define nspawn::machine (
  String $os,
  Hash $os_opts = {} ,
  String $machine = $name,
  Boolean $enable = false,
) {

  require ::nspawn::setup

  file { "/var/lib/machines/${machine}/puppet":
    ensure => directory,
  }

  file { "/etc/systemd/nspawn/${machine}.nspawn":
    content => @("EOF")
    [Exec]
    Hostname=${machine}.adrift.space
    Boot=true
    # /usr/lib/systemd/resolv.conf
    ResolvConf=copy-static

    [Files]
    # TODO This should only be mounted on puppet servers, in case it
    # contains secrets
    BindReadOnly=/usr/local/puppet:/puppet

    [Network]
    Bridge=br0
    | EOF
  }

  create_resources("nspawn::os::${os}", { $machine => $os_opts })

  service { "systemd-nspawn@${machine}.service":
    enable => $enable,
  }

}