1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
type Nspawn::Systemd::Nspawn = Struct[{
'Exec' => Optional[Struct[{
'Boot' => Optional[Boolean],
'Ephemeral' => Optional[Boolean],
'ProcessTwo' => Optional[Boolean],
'Parameters' => Optional[Variant[
String,
Array[String],
]],
'Environment' => Optional[Hash[String, String]],
'User' => Optional[String],
'WorkingDirectory' => Optional[Stdlib::Unixpath],
'PivotRoot' => Optional[Stdlib::Unixpath],
'Capability' => Optional[Variant[Enum['all'], Array[String]]],
'DropCapability' => Optional[Variant[Enum['all'], Array[String]]],
'AmbientCapability' => Optional[Array[String]],
'NoNewPrivileges' => Optional[Boolean],
# See signal(7) for valid signals
'KillSignal' => Optional[String],
'Personality' => Optional[Enum['x86', 'x86-64']],
'MachineID' => Optional[Pattern[/\A[A-fa-f0-9]{32}\Z/]],
'PrivateUsers' => Optional[Variant[
Integer,
Tuple[Integer, Integer],
Boolean,
Enum['yes', 'no', 'identity', 'pick']
]],
'NotifyReady' => Optional[Boolean],
# If first element is '~', then this is a blacklist
'SystemCallFilter' => Optional[Array[String]],
'LimitCPU' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitFSIZE' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitDATA' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitSTACK' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitCORE' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitRSS' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitNOFILE' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitAS' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitNPROC' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitMEMLOCK' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitLOCKS' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitSIGPENDING' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitMSGQUEUE' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitNICE' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitRTPRIO' => Optional[Nspawn::Systemd::Resourcelimit],
'LimitRTTIME' => Optional[Nspawn::Systemd::Resourcelimit],
'OOMScoreAdjust' => Optional[Integer[-1000, 1000]],
'CPUAffinity' => Optional[Array[Variant[Integer, Tuple[Integer, Integer]]]],
'Hostname' => Optional[String],
'ResolvConf' => Optional[Enum[
'off',
'copy-host',
'copy-static',
'copy-uplink',
'copy-stub',
'replace-host',
'replace-static',
'replace-uplink',
'replace-stub',
'bind-host',
'bind-static',
'bind-uplink',
'bind-stub',
'delete',
'auto',
]],
'Timezone' => Optional[Enum[
'off',
'copy',
'bind',
'symlink',
'delete',
'auto',
]],
'LinkJournal' => Optional[Enum[
'no',
'host',
'try-host',
'guest',
'try-guest',
'auto',
]],
}]],
'Files' => Optional[Struct[{
'ReadOnly' => Optional[Boolean],
'Volatile' => Optional[Variant[Boolean, Enum['state']]],
'Bind' => Optional[Array[Nspawn::Systemd::Bind]],
'BindReadOnly' => Optional[Array[Nspawn::Systemd::Bind]],
# TODO Can binduser appear multiple times?
'BindUser' => Optional[Array[String]],
# TODO Can tmpfs appear multiple times?
# TODO options type
'TemporaryFileSystem' => Optional[Array[Variant[String, Tuple[String, String]]]],
'Inaccessible' => Optional[Array[Stdlib::Unixpath]],
'Overlay' => Optional[Array[Array[String, 2]]],
'OverlayReadOnly' => Optional[Array[Array[String, 2]]],
'PrivateUsersOwnership' => Optional[Enum['off', 'chown', 'map', 'auto']],
}]],
'Network' => Optional[Struct[{
'Private' => Optional[Boolean],
'VirtualEthernet' => Optional[Boolean],
'VirtualEthernetExtra' => Optional[Array[Variant[String, Tuple[String, String]]]],
'Interface' => Optional[Array[String]],
'MACVLAN' => Optional[Array[String]],
'IPVLAN' => Optional[Array[String]],
'Bridge' => Optional[String],
'Zone' => Optional[String],
'Port' => Optional[Array[Variant[
Tuple[Enum['tcp', 'udp'], Stdlib::Port, Stdlib::Port],
Tuple[Enum['tcp', 'udp'], Stdlib::Port],
Tuple[Stdlib::Port, Stdlib::Port],
Tuple[Stdlib::Port],
]]],
}]],
}]
|