type Nspawn::Systemd::Nspawn = Struct[{ 'Exec' => Optional[Struct[{ 'Boot' => Optional[Boolean], 'Ephemeral' => Optional[Boolean], 'ProcessTwo' => Optional[Boolean], 'Parameters' => Optional[Variant[ String, Array[String], ]], 'Environment' => Optional[Hash[String, String]], 'User' => Optional[String], 'WorkingDirectory' => Optional[Stdlib::Unixpath], 'PivotRoot' => Optional[Stdlib::Unixpath], 'Capability' => Optional[Variant[Enum['all'], Array[String]]], 'DropCapability' => Optional[Variant[Enum['all'], Array[String]]], 'AmbientCapability' => Optional[Array[String]], 'NoNewPrivileges' => Optional[Boolean], # See signal(7) for valid signals 'KillSignal' => Optional[String], 'Personality' => Optional[Enum['x86', 'x86-64']], 'MachineID' => Optional[Pattern[/\A[A-fa-f0-9]{32}\Z/]], 'PrivateUsers' => Optional[Variant[ Integer, Tuple[Integer, Integer], Boolean, Enum['yes', 'no', 'identity', 'pick'] ]], 'NotifyReady' => Optional[Boolean], # If first element is '~', then this is a blacklist 'SystemCallFilter' => Optional[Array[String]], 'LimitCPU' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitFSIZE' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitDATA' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitSTACK' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitCORE' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitRSS' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitNOFILE' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitAS' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitNPROC' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitMEMLOCK' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitLOCKS' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitSIGPENDING' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitMSGQUEUE' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitNICE' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitRTPRIO' => Optional[Nspawn::Systemd::Resourcelimit], 'LimitRTTIME' => Optional[Nspawn::Systemd::Resourcelimit], 'OOMScoreAdjust' => Optional[Integer[-1000, 1000]], 'CPUAffinity' => Optional[Array[Variant[Integer, Tuple[Integer, Integer]]]], 'Hostname' => Optional[String], 'ResolvConf' => Optional[Enum[ 'off', 'copy-host', 'copy-static', 'copy-uplink', 'copy-stub', 'replace-host', 'replace-static', 'replace-uplink', 'replace-stub', 'bind-host', 'bind-static', 'bind-uplink', 'bind-stub', 'delete', 'auto', ]], 'Timezone' => Optional[Enum[ 'off', 'copy', 'bind', 'symlink', 'delete', 'auto', ]], 'LinkJournal' => Optional[Enum[ 'no', 'host', 'try-host', 'guest', 'try-guest', 'auto', ]], }]], 'Files' => Optional[Struct[{ 'ReadOnly' => Optional[Boolean], 'Volatile' => Optional[Variant[Boolean, Enum['state']]], 'Bind' => Optional[Array[Nspawn::Systemd::Bind]], 'BindReadOnly' => Optional[Array[Nspawn::Systemd::Bind]], # TODO Can binduser appear multiple times? 'BindUser' => Optional[Array[String]], # TODO Can tmpfs appear multiple times? # TODO options type 'TemporaryFileSystem' => Optional[Array[Variant[String, Tuple[String, String]]]], 'Inaccessible' => Optional[Array[Stdlib::Unixpath]], 'Overlay' => Optional[Array[Array[String, 2]]], 'OverlayReadOnly' => Optional[Array[Array[String, 2]]], 'PrivateUsersOwnership' => Optional[Enum['off', 'chown', 'map', 'auto']], }]], 'Network' => Optional[Struct[{ 'Private' => Optional[Boolean], 'VirtualEthernet' => Optional[Boolean], 'VirtualEthernetExtra' => Optional[Array[Variant[String, Tuple[String, String]]]], 'Interface' => Optional[Array[String]], 'MACVLAN' => Optional[Array[String]], 'IPVLAN' => Optional[Array[String]], 'Bridge' => Optional[String], 'Zone' => Optional[String], 'Port' => Optional[Array[Variant[ Tuple[Enum['tcp', 'udp'], Stdlib::Port, Stdlib::Port], Tuple[Enum['tcp', 'udp'], Stdlib::Port], Tuple[Stdlib::Port, Stdlib::Port], Tuple[Stdlib::Port], ]]], }]], }]