1 files changed, 115 insertions, 0 deletions

diff --git a/types/systemd/nspawn.pp b/types/systemd/nspawn.pp
new file mode 100644
index 0000000..1b488c8
--- /dev/null
+++ b/types/systemd/nspawn.pp
@@ -0,0 +1,115 @@
+type Nspawn::Systemd::Nspawn = Struct[{
+    'Exec'    => Struct[{
+        'Boot'              => Optional[Boolean],
+        'Ephemeral'         => Optional[Boolean],
+        'ProcessTwo'        => Optional[Boolean],
+        'Parameters'        => Optional[Variant[
+            String,
+            Array[String],
+        ]],
+        'Environment'       => Optional[Hash[String, String]],
+        'User'              => Optional[String],
+        'WorkingDirectory'  => Optional[Stdlib::Unixpath],
+        'PivotRoot'         => Optional[Stdlib::Unixpath],
+        'Capability'        => Optional[Variant[Enum['all'], Array[String]]],
+        'DropCapability'    => Optional[Variant[Enum['all'], Array[String]]],
+        'AmbientCapability' => Optional[Array[String]],
+        'NoNewPrivileges'   => Optional[Boolean],
+        # See signal(7) for valid signals
+        'KillSignal'        => Optional[String],
+        'Personality'       => Optional[Enum['x86', 'x86-64']],
+        'MachineID'         => Optional[Pattern[/\A[A-fa-f0-9]{32}\Z/]],
+        'PrivateUsers'      => Optional[Variant[
+            Integer,
+            Tuple[Integer, Integer],
+            Boolean,
+            Enum['yes', 'no', 'identity', 'pick']
+        ]],
+        'NotifyReady'       => Optional[Boolean],
+        # If first element is '~', then this is a blacklist
+        'SystemCallFilter'  => Optional[Array[String]],
+        'LimitCPU'          => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitFSIZE'        => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitDATA'         => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitSTACK'        => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitCORE'         => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitRSS'          => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitNOFILE'       => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitAS'           => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitNPROC'        => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitMEMLOCK'      => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitLOCKS'        => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitSIGPENDING'   => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitMSGQUEUE'     => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitNICE'         => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitRTPRIO'       => Optional[Nspawn::Systemd::ResourceLimit],
+        'LimitRTTIME'       => Optional[Nspawn::Systemd::ResourceLimit],
+        'OOMScoreAdjust'    => Optional[Integer[-1000, 1000]],
+        'CPUAffinity'       => Optional[Array[Variant[Integer, Tuple[Integer, Integer]]]],
+        'Hostname'          => Optional[String],
+        'ResolvConf'        => Optional[Enum[
+            'off',
+            'copy-host',
+            'copy-static',
+            'copy-uplink',
+            'copy-stub',
+            'replace-host',
+            'replace-static',
+            'replace-uplink',
+            'replace-stub',
+            'bind-host',
+            'bind-static',
+            'bind-uplink',
+            'bind-stub',
+            'delete',
+            'auto',
+        ]],
+        'Timezone'          => Optional[Enum[
+            'off',
+            'copy',
+            'bind',
+            'symlink',
+            'delete',
+            'auto',
+        ]],
+        'LinkJournal'       => Optional[Enum[
+            'no',
+            'host',
+            'try-host',
+            'guest',
+            'try-guest',
+            'auto',
+        ]],
+    }],
+    'Files'   => Struct[{
+        'ReadOnly'              => Optional[Boolean],
+        'Volatile'              => Optional[Variant[Boolean, Enum['state']]],
+        'Bind'                  => Optional[Array[Nspawn::Systemd::Bind]],
+        'BindReadOnly'          => Optional[Array[Nspawn::Systemd::Bind]],
+        # TODO Can binduser appear multiple times?
+        'BindUser'              => Optional[Array[String]],
+        # TODO Can tmpfs appear multiple times?
+        # TODO options type
+        'TemporaryFileSystem'   => Optional[Array[Variant[String, Tuple[String, String]]]],
+        'Inaccessible'          => Optional[Array[Stdlib::Unixpath]],
+        'Overlay'               => Optional[Array[Array[String, 2]]],
+        'OverlayReadOnly'       => Optional[Array[Array[String, 2]]],
+        'PrivateUsersOwnership' => Optional[Enum['off', 'chown', 'map', 'auto']],
+    }],
+    'Network' => Struct[{
+        'Private'              => Optional[Boolean],
+        'VirtualEthernet'      => Optional[Boolean],
+        'VirtualEthernetExtra' => Optional[Array[Variant[String, Tuple[String, String]]]],
+        'Interface'            => Optional[Array[String]],
+        'MACVLAN'              => Optional[Array[String]],
+        'IPVLAN'               => Optional[Array[String]],
+        'Bridge'               => Optional[String],
+        'Zone'                 => Optional[String],
+        'Port'                 => Optional[Array[Variant[
+              Tuple[Enum['tcp', 'udp'], Stdlib::Port, Stdlib::Port],
+              Tuple[Enum['tcp', 'udp'], Stdlib::Port],
+              Tuple[Stdlib::Port, Stdlib::Port],
+              Tuple[Stdlib::Port],
+        ]]],
+    }],
+}]