# @summary Create a single nspawn file. # @param config # Configuration for the nspawn file. # @param name # Name of the machine, will be used for the filename. # @param ensure # @api private define nspawn::machine::nspawn ( Nspawn::Systemd::Nspawn $config, String $machine_name = $name, Enum['absent', 'present'] $ensure = 'present', ) { $exec = $config['Exec'].map |$key, $value| { if $value =~ Undef { [] } elsif $key in [ 'Boot', 'Ephemeral', 'ProcessTwo', 'NoNewPrivileges', 'NotifyReady', ] { $value_ = if $value { 'yes' } else { 'no' } ["${key}=${value_}"] } elsif $key in [ 'User', 'WorkingDirectory', 'PivotRoot', 'AmbientCapability', 'KillSignal', 'Personality', 'MachineID', 'Hostname', 'ResolvConf', 'Timezone', 'LinkJournal', ] { ["${key}=${value}"] } elsif $key == 'Parameters' { $value_ = $value ? { String => "${key}=${value}", default => "${key}=" + ($value.map |$param| { if ' ' in $param { if '"' in $param { "'${param}'" } else { "\"${param}\"" } } else { $param } }.join(' ')) } ["${key}=${value_}"] } elsif $key in ['Environment'] { $value.map |$k, $v| { "Environment=${k}=${v}" } } elsif $key in ['Capability', 'DropCapability'] { $value_ = if $value == 'all' { 'all' } else { $value.join(' ') } ["${key}=${value_}"] } elsif $key in ['PrivateUsers'] { $value_ = $value ? { Boolean => if $value { 'yes' } else { 'no' }, Tuple => $value.join(':'), default => $value, } ["${key}=${value_}"] } elsif $key in ['SystemCallFilter'] { ["${key}=${$value.join(' ')}"] } elsif $key =~ /^Limit.*/ { $value_ = $value ? { Tuple => $value.join(':'), default => $value, } ["${key}=${value_}"] } } $files = $config['Files'].map |$key, $value| { if $value =~ Undef { [] } elsif $key in ['ReadOnly'] { if $value { ["${key}=yes"] } else { ["${key}=no"] } } elsif $key in ['PrivateUsersOwnership'] { ["${key}=${value}"] } elsif $key in ['BindUser', 'Inaccessible'] { $value.map |$v| { "${key}=${value}" } } elsif $key in ['Volatile'] { $value_ = $value ? { Boolean => if $value { 'yes' } else { 'no' }, default => $value, } ["${key}=${value_}"] } elsif $key in ['Bind', 'BindReadOnly'] { $value_ = $value.map |$v| { $value_ = $v ? { Tuple[String, String] => $v.join(':'), Tuple[String, String, Array] => "${v[0]}:${v[1]}:${v[2].join(':')}", Struct => "${v['source']}:${v['dest']}" + if $v['options'] =~ Undef { '' } else { $v['options'].join(':') }, default => $v, } ["${key}=${value_}"] } } elsif $key in ['TemporaryFileSystem'] { $value.map |$v| { $value_ = $v ? { Tuple => $v.join(':'), default => $v, } "${key}=${value_}" } } elsif $key in ['Overlay'] { $value.map |$v| { "${key}=${$v.join(':')}" } } } # TODO $network = $config['Network'].map |$key, $value| { if $key in [ 'Private', 'VirtualEthernet', ] { if $value { ["${key}=yes"] } else { ["${key}=no"] } } elsif $key in [ 'Bridge', 'Zone', ] { ["${key}=${value}"] } elsif $key in ['MACVLAN', 'IPVLAN', 'Interface'] { "${key}=${value.join(' ')}" } elsif $key in ['VirtualEthernetExtra'] { $value.map |$v| { $value_ = $v ? { Tuple => $v.join(':'), default => $v, } "${key}=${value_}" } } elsif $key in ['Port'] { $value.map |$v| { "${key}=${v.join(':')}" } } } $hash = { 'Exec' => $files.reduce([]) |$a, $b| { $a + $b }, 'Files' => $exec.reduce([]) |$a, $b| { $a + $b }, 'Network' => $network.reduce([]) |$a, $b| { $a + $b }, }.map |$x| { $x } file { "${nspawn::nspawn_dir}/${machine_name}.nspawn": ensure => $ensure, content => epp("${module_name}/service.epp", { 'settings' => $hash }), show_diff => true, } }