From b621bda52ba4df42c03b1342bef985b52f377136 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Fri, 23 Jun 2023 18:42:47 +0200 Subject: Config base. --- manifests/init.pp | 6 +- manifests/machine.pp | 2 +- types/systemd/nspawn.pp | 226 ++++++++++++++++++++++++------------------------ 3 files changed, 115 insertions(+), 119 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index fee1e9a..0bb06fe 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -14,11 +14,7 @@ # @param purge # Should old .nspawn files be purged. class nspawn ( - Nspawn::Systemd::Nspawn $config = { - 'Exec' => {}, - 'Files' => {}, - 'Network' => {}, - }, + Nspawn::Systemd::Nspawn $config = {}, Stdlib::Absolutepath $template_dir = '/var/lib/templates', Hash[String, Hash[String, Any]] $machines = {}, Boolean $purge = true, diff --git a/manifests/machine.pp b/manifests/machine.pp index 25ee47c..17cd3a9 100644 --- a/manifests/machine.pp +++ b/manifests/machine.pp @@ -32,7 +32,7 @@ define nspawn::machine ( Variant[String, Enum['none']] $template, String $domain = $trusted['domain'], - Nspawn::Systemd::Nspawn $config, + Nspawn::Systemd::Nspawn $config = {}, Enum['deep', 'shallow', 'override'] $merge = 'deep', Enum['present', 'absent'] $ensure = 'present', ) { diff --git a/types/systemd/nspawn.pp b/types/systemd/nspawn.pp index 42142d8..0709714 100644 --- a/types/systemd/nspawn.pp +++ b/types/systemd/nspawn.pp @@ -1,115 +1,115 @@ type Nspawn::Systemd::Nspawn = Struct[{ - 'Exec' => Struct[{ - 'Boot' => Optional[Boolean], - 'Ephemeral' => Optional[Boolean], - 'ProcessTwo' => Optional[Boolean], - 'Parameters' => Optional[Variant[ - String, - Array[String], - ]], - 'Environment' => Optional[Hash[String, String]], - 'User' => Optional[String], - 'WorkingDirectory' => Optional[Stdlib::Unixpath], - 'PivotRoot' => Optional[Stdlib::Unixpath], - 'Capability' => Optional[Variant[Enum['all'], Array[String]]], - 'DropCapability' => Optional[Variant[Enum['all'], Array[String]]], - 'AmbientCapability' => Optional[Array[String]], - 'NoNewPrivileges' => Optional[Boolean], - # See signal(7) for valid signals - 'KillSignal' => Optional[String], - 'Personality' => Optional[Enum['x86', 'x86-64']], - 'MachineID' => Optional[Pattern[/\A[A-fa-f0-9]{32}\Z/]], - 'PrivateUsers' => Optional[Variant[ - Integer, - Tuple[Integer, Integer], - Boolean, - Enum['yes', 'no', 'identity', 'pick'] - ]], - 'NotifyReady' => Optional[Boolean], - # If first element is '~', then this is a blacklist - 'SystemCallFilter' => Optional[Array[String]], - 'LimitCPU' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitFSIZE' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitDATA' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitSTACK' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitCORE' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitRSS' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitNOFILE' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitAS' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitNPROC' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitMEMLOCK' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitLOCKS' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitSIGPENDING' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitMSGQUEUE' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitNICE' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitRTPRIO' => Optional[Nspawn::Systemd::Resourcelimit], - 'LimitRTTIME' => Optional[Nspawn::Systemd::Resourcelimit], - 'OOMScoreAdjust' => Optional[Integer[-1000, 1000]], - 'CPUAffinity' => Optional[Array[Variant[Integer, Tuple[Integer, Integer]]]], - 'Hostname' => Optional[String], - 'ResolvConf' => Optional[Enum[ - 'off', - 'copy-host', - 'copy-static', - 'copy-uplink', - 'copy-stub', - 'replace-host', - 'replace-static', - 'replace-uplink', - 'replace-stub', - 'bind-host', - 'bind-static', - 'bind-uplink', - 'bind-stub', - 'delete', - 'auto', - ]], - 'Timezone' => Optional[Enum[ - 'off', - 'copy', - 'bind', - 'symlink', - 'delete', - 'auto', - ]], - 'LinkJournal' => Optional[Enum[ - 'no', - 'host', - 'try-host', - 'guest', - 'try-guest', - 'auto', - ]], - }], - 'Files' => Struct[{ - 'ReadOnly' => Optional[Boolean], - 'Volatile' => Optional[Variant[Boolean, Enum['state']]], - 'Bind' => Optional[Array[Nspawn::Systemd::Bind]], - 'BindReadOnly' => Optional[Array[Nspawn::Systemd::Bind]], - # TODO Can binduser appear multiple times? - 'BindUser' => Optional[Array[String]], - # TODO Can tmpfs appear multiple times? - # TODO options type - 'TemporaryFileSystem' => Optional[Array[Variant[String, Tuple[String, String]]]], - 'Inaccessible' => Optional[Array[Stdlib::Unixpath]], - 'Overlay' => Optional[Array[Array[String, 2]]], - 'OverlayReadOnly' => Optional[Array[Array[String, 2]]], - 'PrivateUsersOwnership' => Optional[Enum['off', 'chown', 'map', 'auto']], - }], - 'Network' => Struct[{ - 'Private' => Optional[Boolean], - 'VirtualEthernet' => Optional[Boolean], - 'VirtualEthernetExtra' => Optional[Array[Variant[String, Tuple[String, String]]]], - 'Interface' => Optional[Array[String]], - 'MACVLAN' => Optional[Array[String]], - 'IPVLAN' => Optional[Array[String]], - 'Bridge' => Optional[String], - 'Zone' => Optional[String], - 'Port' => Optional[Array[Variant[ - Tuple[Enum['tcp', 'udp'], Stdlib::Port, Stdlib::Port], - Tuple[Enum['tcp', 'udp'], Stdlib::Port], - Tuple[Stdlib::Port, Stdlib::Port], - Tuple[Stdlib::Port], - ]]], - }], + 'Exec' => Optional[Struct[{ + 'Boot' => Optional[Boolean], + 'Ephemeral' => Optional[Boolean], + 'ProcessTwo' => Optional[Boolean], + 'Parameters' => Optional[Variant[ + String, + Array[String], + ]], + 'Environment' => Optional[Hash[String, String]], + 'User' => Optional[String], + 'WorkingDirectory' => Optional[Stdlib::Unixpath], + 'PivotRoot' => Optional[Stdlib::Unixpath], + 'Capability' => Optional[Variant[Enum['all'], Array[String]]], + 'DropCapability' => Optional[Variant[Enum['all'], Array[String]]], + 'AmbientCapability' => Optional[Array[String]], + 'NoNewPrivileges' => Optional[Boolean], + # See signal(7) for valid signals + 'KillSignal' => Optional[String], + 'Personality' => Optional[Enum['x86', 'x86-64']], + 'MachineID' => Optional[Pattern[/\A[A-fa-f0-9]{32}\Z/]], + 'PrivateUsers' => Optional[Variant[ + Integer, + Tuple[Integer, Integer], + Boolean, + Enum['yes', 'no', 'identity', 'pick'] + ]], + 'NotifyReady' => Optional[Boolean], + # If first element is '~', then this is a blacklist + 'SystemCallFilter' => Optional[Array[String]], + 'LimitCPU' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitFSIZE' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitDATA' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitSTACK' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitCORE' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitRSS' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitNOFILE' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitAS' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitNPROC' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitMEMLOCK' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitLOCKS' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitSIGPENDING' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitMSGQUEUE' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitNICE' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitRTPRIO' => Optional[Nspawn::Systemd::Resourcelimit], + 'LimitRTTIME' => Optional[Nspawn::Systemd::Resourcelimit], + 'OOMScoreAdjust' => Optional[Integer[-1000, 1000]], + 'CPUAffinity' => Optional[Array[Variant[Integer, Tuple[Integer, Integer]]]], + 'Hostname' => Optional[String], + 'ResolvConf' => Optional[Enum[ + 'off', + 'copy-host', + 'copy-static', + 'copy-uplink', + 'copy-stub', + 'replace-host', + 'replace-static', + 'replace-uplink', + 'replace-stub', + 'bind-host', + 'bind-static', + 'bind-uplink', + 'bind-stub', + 'delete', + 'auto', + ]], + 'Timezone' => Optional[Enum[ + 'off', + 'copy', + 'bind', + 'symlink', + 'delete', + 'auto', + ]], + 'LinkJournal' => Optional[Enum[ + 'no', + 'host', + 'try-host', + 'guest', + 'try-guest', + 'auto', + ]], + }]], + 'Files' => Optional[Struct[{ + 'ReadOnly' => Optional[Boolean], + 'Volatile' => Optional[Variant[Boolean, Enum['state']]], + 'Bind' => Optional[Array[Nspawn::Systemd::Bind]], + 'BindReadOnly' => Optional[Array[Nspawn::Systemd::Bind]], + # TODO Can binduser appear multiple times? + 'BindUser' => Optional[Array[String]], + # TODO Can tmpfs appear multiple times? + # TODO options type + 'TemporaryFileSystem' => Optional[Array[Variant[String, Tuple[String, String]]]], + 'Inaccessible' => Optional[Array[Stdlib::Unixpath]], + 'Overlay' => Optional[Array[Array[String, 2]]], + 'OverlayReadOnly' => Optional[Array[Array[String, 2]]], + 'PrivateUsersOwnership' => Optional[Enum['off', 'chown', 'map', 'auto']], + }]], + 'Network' => Optional[Struct[{ + 'Private' => Optional[Boolean], + 'VirtualEthernet' => Optional[Boolean], + 'VirtualEthernetExtra' => Optional[Array[Variant[String, Tuple[String, String]]]], + 'Interface' => Optional[Array[String]], + 'MACVLAN' => Optional[Array[String]], + 'IPVLAN' => Optional[Array[String]], + 'Bridge' => Optional[String], + 'Zone' => Optional[String], + 'Port' => Optional[Array[Variant[ + Tuple[Enum['tcp', 'udp'], Stdlib::Port, Stdlib::Port], + Tuple[Enum['tcp', 'udp'], Stdlib::Port], + Tuple[Stdlib::Port, Stdlib::Port], + Tuple[Stdlib::Port], + ]]], + }]], }] -- cgit v1.2.3