types/systemd/nspawn.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

type Nspawn::Systemd::Nspawn = Struct[{
    'Exec'    => Struct[{
        'Boot'              => Optional[Boolean],
        'Ephemeral'         => Optional[Boolean],
        'ProcessTwo'        => Optional[Boolean],
        'Parameters'        => Optional[Variant[
            String,
            Array[String],
        ]],
        'Environment'       => Optional[Hash[String, String]],
        'User'              => Optional[String],
        'WorkingDirectory'  => Optional[Stdlib::Unixpath],
        'PivotRoot'         => Optional[Stdlib::Unixpath],
        'Capability'        => Optional[Variant[Enum['all'], Array[String]]],
        'DropCapability'    => Optional[Variant[Enum['all'], Array[String]]],
        'AmbientCapability' => Optional[Array[String]],
        'NoNewPrivileges'   => Optional[Boolean],
        # See signal(7) for valid signals
        'KillSignal'        => Optional[String],
        'Personality'       => Optional[Enum['x86', 'x86-64']],
        'MachineID'         => Optional[Pattern[/\A[A-fa-f0-9]{32}\Z/]],
        'PrivateUsers'      => Optional[Variant[
            Integer,
            Tuple[Integer, Integer],
            Boolean,
            Enum['yes', 'no', 'identity', 'pick']
        ]],
        'NotifyReady'       => Optional[Boolean],
        # If first element is '~', then this is a blacklist
        'SystemCallFilter'  => Optional[Array[String]],
        'LimitCPU'          => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitFSIZE'        => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitDATA'         => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitSTACK'        => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitCORE'         => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitRSS'          => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitNOFILE'       => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitAS'           => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitNPROC'        => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitMEMLOCK'      => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitLOCKS'        => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitSIGPENDING'   => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitMSGQUEUE'     => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitNICE'         => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitRTPRIO'       => Optional[Nspawn::Systemd::Resourcelimit],
        'LimitRTTIME'       => Optional[Nspawn::Systemd::Resourcelimit],
        'OOMScoreAdjust'    => Optional[Integer[-1000, 1000]],
        'CPUAffinity'       => Optional[Array[Variant[Integer, Tuple[Integer, Integer]]]],
        'Hostname'          => Optional[String],
        'ResolvConf'        => Optional[Enum[
            'off',
            'copy-host',
            'copy-static',
            'copy-uplink',
            'copy-stub',
            'replace-host',
            'replace-static',
            'replace-uplink',
            'replace-stub',
            'bind-host',
            'bind-static',
            'bind-uplink',
            'bind-stub',
            'delete',
            'auto',
        ]],
        'Timezone'          => Optional[Enum[
            'off',
            'copy',
            'bind',
            'symlink',
            'delete',
            'auto',
        ]],
        'LinkJournal'       => Optional[Enum[
            'no',
            'host',
            'try-host',
            'guest',
            'try-guest',
            'auto',
        ]],
    }],
    'Files'   => Struct[{
        'ReadOnly'              => Optional[Boolean],
        'Volatile'              => Optional[Variant[Boolean, Enum['state']]],
        'Bind'                  => Optional[Array[Nspawn::Systemd::Bind]],
        'BindReadOnly'          => Optional[Array[Nspawn::Systemd::Bind]],
        # TODO Can binduser appear multiple times?
        'BindUser'              => Optional[Array[String]],
        # TODO Can tmpfs appear multiple times?
        # TODO options type
        'TemporaryFileSystem'   => Optional[Array[Variant[String, Tuple[String, String]]]],
        'Inaccessible'          => Optional[Array[Stdlib::Unixpath]],
        'Overlay'               => Optional[Array[Array[String, 2]]],
        'OverlayReadOnly'       => Optional[Array[Array[String, 2]]],
        'PrivateUsersOwnership' => Optional[Enum['off', 'chown', 'map', 'auto']],
    }],
    'Network' => Struct[{
        'Private'              => Optional[Boolean],
        'VirtualEthernet'      => Optional[Boolean],
        'VirtualEthernetExtra' => Optional[Array[Variant[String, Tuple[String, String]]]],
        'Interface'            => Optional[Array[String]],
        'MACVLAN'              => Optional[Array[String]],
        'IPVLAN'               => Optional[Array[String]],
        'Bridge'               => Optional[String],
        'Zone'                 => Optional[String],
        'Port'                 => Optional[Array[Variant[
              Tuple[Enum['tcp', 'udp'], Stdlib::Port, Stdlib::Port],
              Tuple[Enum['tcp', 'udp'], Stdlib::Port],
              Tuple[Stdlib::Port, Stdlib::Port],
              Tuple[Stdlib::Port],
        ]]],
    }],
}]