce([]) |$a, $b| { $a + $b }, + 'Network' => $network.reduce([]) |$a, $b| { $a + $b }, + }.map |$x| { $x } + + file { "${nspawn::nspawn_dir}/${machine_name}.nspawn": + ensure => $ensure, + content => epp("${module_name}/service.epp", { 'settings' => $hash }), + show_diff => true, + } +} |