types/systemd/nspawn.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

type Nspawn::Systemd::Nspawn = Struct[{
    'Exec'    => Optional[Struct[{
          'Boot'              => Optional[Boolean],
          'Ephemeral'         => Optional[Boolean],
          'ProcessTwo'        => Optional[Boolean],
          'Parameters'        => Optional[Variant[
              String,
              Array[String],
          ]],
          'Environment'       => Optional[Hash[String, String]],
          'User'              => Optional[String],
          'WorkingDirectory'  => Optional[Stdlib::Unixpath],
          'PivotRoot'         => Optional[Stdlib::Unixpath],
          'Capability'        => Optional[Variant[Enum['all'], Array[String]]],
          'DropCapability'    => Optional[Variant[Enum['all'], Array[String]]],
          'AmbientCapability' => Optional[Array[String]],
          'NoNewPrivileges'   => Optional[Boolean],
          # See signal(7) for valid signals
          'KillSignal'        => Optional[String],
          'Personality'       => Optional[Enum['x86', 'x86-64']],
          'MachineID'         => Optional[Pattern[/\A[A-fa-f0-9]{32}\Z/]],
          'PrivateUsers'      => Optional[Variant[
              Integer,
              Tuple[Integer, Integer],
              Boolean,
              Enum['yes', 'no', 'identity', 'pick']
          ]],
          'NotifyReady'       => Optional[Boolean],
          # If first element is '~', then this is a blacklist
          'SystemCallFilter'  => Optional[Array[String]],
          'LimitCPU'          => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitFSIZE'        => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitDATA'         => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitSTACK'        => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitCORE'         => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitRSS'          => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitNOFILE'       => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitAS'           => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitNPROC'        => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitMEMLOCK'      => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitLOCKS'        => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitSIGPENDING'   => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitMSGQUEUE'     => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitNICE'         => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitRTPRIO'       => Optional[Nspawn::Systemd::Resourcelimit],
          'LimitRTTIME'       => Optional[Nspawn::Systemd::Resourcelimit],
          'OOMScoreAdjust'    => Optional[Integer[-1000, 1000]],
          'CPUAffinity'       => Optional[Array[Variant[Integer, Tuple[Integer, Integer]]]],
          'Hostname'          => Optional[String],
          'ResolvConf'        => Optional[Enum[
              'off',
              'copy-host',
              'copy-static',
              'copy-uplink',
              'copy-stub',
              'replace-host',
              'replace-static',
              'replace-uplink',
              'replace-stub',
              'bind-host',
              'bind-static',
              'bind-uplink',
              'bind-stub',
              'delete',
              'auto',
          ]],
          'Timezone'          => Optional[Enum[
              'off',
              'copy',
              'bind',
              'symlink',
              'delete',
              'auto',
          ]],
          'LinkJournal'       => Optional[Enum[
              'no',
              'host',
              'try-host',
              'guest',
              'try-guest',
              'auto',
          ]],
    }]],
    'Files'   => Optional[Struct[{
          'ReadOnly'              => Optional[Boolean],
          'Volatile'              => Optional[Variant[Boolean, Enum['state']]],
          'Bind'                  => Optional[Array[Nspawn::Systemd::Bind]],
          'BindReadOnly'          => Optional[Array[Nspawn::Systemd::Bind]],
          # TODO Can binduser appear multiple times?
          'BindUser'              => Optional[Array[String]],
          # TODO Can tmpfs appear multiple times?
          # TODO options type
          'TemporaryFileSystem'   => Optional[Array[Variant[String, Tuple[String, String]]]],
          'Inaccessible'          => Optional[Array[Stdlib::Unixpath]],
          'Overlay'               => Optional[Array[Array[String, 2]]],
          'OverlayReadOnly'       => Optional[Array[Array[String, 2]]],
          'PrivateUsersOwnership' => Optional[Enum['off', 'chown', 'map', 'auto']],
    }]],
    'Network' => Optional[Struct[{
          'Private'              => Optional[Boolean],
          'VirtualEthernet'      => Optional[Boolean],
          'VirtualEthernetExtra' => Optional[Array[Variant[String, Tuple[String, String]]]],
          'Interface'            => Optional[Array[String]],
          'MACVLAN'              => Optional[Array[String]],
          'IPVLAN'               => Optional[Array[String]],
          'Bridge'               => Optional[String],
          'Zone'                 => Optional[String],
          'Port'                 => Optional[Array[Variant[
                Tuple[Enum['tcp', 'udp'], Stdlib::Port, Stdlib::Port],
                Tuple[Enum['tcp', 'udp'], Stdlib::Port],
                Tuple[Stdlib::Port, Stdlib::Port],
                Tuple[Stdlib::Port],
          ]]],
    }]],
}]