From aede37be1b70ed4e53081682a6ec4814c348cb49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Fri, 23 Jun 2023 17:33:17 +0200 Subject: Add new modules content. This module is designed differently. It makes no attempt to manage templates. It still attempts to manage machines, but this should probably move to Puppet tasks or similar, with the static configuration mostly doing cleanup. --- templates/systemd/nspawn.epp | 313 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 313 insertions(+) create mode 100644 templates/systemd/nspawn.epp (limited to 'templates/systemd/nspawn.epp') diff --git a/templates/systemd/nspawn.epp b/templates/systemd/nspawn.epp new file mode 100644 index 0000000..ee79ba0 --- /dev/null +++ b/templates/systemd/nspawn.epp @@ -0,0 +1,313 @@ +<%- | Nspawn::Systemd::Nspawn $data | -%> + +[Exec] +<%- $exec = $data['Exec'] -%> +<%- if $exec['Boot'] == false { -%> +Boot=no +<%- } elsif $exec['Boot'] == true { -%> +Boot=yes +<%- } -%> +<%- if $exec['Ephemeral'] == false { -%> +Ephemeral=no +<%- } elsif $exec['Ephemeral'] == true { -%> +Ephemeral=yes +<%- } -%> +<%- if $exec['ProcessTwo'] == false { -%> +ProcessTwo=no +<%- } elsif $exec['ProcessTwo'] == true { -%> +ProcessTwo=yes +<%- } -%> +<%- unless $exec['Parameters'] =~ Undef { -%> +<%- if $exec['Parameters'] =~ String { -%> +Parameters=<%= $exec['Parameters'] %> +<%- } else { -%> +Parameters=<%= $exec['Parameters'].map |$param| { + if ' ' in $param { + if '"' in $param { + "'${param}'" + } else { + "\"${param}\"" + } + } else { + $param + } +}.join(' ') %> +<%- } } -%> +<%- unless $exec['Environment'] =~ Undef { -%> +<%- $exec['Environment'].each |$key, $value| { -%> +Environment=<%= $key %>=<%= $value %> +<%- } } -%> +<%- unless $exec['User'] =~ Undef { -%> +User=<%= $exec['User'] %> +<%- } -%> +<%- unless $exec['WorkingDirectory'] =~ Undef { -%> +WorkingDirectory=<%= $exec['WorkingDirectory'] %> +<%- } -%> +<%- unless $exec['PivotRoot'] =~ Undef { -%> +PivotRoot=<%= $exec['PivotRoot'] %> +<%- } -%> +<%- unless $exec['Capability'] =~ Undef { -%> +Capability=<% if $exec['Capability'] == 'all' {%>all<%} else { %><%= $exec['Capability'].join(' ') -%> +<%- } } -%> +<%- unless $exec['DropCapability'] =~ Undef { -%> +DropCapability=<% if $exec['DropCapability'] == 'all' {%>all<%} else { %><%= $exec['DropCapability'].join(' ') -%> +<%- } } -%> +<%- unless $exec['AmbientCapability'] =~ Undef { -%> +AmbientCapability=<%= $exec['AmbientCapability'].join(' ') -%> +<%- } -%> +<%- unless $exec['NoNewPrivileges'] =~ Undef { -%> +NoNewPrivileges=<%= if $exec['NoNewPrivileges'] { 'yes' } else { 'no' }%> +<%- } -%> +<%- unless $exec['KillSignal'] =~ Undef { -%> +KillSignal=<%= $exec['KillSignal'] %> +<%- } -%> +<%- unless $exec['Personality'] =~ Undef { -%> +Personality=<%= $exec['Personality'] %> +<%- } -%> +<%- unless $exec['MachineID'] =~ Undef { -%> +MachineID=<%= $exec['MachineID'] %> +<%- } -%> +<%- unless $exec['PrivateUsers'] =~ Undef { -%> +PrivateUsers=<%= +if $exec['PrivateUsers'] =~ Boolean { + if $exec['PrivateUsers'] { 'yes' } else { 'no' } +} elsif $exec['PrivateUsers'] =~ Tuple { + "<%= $exec['PrivateUsers'].join(':') %>" +} else { + $exec['PrivateUsers'] +} %><%- } -%> +<%- unless $exec['NotifyReady'] =~ Undef { -%> +NotifyReady=<%= if $exec['NotifyReady'] { 'yes' } else { 'no' }%> +<%- } -%> +<%- unless $exec['SystemCallFilter'] =~ Undef { -%> +SystemCallFilter=<%= $exec['SystemCallFilter'].join(' ') %> +<%- } -%> +<%- unless $exec['LimitCPU'] =~ Undef { -%> +<%- if $exec['LimitCPU'] =~ Tuple { -%> +LimitCPU=<%= $exec['LimitCPU'].join(':') %> +<%- } else { -%> +LimitCPU=<%= $exec['LimitCPU'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitFSIZE'] =~ Undef { -%> +<%- if $exec['LimitFSIZE'] =~ Tuple { -%> +LimitFSIZE=<%= $exec['LimitFSIZE'].join(':') %> +<%- } else { -%> +LimitFSIZE=<%= $exec['LimitFSIZE'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitDATA'] =~ Undef { -%> +<%- if $exec['LimitDATA'] =~ Tuple { -%> +LimitDATA=<%= $exec['LimitDATA'].join(':') %> +<%- } else { -%> +LimitDATA=<%= $exec['LimitDATA'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitSTACK'] =~ Undef { -%> +<%- if $exec['LimitSTACK'] =~ Tuple { -%> +LimitSTACK=<%= $exec['LimitSTACK'].join(':') %> +<%- } else { -%> +LimitSTACK=<%= $exec['LimitSTACK'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['limitSTACK'] =~ Undef { -%> +<%- if $exec['limitSTACK'] =~ Tuple { -%> +limitSTACK=<%= $exec['limitSTACK'].join(':') %> +<%- } else { -%> +limitSTACK=<%= $exec['limitSTACK'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitCORE'] =~ Undef { -%> +<%- if $exec['LimitCORE'] =~ Tuple { -%> +LimitCORE=<%= $exec['LimitCORE'].join(':')%> +<%- } else { -%> +LimitCORE=<%= $exec['LimitCORE'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LIMITRSS'] =~ Undef { -%> +<%- if $exec['LIMITRSS'] =~ Tuple { -%> +LIMITRSS=<%= $exec['LIMITRSS'].join(':') %> +<%- } else { -%> +LIMITRSS=<%= $exec['LIMITRSS'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitNOFILE'] =~ Undef { -%> +<%- if $exec['LimitNOFILE'] =~ Tuple { -%> +LimitNOFILE=<%= $exec['LimitNOFILE'].join(':') %> +<%- } else { -%> +LimitNOFILE=<%= $exec['LimitNOFILE'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitAS'] =~ Undef { -%> +<%- if $exec['LimitAS'] =~ Tuple { -%> +LimitAS=<%= $exec['LimitAS'].join(':') %> +<%- } else { -%> +LimitAS=<%= $exec['LimitAS'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitNPROC'] =~ Undef { -%> +<%- if $exec['LimitNPROC'] =~ Tuple { -%> +LimitNPROC=<%= $exec['LimitNPROC'].join(':') %> +<%- } else { -%> +LimitNPROC=<%= $exec['LimitNPROC'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitLOCKS'] =~ Undef { -%> +<%- if $exec['LimitLOCKS'] =~ Tuple { -%> +LimitLOCKS=<%= $exec['LimitLOCKS'].join(':') %> +<%- } else { -%> +LimitLOCKS=<%= $exec['LimitLOCKS'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitSIGPENDING'] =~ Undef { -%> +<%- if $exec['LimitSIGPENDING'] =~ Tuple { -%> +LimitSIGPENDING=<%= $exec['LimitSIGPENDING'].join(':') %> +<%- } else { -%> +LimitSIGPENDING=<%= $exec['LimitSIGPENDING'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitMSGQUEUE'] =~ Undef { -%> +<%- if $exec['LimitMSGQUEUE'] =~ Tuple { -%> +LimitMSGQUEUE=<%= $exec['LimitMSGQUEUE'].join(':') %> +<%- } else { -%> +LimitMSGQUEUE=<%= $exec['LimitMSGQUEUE'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitNICE'] =~ Undef { -%> +<%- if $exec['LimitNICE'] =~ Tuple { -%> +LimitNICE=<%= $exec['LimitNICE'].join(':') %> +<%- } else { -%> +LimitNICE=<%= $exec['LimitNICE'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitRTPRIO'] =~ Undef { -%> +<%- if $exec['LimitRTPRIO'] =~ Tuple { -%> +LimitRTPRIO=<%= $exec['LimitRTPRIO'].join(':') %> +<%- } else { -%> +LimitRTPRIO=<%= $exec['LimitRTPRIO'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['LimitRTTIME'] =~ Undef { -%> +<%- if $exec['LimitRTTIME'] =~ Tuple { -%> +LimitRTTIME=<%= $exec['LimitRTTIME'].join(':') %> +<%- } else { -%> +LimitRTTIME=<%= $exec['LimitRTTIME'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['OOMScoreAdjust'] =~ Undef { -%> +OOMScoreAdjust=<%= $exec['OOMScoreAdjust'] %> +<%- } -%> +<%- unless $exec['CPUAffinity'] =~ Undef { -%> +CPUAffinity=<%= $exec['CPUAffinity'].map |$aff| { + if $aff =~ Tuple { + "${aff[0]}-${aff[1]}" + } else { + "${aff}" + }.join(',') +} %> +<%- } -%> +<%- unless $exec['Hostname'] =~ Undef { -%> +Hostname=<%= $exec['Hostname'] %> +<%- } -%> +<%- unless $exec['ResolvConf'] =~ Undef { -%> +ResolvConf=<%= $exec['ResolvConf'] %> +<%- } -%> +<%- unless $exec['Timezone'] =~ Undef { -%> +Timezone=<%= $exec['Timezone'] %> +<%- } -%> +<%- unless $exec['LinkJournal'] =~ Undef { -%> +LinkJournal=<%= $exec['LinkJournal'] %> +<%- } -%> + +[Files] +<%- unless $exec['ReadOnly'] =~ Undef { -%> +ReadOnly=<%= if $exec['ReadOnly'] { 'yes' } else { 'no' } %> +<%- } -%> +<%- unless $exec['Volatile'] =~ Undef { -%> +<%- if $exec['Volatile'] =~ Boolean { -%> +Volatile=<%= if $exec['Volatile'] { 'yes' } else { 'no' } %> +<%- } else { -%> +Volatile=<%= $exec['Volatile'] %> +<%- } -%> +<%- } -%> +<%- unless $exec['Bind'] =~ Undef { $exec['Bind'].each |$bind| { -%> +<%- if $bind =~ Tuple[String, String] { -%> +Bind=<%= $bind[0] %>:<%= $bind[1] %> +<%- } elsif $bind =~ Tuple[String, String, Array[String]] { -%> +Bind=<%= $bind[0] %>:<%= $bind[1] %>:<%= $bind[2].join(':') %> +<%- } elsif $bind =~ Struct { -%> +Bind=<%= $bind['source'] %>:<%= $bind['dest'] %><%- +if $bind['options'] { %>:<%= $bind['options'].join(':') %><%- } -%> +<%- } else { -%> +Bind=<%= $exec['Bind'] %> +<%- } -%> +<%- }} -%> +<%- unless $exec['BindReadOnly'] =~ Undef { $exec['Bind'].each |$bind| { -%> +<%- if $bind =~ Tuple[String, String] { -%> +BindReadOnly=<%= $bind[0] %>:<%= $bind[1] %> +<%- } elsif $bind =~ Tuple[String, String, Array[String]] { -%> +BindReadOnly=<%= $bind[0] %>:<%= $bind[1] %>:<%= $bind[2].join(':') %> +<%- } elsif $bind =~ Struct { -%> +BindReadOnly=<%= $bind['source'] %>:<%= $bind['dest'] %><%- +if $bind['options'] { %>:<%= $bind['options'].join(':') %><%- } -%> +<%- } else { -%> +BindReadOnly=<%= $exec['Bind'] %> +<%- } -%> +<%- }} -%> +<%- unless $exec['BindUser'] =~ Undef {$exec['BindUser'].each |$user| { -%> +BindUser=<%= $user %> +<%- } } -%> +<%- unless $exec['TemporaryFileSystem'] =~ Undef {$exec['TemporaryFileSystem'].each |$fs| { -%> +TemporaryFileSystem=<%= +if $fs =~ Tuple { + $fs.join(':') +} else { + $fs +} +%> +<%- } } -%> +<%- unless $exec['Inaccessible'] =~ Undef {$exec['Inaccessible'].each |$path| { -%> +Inaccessible=<%= $path %> +<%- } } -%> +<%- unless $exec['Overlay'] =~ Undef {$exec['Overlay'].each |$paths| { -%> +Overlay=<%= $paths.join(':') %> +<%- } } -%> +<%- unless $exec['OverlayReadOnly'] =~ Undef {$exec['OverlayReadOnly'].each |$paths| { -%> +OverlayReadOnly=<%= $paths.join(':') %> +<%- } } -%> +<%- unless $exec['PrivateUsersOwnership'] =~ Undef { -%> +PrivateUsersOwnership=<%= $exec['PrivateUsersOwnership'] %> +<%- } -%> + +[Network] +<%- unless $exec['Private'] =~ Undef { -%> +Private=<%= if $exec['Private'] { 'yes' } else { 'no' } %> +<%- } -%> +<%- unless $exec['VirtualEthernet'] =~ Undef { -%> +VirtualEthernet=<%= if $exec['VirtualEthernet'] { 'yes' } else { 'no' } %> +<%- } -%> +<%- unless $exec['VirtualEthernetExtra'] =~ Undef { + $exec['VirtualEthernetExtra'].each |$interface| { -%> +VirtualEthernetExtra=<%= if $interface =~ Tuple { $interface.join(':') } else { $interface } %> +<%- } -%> +<%- } -%> +<%- unless $exec['Interface'] =~ Undef { -%> +Interface=<%= $exec['Interface'].join(' ') %> +<%- } -%> +<%- unless $exec['MACVLAN'] =~ Undef { -%> +MACVLAN=<%= $exec['MACVLAN'].join(' ') %> +<%- } -%> +<%- unless $exec['IPVLAN'] =~ Undef { -%> +IPVLAN=<%= $exec['IPVLAN'].join(' ') %> +<%- } -%> +<%- unless $exec['Bridge'] =~ Undef { -%> +Bridge=<%= $exec['Bridge'] %> +<%- } -%> +<%- unless $exec['Zone'] =~ Undef { -%> +Zone=<%= $exec['Zone'] %> +<%- } -%> +<%- unless $exec['Port'] =~ Undef { + $exec['Port'].each |$p| { -%> +Port=<%= $p.join(':') %> +<%- } -%> +<%- } -%> -- cgit v1.2.3