templates/systemd/nspawn.epp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313

<%- | Nspawn::Systemd::Nspawn $data | -%>

[Exec]
<%- $exec = $data['Exec'] -%>
<%- if $exec['Boot'] == false { -%>
Boot=no
<%- } elsif $exec['Boot'] == true { -%>
Boot=yes
<%- } -%>
<%- if $exec['Ephemeral'] == false { -%>
Ephemeral=no
<%- } elsif $exec['Ephemeral'] == true { -%>
Ephemeral=yes
<%- } -%>
<%- if $exec['ProcessTwo'] == false { -%>
ProcessTwo=no
<%- } elsif $exec['ProcessTwo'] == true { -%>
ProcessTwo=yes
<%- } -%>
<%- unless $exec['Parameters'] =~ Undef { -%>
<%- if $exec['Parameters'] =~ String { -%>
Parameters=<%= $exec['Parameters'] %>
<%- } else { -%>
Parameters=<%= $exec['Parameters'].map |$param| {
  if ' ' in $param {
    if '"' in $param {
      "'${param}'"
    } else {
      "\"${param}\""
    }
  } else {
    $param
  }
}.join(' ') %>
<%- } } -%>
<%- unless $exec['Environment'] =~ Undef { -%>
<%- $exec['Environment'].each |$key, $value| { -%>
Environment=<%= $key %>=<%= $value %>
<%- } } -%>
<%- unless $exec['User'] =~ Undef { -%>
User=<%= $exec['User'] %>
<%- } -%>
<%- unless $exec['WorkingDirectory'] =~ Undef { -%>
WorkingDirectory=<%= $exec['WorkingDirectory'] %>
<%- } -%>
<%- unless $exec['PivotRoot'] =~ Undef { -%>
PivotRoot=<%= $exec['PivotRoot'] %>
<%- } -%>
<%- unless $exec['Capability'] =~ Undef { -%>
Capability=<% if $exec['Capability'] == 'all' {%>all<%} else { %><%= $exec['Capability'].join(' ') -%>
<%- } } -%>
<%- unless $exec['DropCapability'] =~ Undef { -%>
DropCapability=<% if $exec['DropCapability'] == 'all' {%>all<%} else { %><%= $exec['DropCapability'].join(' ') -%>
<%- } } -%>
<%- unless $exec['AmbientCapability'] =~ Undef { -%>
AmbientCapability=<%= $exec['AmbientCapability'].join(' ') -%>
<%- } -%>
<%- unless $exec['NoNewPrivileges'] =~ Undef { -%>
NoNewPrivileges=<%= if $exec['NoNewPrivileges'] { 'yes' } else { 'no' }%>
<%- } -%>
<%- unless $exec['KillSignal'] =~ Undef { -%>
KillSignal=<%= $exec['KillSignal'] %>
<%- } -%>
<%- unless $exec['Personality'] =~ Undef { -%>
Personality=<%= $exec['Personality'] %>
<%- } -%>
<%- unless $exec['MachineID'] =~ Undef { -%>
MachineID=<%= $exec['MachineID'] %>
<%- } -%>
<%- unless $exec['PrivateUsers'] =~ Undef { -%>
PrivateUsers=<%=
if $exec['PrivateUsers'] =~ Boolean {
    if $exec['PrivateUsers'] { 'yes' } else { 'no' }
} elsif $exec['PrivateUsers'] =~ Tuple {
    "<%= $exec['PrivateUsers'].join(':') %>"
} else {
    $exec['PrivateUsers']
} %><%- } -%>
<%- unless $exec['NotifyReady'] =~ Undef { -%>
NotifyReady=<%= if $exec['NotifyReady'] { 'yes' } else { 'no' }%>
<%- } -%>
<%- unless $exec['SystemCallFilter'] =~ Undef { -%>
SystemCallFilter=<%= $exec['SystemCallFilter'].join(' ') %>
<%- } -%>
<%- unless $exec['LimitCPU'] =~ Undef { -%>
<%- if $exec['LimitCPU'] =~ Tuple { -%>
LimitCPU=<%= $exec['LimitCPU'].join(':') %>
<%- } else { -%>
LimitCPU=<%= $exec['LimitCPU'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitFSIZE'] =~ Undef { -%>
<%- if $exec['LimitFSIZE'] =~ Tuple { -%>
LimitFSIZE=<%= $exec['LimitFSIZE'].join(':') %>
<%- } else { -%>
LimitFSIZE=<%= $exec['LimitFSIZE'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitDATA'] =~ Undef { -%>
<%- if $exec['LimitDATA'] =~ Tuple { -%>
LimitDATA=<%= $exec['LimitDATA'].join(':') %>
<%- } else { -%>
LimitDATA=<%= $exec['LimitDATA'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitSTACK'] =~ Undef { -%>
<%- if $exec['LimitSTACK'] =~ Tuple { -%>
LimitSTACK=<%= $exec['LimitSTACK'].join(':') %>
<%- } else { -%>
LimitSTACK=<%= $exec['LimitSTACK'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['limitSTACK'] =~ Undef { -%>
<%- if $exec['limitSTACK'] =~ Tuple { -%>
limitSTACK=<%= $exec['limitSTACK'].join(':') %>
<%- } else { -%>
limitSTACK=<%= $exec['limitSTACK'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitCORE'] =~ Undef { -%>
<%- if $exec['LimitCORE'] =~ Tuple { -%>
LimitCORE=<%= $exec['LimitCORE'].join(':')%>
<%- } else { -%>
LimitCORE=<%= $exec['LimitCORE'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LIMITRSS'] =~ Undef { -%>
<%- if $exec['LIMITRSS'] =~ Tuple { -%>
LIMITRSS=<%= $exec['LIMITRSS'].join(':') %>
<%- } else { -%>
LIMITRSS=<%= $exec['LIMITRSS'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitNOFILE'] =~ Undef { -%>
<%- if $exec['LimitNOFILE'] =~ Tuple { -%>
LimitNOFILE=<%= $exec['LimitNOFILE'].join(':') %>
<%- } else { -%>
LimitNOFILE=<%= $exec['LimitNOFILE'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitAS'] =~ Undef { -%>
<%- if $exec['LimitAS'] =~ Tuple { -%>
LimitAS=<%= $exec['LimitAS'].join(':') %>
<%- } else { -%>
LimitAS=<%= $exec['LimitAS'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitNPROC'] =~ Undef { -%>
<%- if $exec['LimitNPROC'] =~ Tuple { -%>
LimitNPROC=<%= $exec['LimitNPROC'].join(':') %>
<%- } else { -%>
LimitNPROC=<%= $exec['LimitNPROC'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitLOCKS'] =~ Undef { -%>
<%- if $exec['LimitLOCKS'] =~ Tuple { -%>
LimitLOCKS=<%= $exec['LimitLOCKS'].join(':') %>
<%- } else { -%>
LimitLOCKS=<%= $exec['LimitLOCKS'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitSIGPENDING'] =~ Undef { -%>
<%- if $exec['LimitSIGPENDING'] =~ Tuple { -%>
LimitSIGPENDING=<%= $exec['LimitSIGPENDING'].join(':') %>
<%- } else { -%>
LimitSIGPENDING=<%= $exec['LimitSIGPENDING'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitMSGQUEUE'] =~ Undef { -%>
<%- if $exec['LimitMSGQUEUE'] =~ Tuple { -%>
LimitMSGQUEUE=<%= $exec['LimitMSGQUEUE'].join(':') %>
<%- } else { -%>
LimitMSGQUEUE=<%= $exec['LimitMSGQUEUE'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitNICE'] =~ Undef { -%>
<%- if $exec['LimitNICE'] =~ Tuple { -%>
LimitNICE=<%= $exec['LimitNICE'].join(':') %>
<%- } else { -%>
LimitNICE=<%= $exec['LimitNICE'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitRTPRIO'] =~ Undef { -%>
<%- if $exec['LimitRTPRIO'] =~ Tuple { -%>
LimitRTPRIO=<%= $exec['LimitRTPRIO'].join(':') %>
<%- } else { -%>
LimitRTPRIO=<%= $exec['LimitRTPRIO'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['LimitRTTIME'] =~ Undef { -%>
<%- if $exec['LimitRTTIME'] =~ Tuple { -%>
LimitRTTIME=<%= $exec['LimitRTTIME'].join(':') %>
<%- } else { -%>
LimitRTTIME=<%= $exec['LimitRTTIME'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['OOMScoreAdjust'] =~ Undef { -%>
OOMScoreAdjust=<%= $exec['OOMScoreAdjust'] %>
<%- } -%>
<%- unless $exec['CPUAffinity'] =~ Undef { -%>
CPUAffinity=<%= $exec['CPUAffinity'].map |$aff| {
    if $aff =~ Tuple {
        "${aff[0]}-${aff[1]}"
    } else {
        "${aff}"
    }.join(',')
} %>
<%- } -%>
<%- unless $exec['Hostname'] =~ Undef { -%>
Hostname=<%= $exec['Hostname'] %>
<%- } -%>
<%- unless $exec['ResolvConf'] =~ Undef { -%>
ResolvConf=<%= $exec['ResolvConf'] %>
<%- } -%>
<%- unless $exec['Timezone'] =~ Undef { -%>
Timezone=<%= $exec['Timezone'] %>
<%- } -%>
<%- unless $exec['LinkJournal'] =~ Undef { -%>
LinkJournal=<%= $exec['LinkJournal'] %>
<%- } -%>

[Files]
<%- unless $exec['ReadOnly'] =~ Undef { -%>
ReadOnly=<%= if $exec['ReadOnly'] { 'yes' } else { 'no' } %>
<%- } -%>
<%- unless $exec['Volatile'] =~ Undef { -%>
<%- if $exec['Volatile'] =~ Boolean { -%>
Volatile=<%= if $exec['Volatile'] { 'yes' } else { 'no' } %>
<%- } else { -%>
Volatile=<%= $exec['Volatile'] %>
<%- } -%>
<%- } -%>
<%- unless $exec['Bind'] =~ Undef { $exec['Bind'].each |$bind| { -%>
<%- if $bind =~ Tuple[String, String] { -%>
Bind=<%= $bind[0] %>:<%= $bind[1] %>
<%- } elsif $bind =~ Tuple[String, String, Array[String]] { -%>
Bind=<%= $bind[0] %>:<%= $bind[1] %>:<%= $bind[2].join(':') %>
<%- } elsif $bind =~ Struct { -%>
Bind=<%= $bind['source'] %>:<%= $bind['dest'] %><%-
if $bind['options'] { %>:<%= $bind['options'].join(':') %><%- } -%>
<%- } else { -%>
Bind=<%= $exec['Bind'] %>
<%- } -%>
<%- }} -%>
<%- unless $exec['BindReadOnly'] =~ Undef { $exec['Bind'].each |$bind| { -%>
<%- if $bind =~ Tuple[String, String] { -%>
BindReadOnly=<%= $bind[0] %>:<%= $bind[1] %>
<%- } elsif $bind =~ Tuple[String, String, Array[String]] { -%>
BindReadOnly=<%= $bind[0] %>:<%= $bind[1] %>:<%= $bind[2].join(':') %>
<%- } elsif $bind =~ Struct { -%>
BindReadOnly=<%= $bind['source'] %>:<%= $bind['dest'] %><%-
if $bind['options'] { %>:<%= $bind['options'].join(':') %><%- } -%>
<%- } else { -%>
BindReadOnly=<%= $exec['Bind'] %>
<%- } -%>
<%- }} -%>
<%- unless $exec['BindUser'] =~ Undef {$exec['BindUser'].each |$user| { -%>
BindUser=<%= $user %>
<%- } } -%>
<%- unless $exec['TemporaryFileSystem'] =~ Undef {$exec['TemporaryFileSystem'].each |$fs| { -%>
TemporaryFileSystem=<%=
if $fs =~ Tuple {
  $fs.join(':')
} else {
  $fs
}
%>
<%- } } -%>
<%- unless $exec['Inaccessible'] =~ Undef {$exec['Inaccessible'].each |$path| { -%>
Inaccessible=<%= $path %>
<%- } } -%>
<%- unless $exec['Overlay'] =~ Undef {$exec['Overlay'].each |$paths| { -%>
Overlay=<%= $paths.join(':') %>
<%- } } -%>
<%- unless $exec['OverlayReadOnly'] =~ Undef {$exec['OverlayReadOnly'].each |$paths| { -%>
OverlayReadOnly=<%= $paths.join(':') %>
<%- } } -%>
<%- unless $exec['PrivateUsersOwnership'] =~ Undef { -%>
PrivateUsersOwnership=<%= $exec['PrivateUsersOwnership'] %>
<%- } -%>

[Network]
<%- unless $exec['Private'] =~ Undef { -%>
Private=<%= if $exec['Private'] { 'yes' } else { 'no' } %>
<%- } -%>
<%- unless $exec['VirtualEthernet'] =~ Undef { -%>
VirtualEthernet=<%= if $exec['VirtualEthernet'] { 'yes' } else { 'no' } %>
<%- } -%>
<%- unless $exec['VirtualEthernetExtra'] =~ Undef {
  $exec['VirtualEthernetExtra'].each |$interface| { -%>
VirtualEthernetExtra=<%= if $interface =~ Tuple { $interface.join(':') } else { $interface } %>
<%- } -%>
<%- } -%>
<%- unless $exec['Interface'] =~ Undef { -%>
Interface=<%= $exec['Interface'].join(' ') %>
<%- } -%>
<%- unless $exec['MACVLAN'] =~ Undef { -%>
MACVLAN=<%= $exec['MACVLAN'].join(' ') %>
<%- } -%>
<%- unless $exec['IPVLAN'] =~ Undef { -%>
IPVLAN=<%= $exec['IPVLAN'].join(' ') %>
<%- } -%>
<%- unless $exec['Bridge'] =~ Undef { -%>
Bridge=<%= $exec['Bridge'] %>
<%- } -%>
<%- unless $exec['Zone'] =~ Undef { -%>
Zone=<%= $exec['Zone'] %>
<%- } -%>
<%- unless $exec['Port'] =~ Undef {
  $exec['Port'].each |$p| { -%>
Port=<%= $p.join(':') %>
<%- } -%>
<%- } -%>