diff --git a/REFERENCE.md b/REFERENCE.md
index 495dcb3..c868843 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -1,1409 +1,1445 @@
# Reference
## Table of Contents
### Classes
#### Public Classes
* [`systemd`](#systemd): This module allows triggering systemd commands once for all modules
* [`systemd::tmpfiles`](#systemdtmpfiles): Update the systemd temp files
#### Private Classes
* `systemd::journald`: This class manages and configures journald.
* `systemd::logind`: This class manages systemd's login manager configuration.
* `systemd::networkd`: This class provides an abstract way to trigger systemd-networkd
* `systemd::resolved`: This class provides an abstract way to trigger resolved.
* `systemd::system`: This class provides a solution to enable accounting
* `systemd::timesyncd`: This class provides an abstract way to trigger systemd-timesyncd
* `systemd::udevd`: This class manages systemd's udev config
### Defined types
* [`systemd::dropin_file`](#systemddropin_file): Creates a drop-in file for a systemd unit
* [`systemd::network`](#systemdnetwork): Creates network config for systemd-networkd
* [`systemd::service_limits`](#systemdservice_limits): Adds a set of custom limits to the service
* [`systemd::timer`](#systemdtimer): Create a timer and optionally a service unit to execute with the timer unit
* [`systemd::tmpfile`](#systemdtmpfile): Creates a systemd tmpfile
* [`systemd::udev::rule`](#systemdudevrule): Adds a custom udev rule
* [`systemd::unit_file`](#systemdunit_file): Creates a systemd unit file
### Resource types
* [`loginctl_user`](#loginctl_user): An arbitrary name used as the identity of the resource.
### Functions
* [`systemd::escape`](#systemdescape): Escape strings as systemd-escape does.
### Data types
* [`Systemd::Dropin`](#systemddropin): custom datatype that validates filenames/paths for valid systemd dropin files
* [`Systemd::JournaldSettings`](#systemdjournaldsettings): Matches Systemd journald config Struct
* [`Systemd::JournaldSettings::Ensure`](#systemdjournaldsettingsensure): defines allowed ensure states for systemd-journald settings
* [`Systemd::LogindSettings`](#systemdlogindsettings): Matches Systemd Login Manager Struct
* [`Systemd::LogindSettings::Ensure`](#systemdlogindsettingsensure): defines allowed ensure states for systemd-logind settings
* [`Systemd::ServiceLimits`](#systemdservicelimits): Matches Systemd Service Limit Struct
* [`Systemd::Unit`](#systemdunit): custom datatype that validates different filenames for systemd units
## Classes
### `systemd`
This module allows triggering systemd commands once for all modules
#### Parameters
The following parameters are available in the `systemd` class:
* [`service_limits`](#service_limits)
+* [`networks`](#networks)
+* [`timers`](#timers)
+* [`tmpfiles`](#tmpfiles)
+* [`unit_files`](#unit_files)
* [`manage_resolved`](#manage_resolved)
* [`resolved_ensure`](#resolved_ensure)
* [`dns`](#dns)
* [`fallback_dns`](#fallback_dns)
* [`domains`](#domains)
* [`llmnr`](#llmnr)
* [`multicast_dns`](#multicast_dns)
* [`dnssec`](#dnssec)
* [`dnsovertls`](#dnsovertls)
* [`cache`](#cache)
* [`dns_stub_listener`](#dns_stub_listener)
* [`use_stub_resolver`](#use_stub_resolver)
* [`manage_networkd`](#manage_networkd)
* [`networkd_ensure`](#networkd_ensure)
* [`manage_timesyncd`](#manage_timesyncd)
* [`timesyncd_ensure`](#timesyncd_ensure)
* [`ntp_server`](#ntp_server)
* [`fallback_ntp_server`](#fallback_ntp_server)
* [`manage_journald`](#manage_journald)
* [`journald_settings`](#journald_settings)
* [`manage_udevd`](#manage_udevd)
* [`udev_log`](#udev_log)
* [`udev_children_max`](#udev_children_max)
* [`udev_exec_delay`](#udev_exec_delay)
* [`udev_event_timeout`](#udev_event_timeout)
* [`udev_resolve_names`](#udev_resolve_names)
* [`udev_timeout_signal`](#udev_timeout_signal)
* [`udev_rules`](#udev_rules)
* [`manage_logind`](#manage_logind)
* [`logind_settings`](#logind_settings)
* [`loginctl_users`](#loginctl_users)
* [`dropin_files`](#dropin_files)
* [`manage_all_network_files`](#manage_all_network_files)
* [`network_path`](#network_path)
* [`manage_accounting`](#manage_accounting)
* [`accounting`](#accounting)
* [`purge_dropin_dirs`](#purge_dropin_dirs)
##### `service_limits`
-Data type: `Hash[String,Hash[String, Any]]`
+Data type: `Hash[String[1],Hash[String[1], Any]]`
May be passed a resource hash suitable for passing directly into the
``create_resources()`` function as called on ``systemd::service_limits``
Default value: `{}`
+##### `networks`
+
+Data type: `Hash[String[1],Hash[String[1], Any]]`
+
+Hash of `systemd::network` resources
+
+Default value: `{}`
+
+##### `timers`
+
+Data type: `Hash[String[1],Hash[String[1], Any]]`
+
+Hash of `systemd::timer` resources
+
+Default value: `{}`
+
+##### `tmpfiles`
+
+Data type: `Hash[String[1],Hash[String[1], Any]]`
+
+Hash of `systemd::tmpfile` resources
+
+Default value: `{}`
+
+##### `unit_files`
+
+Data type: `Hash[String[1],Hash[String[1], Any]]`
+
+Hash of `systemd::unit_file` resources
+
+Default value: `{}`
+
##### `manage_resolved`
Data type: `Boolean`
Manage the systemd resolver
Default value: ``false``
##### `resolved_ensure`
Data type: `Enum['stopped','running']`
The state that the ``resolved`` service should be in
Default value: `'running'`
##### `dns`
Data type: `Optional[Variant[Array[String],String]]`
A space-separated list of IPv4 and IPv6 addresses to use as system DNS servers.
DNS requests are sent to one of the listed DNS servers in parallel to suitable
per-link DNS servers acquired from systemd-networkd.service(8) or set at runtime
by external applications. requires puppetlabs-inifile
Default value: ``undef``
##### `fallback_dns`
Data type: `Optional[Variant[Array[String],String]]`
A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS
servers. Any per-link DNS servers obtained from systemd-networkd take
precedence over this setting. requires puppetlabs-inifile
Default value: ``undef``
##### `domains`
Data type: `Optional[Variant[Array[String],String]]`
A space-separated list of domains host names or IP addresses to be used
systemd-resolved take precedence over this setting.
Default value: ``undef``
##### `llmnr`
Data type: `Optional[Variant[Boolean,Enum['resolve']]]`
Takes a boolean argument or "resolve".
Default value: ``undef``
##### `multicast_dns`
Data type: `Optional[Variant[Boolean,Enum['resolve']]]`
Takes a boolean argument or "resolve".
Default value: ``undef``
##### `dnssec`
Data type: `Optional[Variant[Boolean,Enum['allow-downgrade']]]`
Takes a boolean argument or "allow-downgrade".
Default value: ``undef``
##### `dnsovertls`
Data type: `Variant[Boolean,Enum['yes', 'opportunistic', 'no']]`
Takes a boolean argument or one of "yes", "opportunistic" or "no". "true" corresponds to
"opportunistic" and "false" (default) to "no".
Default value: ``false``
##### `cache`
Data type: `Variant[Boolean,Enum['no-negative']]`
Takes a boolean argument or "no-negative".
Default value: ``false``
##### `dns_stub_listener`
Data type: `Optional[Variant[Boolean,Enum['udp','tcp']]]`
Takes a boolean argument or one of "udp" and "tcp".
Default value: ``undef``
##### `use_stub_resolver`
Data type: `Boolean`
Takes a boolean argument. When "false" (default) it uses /run/systemd/resolve/resolv.conf
as /etc/resolv.conf. When "true", it uses /run/systemd/resolve/stub-resolv.conf
Default value: ``false``
##### `manage_networkd`
Data type: `Boolean`
Manage the systemd network daemon
Default value: ``false``
##### `networkd_ensure`
Data type: `Enum['stopped','running']`
The state that the ``networkd`` service should be in
Default value: `'running'`
##### `manage_timesyncd`
Data type: `Boolean`
Manage the systemd tiemsyncd daemon
Default value: ``false``
##### `timesyncd_ensure`
Data type: `Enum['stopped','running']`
The state that the ``timesyncd`` service should be in
Default value: `'running'`
##### `ntp_server`
Data type: `Optional[Variant[Array,String]]`
comma separated list of ntp servers, will be combined with interface specific
addresses from systemd-networkd. requires puppetlabs-inifile
Default value: ``undef``
##### `fallback_ntp_server`
Data type: `Optional[Variant[Array,String]]`
A space-separated list of NTP server host names or IP addresses to be used
as the fallback NTP servers. Any per-interface NTP servers obtained from
systemd-networkd take precedence over this setting. requires puppetlabs-inifile
Default value: ``undef``
##### `manage_journald`
Data type: `Boolean`
Manage the systemd journald
Default value: ``true``
##### `journald_settings`
Data type: `Systemd::JournaldSettings`
Config Hash that is used to configure settings in journald.conf
Default value: `{}`
##### `manage_udevd`
Data type: `Boolean`
Manage the systemd udev daemon
Default value: ``false``
##### `udev_log`
Data type: `Optional[Variant[Integer,String]]`
The value of /etc/udev/udev.conf udev_log
Default value: ``undef``
##### `udev_children_max`
Data type: `Optional[Integer]`
The value of /etc/udev/udev.conf children_max
Default value: ``undef``
##### `udev_exec_delay`
Data type: `Optional[Integer]`
The value of /etc/udev/udev.conf exec_delay
Default value: ``undef``
##### `udev_event_timeout`
Data type: `Optional[Integer]`
The value of /etc/udev/udev.conf event_timeout
Default value: ``undef``
##### `udev_resolve_names`
Data type: `Optional[Enum['early', 'late', 'never']]`
The value of /etc/udev/udev.conf resolve_names
Default value: ``undef``
##### `udev_timeout_signal`
Data type: `Optional[Variant[Integer,String]]`
The value of /etc/udev/udev.conf timeout_signal
Default value: ``undef``
##### `udev_rules`
Data type: `Hash`
Config Hash that is used to generate instances of our
`udev::rule` define.
Default value: `{}`
##### `manage_logind`
Data type: `Boolean`
Manage the systemd logind
Default value: ``false``
##### `logind_settings`
Data type: `Systemd::LogindSettings`
Config Hash that is used to configure settings in logind.conf
Default value: `{}`
##### `loginctl_users`
Data type: `Hash`
Config Hash that is used to generate instances of our type
`loginctl_user`.
Default value: `{}`
##### `dropin_files`
Data type: `Hash`
Configure dropin files via hiera with factory pattern
Default value: `{}`
##### `manage_all_network_files`
Data type: `Boolean`
Default value: ``false``
##### `network_path`
Data type: `Stdlib::Absolutepath`
where all networkd files are placed in
Default value: `'/etc/systemd/network'`
##### `manage_accounting`
Data type: `Boolean`
when enabled, the different accounting options (network traffic, IO, CPU util...) are enabled for units
Default value: ``false``
##### `accounting`
Data type: `Hash[String,String]`
Hash of the different accounting options. This highly depends on the used systemd version. The module provides sane defaults per operating system using Hiera.
##### `purge_dropin_dirs`
Data type: `Boolean`
When enabled, unused directories for dropin files will be purged
Default value: ``true``
### `systemd::tmpfiles`
Update the systemd temp files
* **See also**
* systemd-tmpfiles(8)
#### Parameters
The following parameters are available in the `systemd::tmpfiles` class:
* [`operations`](#operations)
##### `operations`
Data type: `Array[Enum['create','clean','remove']]`
The operations to perform on the systemd tempfiles
* All operations may be combined but you'll probably only ever want to
use ``create``
Default value: `['create']`
## Defined types
### `systemd::dropin_file`
Creates a drop-in file for a systemd unit
* **See also**
* systemd.unit(5)
#### Parameters
The following parameters are available in the `systemd::dropin_file` defined type:
* [`unit`](#unit)
* [`filename`](#filename)
* [`ensure`](#ensure)
* [`path`](#path)
* [`selinux_ignore_defaults`](#selinux_ignore_defaults)
* [`content`](#content)
* [`source`](#source)
* [`target`](#target)
* [`owner`](#owner)
* [`group`](#group)
* [`mode`](#mode)
* [`show_diff`](#show_diff)
* [`notify_service`](#notify_service)
##### `unit`
Data type: `Systemd::Unit`
the The target unit file to create, the value will be set to the `filename` parameter as well
##### `filename`
Data type: `Systemd::Dropin`
The target unit file to create
Default value: `$name`
##### `ensure`
Data type: `Enum['present', 'absent', 'file']`
the state of this dropin file
Default value: `'present'`
##### `path`
Data type: `Stdlib::Absolutepath`
The main systemd configuration path
Default value: `'/etc/systemd/system'`
##### `selinux_ignore_defaults`
Data type: `Boolean`
If Puppet should ignore the default SELinux labels.
Default value: ``false``
##### `content`
Data type: `Optional[Variant[String,Sensitive[String]]]`
The full content of the unit file (Mutually exclusive with `$source`)
Default value: ``undef``
##### `source`
Data type: `Optional[String]`
The `File` resource compatible `source` Mutually exclusive with ``$content``
Default value: ``undef``
##### `target`
Data type: `Optional[Stdlib::Absolutepath]`
If set, will force the file to be a symlink to the given target (Mutually exclusive with both `$source` and `$content`
Default value: ``undef``
##### `owner`
Data type: `String`
The owner to set on the dropin file
Default value: `'root'`
##### `group`
Data type: `String`
The group to set on the dropin file
Default value: `'root'`
##### `mode`
Data type: `String`
The mode to set on the dropin file
Default value: `'0444'`
##### `show_diff`
Data type: `Boolean`
Whether to show the diff when updating dropin file
Default value: ``true``
##### `notify_service`
Data type: `Boolean`
Notify a service for the unit, if it exists
Default value: ``false``
### `systemd::network`
Creates network config for systemd-networkd
#### Parameters
The following parameters are available in the `systemd::network` defined type:
* [`ensure`](#ensure)
* [`path`](#path)
* [`content`](#content)
* [`source`](#source)
* [`target`](#target)
* [`owner`](#owner)
* [`group`](#group)
* [`mode`](#mode)
* [`show_diff`](#show_diff)
* [`restart_service`](#restart_service)
##### `ensure`
Data type: `Enum['file', 'absent']`
configure if the file should be configured or deleted
Default value: `file`
##### `path`
Data type: `Stdlib::Absolutepath`
directory where the network configs are stored
Default value: `'/etc/systemd/network'`
##### `content`
Data type: `Optional[String]`
the content of the file
Default value: ``undef``
##### `source`
Data type: `Optional[String]`
a path to a file that's used as source
Default value: ``undef``
##### `target`
Data type: `Optional[Stdlib::Absolutepath]`
optional absolute path in case the file should be stored somewhere else
Default value: ``undef``
##### `owner`
Data type: `String`
the user who owns the file
Default value: `'root'`
##### `group`
Data type: `String`
the group that owns the file
Default value: `'root'`
##### `mode`
Data type: `String`
the mode of the file
Default value: `'0444'`
##### `show_diff`
Data type: `Boolean`
whether the file diff should be shown on modifications
Default value: ``true``
##### `restart_service`
Data type: `Boolean`
whether systemd-networkd should be restarted on changes, defaults to true. `$systemd::manage_networkd` needs to be true as well
Default value: ``true``
### `systemd::service_limits`
Adds a set of custom limits to the service
* **See also**
* systemd.exec(5)
#### Parameters
The following parameters are available in the `systemd::service_limits` defined type:
* [`name`](#name)
* [`ensure`](#ensure)
* [`path`](#path)
* [`selinux_ignore_defaults`](#selinux_ignore_defaults)
* [`limits`](#limits)
* [`source`](#source)
* [`restart_service`](#restart_service)
##### `name`
Data type: `Pattern['^.+\.(service|socket|mount|swap)$']`
The name of the service that you will be modifying
##### `ensure`
Data type: `Enum['present', 'absent', 'file']`
Whether to drop a file or remove it
Default value: `'present'`
##### `path`
Data type: `Stdlib::Absolutepath`
The path to the main systemd settings directory
Default value: `'/etc/systemd/system'`
##### `selinux_ignore_defaults`
Data type: `Boolean`
If Puppet should ignore the default SELinux labels.
Default value: ``false``
##### `limits`
Data type: `Optional[Systemd::ServiceLimits]`
A Hash of service limits matching the settings in ``systemd.exec(5)``
* Mutually exclusive with ``$source``
Default value: ``undef``
##### `source`
Data type: `Optional[String]`
A ``File`` resource compatible ``source``
* Mutually exclusive with ``$limits``
Default value: ``undef``
##### `restart_service`
Data type: `Boolean`
Restart the managed service after setting the limits
Default value: ``true``
### `systemd::timer`
Create a timer and optionally a service unit to execute with the timer unit
* **See also**
* https://www.freedesktop.org/software/systemd/man/systemd.timer.html
* systemd.timer(5)
#### Parameters
The following parameters are available in the `systemd::timer` defined type:
* [`name`](#name)
* [`path`](#path)
* [`timer_content`](#timer_content)
* [`timer_source`](#timer_source)
* [`service_content`](#service_content)
* [`service_source`](#service_source)
* [`owner`](#owner)
* [`group`](#group)
* [`mode`](#mode)
* [`show_diff`](#show_diff)
* [`service_unit`](#service_unit)
* [`active`](#active)
* [`enable`](#enable)
* [`ensure`](#ensure)
##### `name`
Data type: `Pattern['^.+\.timer$]`
The target of the timer unit to create
##### `path`
Data type: `Stdlib::Absolutepath`
The main systemd configuration path
Default value: `'/etc/systemd/system'`
##### `timer_content`
Data type: `Optional[String[1]]`
The full content of the timer unit file
* Mutually exclusive with ``$timer_source``
Default value: ``undef``
##### `timer_source`
Data type: `Optional[String[1]]`
The ``File`` resource compatible ``source``
* Mutually exclusive with ``$timer_content``
Default value: ``undef``
##### `service_content`
Data type: `Optional[String[1]]`
The full content of the service unit file
* Mutually exclusive with ``$service_source``
Default value: ``undef``
##### `service_source`
Data type: `Optional[String[1]]`
The ``File`` resource compatible ``source``
* Mutually exclusive with ``$service_content``
Default value: ``undef``
##### `owner`
Data type: `String[1]`
The owner to set on the dropin file
Default value: `'root'`
##### `group`
Data type: `String[1]`
The group to set on the dropin file
Default value: `'root'`
##### `mode`
Data type: `Stdlib::Filemode`
The mode to set on the dropin file
Default value: `'0444'`
##### `show_diff`
Data type: `Boolean`
Whether to show the diff when updating dropin file
Default value: ``true``
##### `service_unit`
Data type: `Optional[Systemd::Unit]`
If set then the service_unit will have this name.
If not set the service unit has the same name
as the timer unit with s/.timer/.service/
Default value: ``undef``
##### `active`
Data type: `Optional[Boolean]`
If set to true or false the timer service will be maintained.
If true the timer service will be running and enabled, if false it will
explictly stopped and disabled.
Default value: ``undef``
##### `enable`
Data type: `Optional[Variant[Boolean, Enum['mask']]]`
If set, will manage the state of the unit.
Default value: ``undef``
##### `ensure`
Data type: `Enum['present', 'absent', 'file']`
Defines the desired state of the timer
Default value: `'present'`
### `systemd::tmpfile`
Creates a systemd tmpfile
* **See also**
* systemd-tmpfiles(8)
#### Parameters
The following parameters are available in the `systemd::tmpfile` defined type:
* [`filename`](#filename)
* [`ensure`](#ensure)
* [`path`](#path)
* [`content`](#content)
* [`source`](#source)
##### `filename`
Data type: `Systemd::Dropin`
The name of the tmpfile to create
Default value: `$name`
##### `ensure`
Data type: `Enum['present', 'absent', 'file']`
Whether to drop a file or remove it
Default value: `'file'`
##### `path`
Data type: `Stdlib::Absolutepath`
The path to the main systemd tmpfiles directory
Default value: `'/etc/tmpfiles.d'`
##### `content`
Data type: `Optional[String]`
The literal content to write to the file
* Mutually exclusive with ``$source``
Default value: ``undef``
##### `source`
Data type: `Optional[String]`
A ``File`` resource compatible ``source``
* Mutually exclusive with ``$limits``
Default value: ``undef``
### `systemd::udev::rule`
Adds a custom udev rule
* **See also**
* udev(7)
#### Parameters
The following parameters are available in the `systemd::udev::rule` defined type:
* [`name`](#name)
* [`ensure`](#ensure)
* [`path`](#path)
* [`selinux_ignore_defaults`](#selinux_ignore_defaults)
* [`notify_services`](#notify_services)
* [`rules`](#rules)
##### `name`
Data type: `Pattern['^.+\.rules$']`
The name of the udev rules to create
##### `ensure`
Data type: `Enum['present', 'absent', 'file']`
Whether to drop a file or remove it
Default value: `'present'`
##### `path`
Data type: `Stdlib::Absolutepath`
The path to the main systemd settings directory
Default value: `'/etc/udev/rules.d'`
##### `selinux_ignore_defaults`
Data type: `Boolean`
If Puppet should ignore the default SELinux labels.
Default value: ``false``
##### `notify_services`
Data type: `Variant[Array[String[1]], String[1]]`
List of services to notify when this rule is updated
Default value: `[]`
##### `rules`
Data type: `Array`
The literal udev rules you want to deploy
### `systemd::unit_file`
Creates a systemd unit file
* **See also**
* systemd.unit(5)
#### Parameters
The following parameters are available in the `systemd::unit_file` defined type:
* [`name`](#name)
* [`ensure`](#ensure)
* [`path`](#path)
* [`content`](#content)
* [`source`](#source)
* [`target`](#target)
* [`owner`](#owner)
* [`group`](#group)
* [`mode`](#mode)
* [`show_diff`](#show_diff)
* [`enable`](#enable)
* [`active`](#active)
* [`restart`](#restart)
##### `name`
Data type: `Pattern['^[^/]+\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$']`
The target unit file to create
##### `ensure`
Data type: `Enum['present', 'absent', 'file']`
The state of the unit file to ensure
Default value: `'present'`
##### `path`
Data type: `Stdlib::Absolutepath`
The main systemd configuration path
Default value: `'/etc/systemd/system'`
##### `content`
Data type: `Optional[Variant[String, Sensitive[String], Deferred]]`
The full content of the unit file
* Mutually exclusive with ``$source``
Default value: ``undef``
##### `source`
Data type: `Optional[String]`
The ``File`` resource compatible ``source``
* Mutually exclusive with ``$content``
Default value: ``undef``
##### `target`
Data type: `Optional[Stdlib::Absolutepath]`
If set, will force the file to be a symlink to the given target
* Mutually exclusive with both ``$source`` and ``$content``
Default value: ``undef``
##### `owner`
Data type: `String`
The owner to set on the unit file
Default value: `'root'`
##### `group`
Data type: `String`
The group to set on the unit file
Default value: `'root'`
##### `mode`
Data type: `String`
The mode to set on the unit file
Default value: `'0444'`
##### `show_diff`
Data type: `Boolean`
Whether to show the diff when updating unit file
Default value: ``true``
##### `enable`
Data type: `Optional[Variant[Boolean, Enum['mask']]]`
If set, will manage the unit enablement status.
Default value: ``undef``
##### `active`
Data type: `Optional[Boolean]`
If set, will manage the state of the unit.
Default value: ``undef``
##### `restart`
Data type: `Optional[String]`
Specify a restart command manually. If left unspecified, a standard Puppet service restart happens.
Default value: ``undef``
## Resource types
### `loginctl_user`
An arbitrary name used as the identity of the resource.
#### Properties
The following properties are available in the `loginctl_user` type.
##### `linger`
Valid values: `enabled`, `disabled`
Whether linger is enabled for the user.
Default value: `disabled`
#### Parameters
The following parameters are available in the `loginctl_user` type.
* [`name`](#name)
* [`provider`](#provider)
##### `name`
namevar
An arbitrary name used as the identity of the resource.
##### `provider`
The specific backend to use for this `loginctl_user` resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
## Functions
### `systemd::escape`
Type: Puppet Language
Escape strings as systemd-escape does.
#### Examples
##### Escaping a string
```puppet
$result = systemd::escape('foo::bar')
```
##### Escaping a path
```puppet
$result = systemd::escape('/mnt/foobar',true)
```
#### `systemd::escape(String[1] $input, Boolean $path = false)`
The systemd::escape function.
Returns: `String` String
##### Examples
###### Escaping a string
```puppet
$result = systemd::escape('foo::bar')
```
###### Escaping a path
```puppet
$result = systemd::escape('/mnt/foobar',true)
```
##### `input`
Data type: `String[1]`
Input string
##### `path`
Data type: `Boolean`
Use path (-p) ornon-path style escaping.
## Data types
### `Systemd::Dropin`
custom datatype that validates filenames/paths for valid systemd dropin files
Alias of
```puppet
Pattern['^[^/]+\.conf$']
```
### `Systemd::JournaldSettings`
Matches Systemd journald config Struct
Alias of
```puppet
Struct[{
Optional['Storage'] => Variant[Enum['volatile','persistent','auto','none'],Systemd::JournaldSettings::Ensure],
Optional['Compress'] => Variant[Enum['yes','no'], Pattern[/^[0-9]+(K|M|G)?$/],Systemd::JournaldSettings::Ensure],
Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
Optional['SplitMode'] => Variant[Enum['uid','none'],Systemd::JournaldSettings::Ensure],
Optional['RateLimitInterval'] => Variant[Pattern[/^[0-9]+(s|min|h|ms|us)?$/],Systemd::JournaldSettings::Ensure],
Optional['RateLimitIntervalSec'] => Variant[Pattern[/^[0-9]+(s|min|h|ms|us)?$/],Systemd::JournaldSettings::Ensure],
Optional['RateLimitBurst'] => Variant[Integer[0], Pattern[/^[0-9]+$/],Systemd::JournaldSettings::Ensure],
Optional['SystemMaxUse'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],
Optional['SystemKeepFree'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],
Optional['SystemMaxFileSize'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],
Optional['SystemMaxFiles'] => Variant[Integer[0], Pattern[/^[0-9]+$/],Systemd::JournaldSettings::Ensure],
Optional['RuntimeMaxUse'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],
Optional['RuntimeKeepFree'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],
Optional['RuntimeMaxFileSize'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],
Optional['RuntimeMaxFiles'] => Variant[Integer[0], Pattern[/^[0-9]+$/],Systemd::JournaldSettings::Ensure],
Optional['MaxFileSec'] => Variant[Pattern[/^[0-9]+(year|month|week|day|h|m)?$/],Systemd::JournaldSettings::Ensure],
Optional['MaxRetentionSec'] => Variant[Pattern[/^[0-9]+(year|month|week|day|h|m)?$/],Systemd::JournaldSettings::Ensure],
Optional['SyncIntervalSec'] => Variant[Pattern[/^[0-9]+(year|month|week|day|h|m)?$/],Systemd::JournaldSettings::Ensure],
Optional['ForwardToSyslog'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
Optional['ForwardToKMsg'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
Optional['ForwardToConsole'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
Optional['ForwardToWall'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
Optional['MaxLevelStore'] => Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'],Integer[0,7],Systemd::JournaldSettings::Ensure],
Optional['MaxLevelSyslog'] => Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'],Integer[0,7],Systemd::JournaldSettings::Ensure],
Optional['MaxLevelKMsg'] => Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'],Integer[0,7],Systemd::JournaldSettings::Ensure],
Optional['MaxLevelConsole'] => Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'],Integer[0,7],Systemd::JournaldSettings::Ensure],
Optional['MaxLevelWall'] => Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'],Integer[0,7],Systemd::JournaldSettings::Ensure],
Optional['ReadKMsg'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
Optional['TTYPath'] => Variant[Stdlib::Absolutepath,Systemd::JournaldSettings::Ensure],
Optional['LineMax'] => Variant[Pattern[/^[0-9]+(K|M|G|T)?$/],Systemd::JournaldSettings::Ensure],
}]
```
### `Systemd::JournaldSettings::Ensure`
defines allowed ensure states for systemd-journald settings
Alias of
```puppet
Struct[{ 'ensure' => Enum['present','absent'] }]
```
### `Systemd::LogindSettings`
Matches Systemd Login Manager Struct
Alias of
```puppet
Struct[{
Optional['HandleHibernateKey'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],
Optional['HandleLidSwitch'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],
Optional['HandleLidSwitchDocked'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],
Optional['HandleLidSwitchExternalPower'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],
Optional['HandlePowerKey'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],
Optional['HandleSuspendKey'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],
Optional['HibernateKeyIgnoreInhibited'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],
Optional['HoldoffTimeoutSec'] => Variant[Integer,Systemd::LogindSettings::Ensure],
Optional['IdleAction'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],
Optional['IdleActionSec'] => Variant[Integer,Systemd::LogindSettings::Ensure],
Optional['InhibitDelayMaxSec'] => Variant[Integer,Systemd::LogindSettings::Ensure],
Optional['InhibitorsMax'] => Variant[Integer,Systemd::LogindSettings::Ensure],
Optional['KillExcludeUsers'] => Variant[Array[String],Systemd::LogindSettings::Ensure],
Optional['KillOnlyUsers'] => Variant[Array[String],Systemd::LogindSettings::Ensure],
Optional['KillUserProcesses'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],
Optional['LidSwitchIgnoreInhibited'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],
Optional['NAutoVTs'] => Variant[Integer,Systemd::LogindSettings::Ensure],
Optional['PowerKeyIgnoreInhibited'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],
Optional['RemoveIPC'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],
Optional['ReserveVT'] => Variant[Integer,Systemd::LogindSettings::Ensure],
Optional['RuntimeDirectorySize'] => Variant[Integer,Pattern['^(\d+(K|M|G|T|P|E|%)?)$'],Systemd::LogindSettings::Ensure],
Optional['SessionsMax'] => Variant[Integer,Pattern['^(infinity|(\d+(K|M|G|T|P|E|%)?))$'],Systemd::LogindSettings::Ensure],
Optional['SuspendKeyIgnoreInhibited'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],
Optional['UserTasksMax'] => Variant[Integer,Pattern['^(infinity|(\d+(K|M|G|T|P|E|%)?))$'],Systemd::LogindSettings::Ensure]
}]
```
### `Systemd::LogindSettings::Ensure`
defines allowed ensure states for systemd-logind settings
Alias of
```puppet
Struct[{ 'ensure' => Enum['present','absent'] }]
```
### `Systemd::ServiceLimits`
Matches Systemd Service Limit Struct
Alias of
```puppet
Struct[{
Optional['LimitCPU'] => Pattern['^\d+(s|m|h|d|w|M|y)?(:\d+(s|m|h|d|w|M|y)?)?$'],
Optional['LimitFSIZE'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)(:\d+(K|M|G|T|P|E))?)))$'],
Optional['LimitDATA'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)(:\d+(K|M|G|T|P|E))?)))$'],
Optional['LimitSTACK'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)(:\d+(K|M|G|T|P|E))?)))$'],
Optional['LimitCORE'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)(:\d+(K|M|G|T|P|E))?)))$'],
Optional['LimitRSS'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)(:\d+(K|M|G|T|P|E))?)))$'],
Optional['LimitNOFILE'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$']],
Optional['LimitAS'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)(:\d+(K|M|G|T|P|E))?)))$'],
Optional['LimitNPROC'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$']],
Optional['LimitMEMLOCK'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)(:\d+(K|M|G|T|P|E))?)))$'],
Optional['LimitLOCKS'] => Integer[1],
Optional['LimitSIGPENDING'] => Integer[1],
Optional['LimitMSGQUEUE'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)(:\d+(K|M|G|T|P|E))?)))$'],
Optional['LimitNICE'] => Variant[Integer[0,40], Pattern['^(-\+([0-1]?[0-9]|20))|([0-3]?[0-9]|40)$']],
Optional['LimitRTPRIO'] => Integer[0],
Optional['LimitRTTIME'] => Pattern['^\d+(ms|s|m|h|d|w|M|y)?(:\d+(ms|s|m|h|d|w|M|y)?)?$'],
Optional['CPUAccounting'] => Boolean,
Optional['CPUShares'] => Integer[2,262144],
Optional['StartupCPUShares'] => Integer[2,262144],
Optional['CPUQuota'] => Pattern['^([1-9][0-9]*)%$'],
Optional['MemoryAccounting'] => Boolean,
Optional['MemoryLow'] => Pattern['^(\d+(K|M|G|T)?)$'],
Optional['MemoryHigh'] => Pattern['^(\d+(K|M|G|T)?)$'],
Optional['MemoryMax'] => Pattern['^(\d+(K|M|G|T)?)$'],
Optional['MemoryLimit'] => Pattern['^(\d+(K|M|G|T)?)$'],
Optional['TasksAccounting'] => Boolean,
Optional['TasksMax'] => Variant[Integer[1],Pattern['^(infinity|([1-9][0-9]?$|^100)%)$']],
Optional['IOAccounting'] => Boolean,
Optional['IOWeight'] => Integer[1,10000],
Optional['StartupIOWeight'] => Integer[1,10000],
Optional['IODeviceWeight'] => Array[Hash[Stdlib::Absolutepath, Integer[1,10000], 1, 1]],
Optional['IOReadBandwidthMax'] => Array[Hash[Stdlib::Absolutepath, Pattern['^(\d+(K|M|G|T)?)$'], 1, 1]],
Optional['IOWriteBandwidthMax'] => Array[Hash[Stdlib::Absolutepath, Pattern['^(\d+(K|M|G|T)?)$'], 1, 1]],
Optional['IOReadIOPSMax'] => Array[Hash[Stdlib::Absolutepath, Pattern['^(\d+(K|M|G|T)?)$'], 1, 1]],
Optional['IOWriteIOPSMax'] => Array[Hash[Stdlib::Absolutepath, Pattern['^(\d+(K|M|G|T)?)$'], 1, 1]],
Optional['DeviceAllow'] => String[1],
Optional['DevicePolicy'] => Enum['auto','closed','strict'],
Optional['Slice'] => String[1],
Optional['Delegate'] => Boolean,
Optional['OOMScoreAdjust'] => Integer[-1000,1000]
}]
```
### `Systemd::Unit`
custom datatype that validates different filenames for systemd units
Alias of
```puppet
Pattern['^[^/]+\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$']
```
diff --git a/manifests/init.pp b/manifests/init.pp
index 22fb6f4..0ef3ab3 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,206 +1,246 @@
# This module allows triggering systemd commands once for all modules
#
# @api public
#
# @param service_limits
# May be passed a resource hash suitable for passing directly into the
# ``create_resources()`` function as called on ``systemd::service_limits``
#
+# @param networks
+# Hash of `systemd::network` resources
+#
+# @param timers
+# Hash of `systemd::timer` resources
+#
+# @param tmpfiles
+# Hash of `systemd::tmpfile` resources
+#
+# @param unit_files
+# Hash of `systemd::unit_file` resources
+#
# @param manage_resolved
# Manage the systemd resolver
#
# @param resolved_ensure
# The state that the ``resolved`` service should be in
#
# @param dns
# A space-separated list of IPv4 and IPv6 addresses to use as system DNS servers.
# DNS requests are sent to one of the listed DNS servers in parallel to suitable
# per-link DNS servers acquired from systemd-networkd.service(8) or set at runtime
# by external applications. requires puppetlabs-inifile
#
# @param fallback_dns
# A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS
# servers. Any per-link DNS servers obtained from systemd-networkd take
# precedence over this setting. requires puppetlabs-inifile
#
# @param domains
# A space-separated list of domains host names or IP addresses to be used
# systemd-resolved take precedence over this setting.
#
# @param llmnr
# Takes a boolean argument or "resolve".
#
# @param multicast_dns
# Takes a boolean argument or "resolve".
#
# @param dnssec
# Takes a boolean argument or "allow-downgrade".
#
# @param dnsovertls
# Takes a boolean argument or one of "yes", "opportunistic" or "no". "true" corresponds to
# "opportunistic" and "false" (default) to "no".
#
# @param cache
# Takes a boolean argument or "no-negative".
#
# @param dns_stub_listener
# Takes a boolean argument or one of "udp" and "tcp".
#
# @param use_stub_resolver
# Takes a boolean argument. When "false" (default) it uses /run/systemd/resolve/resolv.conf
# as /etc/resolv.conf. When "true", it uses /run/systemd/resolve/stub-resolv.conf
# @param manage_networkd
# Manage the systemd network daemon
#
# @param networkd_ensure
# The state that the ``networkd`` service should be in
#
# @param manage_timesyncd
# Manage the systemd tiemsyncd daemon
#
# @param timesyncd_ensure
# The state that the ``timesyncd`` service should be in
#
# @param ntp_server
# comma separated list of ntp servers, will be combined with interface specific
# addresses from systemd-networkd. requires puppetlabs-inifile
#
# @param fallback_ntp_server
# A space-separated list of NTP server host names or IP addresses to be used
# as the fallback NTP servers. Any per-interface NTP servers obtained from
# systemd-networkd take precedence over this setting. requires puppetlabs-inifile
#
# @param manage_journald
# Manage the systemd journald
#
# @param journald_settings
# Config Hash that is used to configure settings in journald.conf
#
# @param manage_udevd
# Manage the systemd udev daemon
#
# @param udev_log
# The value of /etc/udev/udev.conf udev_log
#
# @param udev_children_max
# The value of /etc/udev/udev.conf children_max
#
# @param udev_exec_delay
# The value of /etc/udev/udev.conf exec_delay
#
# @param udev_event_timeout
# The value of /etc/udev/udev.conf event_timeout
#
# @param udev_resolve_names
# The value of /etc/udev/udev.conf resolve_names
#
# @param udev_timeout_signal
# The value of /etc/udev/udev.conf timeout_signal
#
# @param udev_rules
# Config Hash that is used to generate instances of our
# `udev::rule` define.
#
# @param manage_logind
# Manage the systemd logind
#
# @param logind_settings
# Config Hash that is used to configure settings in logind.conf
#
# @param loginctl_users
# Config Hash that is used to generate instances of our type
# `loginctl_user`.
#
# @param dropin_files
# Configure dropin files via hiera with factory pattern
#
# @param manage_all_network_files
#
# @param network_path
# where all networkd files are placed in
#
# @param manage_accounting
# when enabled, the different accounting options (network traffic, IO, CPU util...) are enabled for units
#
# @param accounting
# Hash of the different accounting options. This highly depends on the used systemd version. The module provides sane defaults per operating system using Hiera.
#
# @param purge_dropin_dirs
# When enabled, unused directories for dropin files will be purged
#
class systemd (
Hash[String,String] $accounting,
- Hash[String,Hash[String, Any]] $service_limits = {},
+ Hash[String[1],Hash[String[1], Any]] $service_limits = {},
+ Hash[String[1],Hash[String[1], Any]] $networks = {},
+ Hash[String[1],Hash[String[1], Any]] $timers = {},
+ Hash[String[1],Hash[String[1], Any]] $tmpfiles = {},
+ Hash[String[1],Hash[String[1], Any]] $unit_files = {},
Boolean $manage_resolved = false,
Enum['stopped','running'] $resolved_ensure = 'running',
Optional[Variant[Array[String],String]] $dns = undef,
Optional[Variant[Array[String],String]] $fallback_dns = undef,
Optional[Variant[Array[String],String]] $domains = undef,
Optional[Variant[Boolean,Enum['resolve']]] $llmnr = undef,
Optional[Variant[Boolean,Enum['resolve']]] $multicast_dns = undef,
Optional[Variant[Boolean,Enum['allow-downgrade']]] $dnssec = undef,
Variant[Boolean,Enum['yes', 'opportunistic', 'no']] $dnsovertls = false,
Variant[Boolean,Enum['no-negative']] $cache = false,
Optional[Variant[Boolean,Enum['udp','tcp']]] $dns_stub_listener = undef,
Boolean $use_stub_resolver = false,
Boolean $manage_networkd = false,
Enum['stopped','running'] $networkd_ensure = 'running',
Boolean $manage_timesyncd = false,
Enum['stopped','running'] $timesyncd_ensure = 'running',
Optional[Variant[Array,String]] $ntp_server = undef,
Optional[Variant[Array,String]] $fallback_ntp_server = undef,
Boolean $manage_accounting = false,
Boolean $purge_dropin_dirs = true,
Boolean $manage_journald = true,
Systemd::JournaldSettings $journald_settings = {},
Boolean $manage_udevd = false,
Optional[Variant[Integer,String]] $udev_log = undef,
Optional[Integer] $udev_children_max = undef,
Optional[Integer] $udev_exec_delay = undef,
Optional[Integer] $udev_event_timeout = undef,
Optional[Enum['early', 'late', 'never']] $udev_resolve_names = undef,
Optional[Variant[Integer,String]] $udev_timeout_signal = undef,
Boolean $manage_logind = false,
Systemd::LogindSettings $logind_settings = {},
Boolean $manage_all_network_files = false,
Stdlib::Absolutepath $network_path = '/etc/systemd/network',
Hash $loginctl_users = {},
Hash $dropin_files = {},
Hash $udev_rules = {},
) {
- create_resources('systemd::service_limits', $service_limits)
+ $service_limits.each |$service_limit, $service_limit_data| {
+ systemd::service_limits { $service_limit:
+ * => $service_limit_data,
+ }
+ }
+ $networks.each |$network, $network_data| {
+ systemd::network { $network:
+ * => $network_data,
+ }
+ }
+ $timers.each |$timer, $timer_data| {
+ systemd::timer { $timer:
+ * => $timer_data,
+ }
+ }
+ $tmpfiles.each |$tmpfile, $tmpfile_data| {
+ systemd::tmpfile { $tmpfile:
+ * => $tmpfile_data,
+ }
+ }
+ $unit_files.each |$unit_file, $unit_file_data| {
+ systemd::unit_file { $unit_file:
+ * => $unit_file_data,
+ }
+ }
if $manage_resolved and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-resolved.service'] {
contain systemd::resolved
}
if $manage_networkd and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-networkd.service'] {
contain systemd::networkd
}
if $manage_timesyncd and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-timesyncd.service'] {
contain systemd::timesyncd
}
if $manage_udevd {
contain systemd::udevd
}
if $manage_accounting {
contain systemd::system
}
if $manage_journald {
contain systemd::journald
}
if $manage_logind {
contain systemd::logind
}
$dropin_files.each |$name, $resource| {
systemd::dropin_file { $name:
* => $resource,
}
}
}
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index 0f18fac..54466a9 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -1,458 +1,516 @@
require 'spec_helper'
describe 'systemd' do
context 'supported operating systems' do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
it { is_expected.to compile.with_all_deps }
it { is_expected.to create_class('systemd') }
it { is_expected.to contain_class('systemd::journald') }
it { is_expected.to create_service('systemd-journald') }
it { is_expected.to have_ini_setting_resource_count(0) }
it { is_expected.not_to create_service('systemd-resolved') }
it { is_expected.not_to create_service('systemd-networkd') }
it { is_expected.not_to create_service('systemd-timesyncd') }
context 'when enabling resolved and networkd' do
let(:params) do
{
manage_resolved: true,
manage_networkd: true,
}
end
it { is_expected.to create_service('systemd-resolved').with_ensure('running') }
it { is_expected.to create_service('systemd-resolved').with_enable(true) }
it { is_expected.to create_service('systemd-networkd').with_ensure('running') }
it { is_expected.to create_service('systemd-networkd').with_enable(true) }
it { is_expected.not_to contain_file('/etc/systemd/network') }
end
context 'when enabling resolved with DNS values (string)' do
let(:params) do
{
manage_resolved: true,
dns: '8.8.8.8 8.8.4.4',
fallback_dns: '2001:4860:4860::8888 2001:4860:4860::8844',
}
end
it { is_expected.to create_service('systemd-resolved').with_ensure('running') }
it { is_expected.to create_service('systemd-resolved').with_enable(true) }
it { is_expected.to contain_ini_setting('dns') }
it { is_expected.to contain_ini_setting('fallback_dns') }
it { is_expected.not_to contain_ini_setting('domains') }
it { is_expected.not_to contain_ini_setting('multicast_dns') }
it { is_expected.not_to contain_ini_setting('llmnr') }
it { is_expected.not_to contain_ini_setting('dnssec') }
it { is_expected.not_to contain_ini_setting('dnsovertls') }
it { is_expected.not_to contain_ini_setting('cache') }
it { is_expected.not_to contain_ini_setting('dns_stub_listener') }
end
context 'when enabling resolved with DNS values (array)' do
let(:params) do
{
manage_resolved: true,
dns: ['8.8.8.8', '8.8.4.4'],
fallback_dns: ['2001:4860:4860::8888', '2001:4860:4860::8844'],
}
end
it { is_expected.to create_service('systemd-resolved').with_ensure('running') }
it { is_expected.to create_service('systemd-resolved').with_enable(true) }
it { is_expected.to contain_ini_setting('dns') }
it { is_expected.to contain_ini_setting('fallback_dns') }
it { is_expected.not_to contain_ini_setting('domains') }
it { is_expected.not_to contain_ini_setting('multicast_dns') }
it { is_expected.not_to contain_ini_setting('llmnr') }
it { is_expected.not_to contain_ini_setting('dnssec') }
it { is_expected.not_to contain_ini_setting('dnsovertls') }
it { is_expected.not_to contain_ini_setting('cache') }
it { is_expected.not_to contain_ini_setting('dns_stub_listener') }
end
context 'when enabling resolved with DNS values (full)' do
let(:params) do
{
manage_resolved: true,
dns: ['8.8.8.8', '8.8.4.4'],
fallback_dns: ['2001:4860:4860::8888', '2001:4860:4860::8844'],
domains: ['2001:4860:4860::8888', '2001:4860:4860::8844'],
llmnr: true,
multicast_dns: false,
dnssec: false,
dnsovertls: 'no',
cache: true,
dns_stub_listener: 'udp',
}
end
it { is_expected.to create_service('systemd-resolved').with_ensure('running') }
it { is_expected.to create_service('systemd-resolved').with_enable(true) }
it { is_expected.to contain_ini_setting('dns') }
it { is_expected.to contain_ini_setting('fallback_dns') }
it { is_expected.to contain_ini_setting('domains') }
it { is_expected.to contain_ini_setting('multicast_dns') }
it { is_expected.to contain_ini_setting('llmnr') }
it { is_expected.to contain_ini_setting('dnssec') }
it { is_expected.to contain_ini_setting('dnsovertls') }
it {
is_expected.to contain_ini_setting('cache').with(
path: '/etc/systemd/resolved.conf',
value: 'yes'
)
}
it { is_expected.to contain_ini_setting('dns_stub_listener') }
end
context 'when enabling resolved with no-negative cache variant' do
let(:params) do
{
manage_resolved: true,
cache: 'no-negative',
}
end
it { is_expected.to create_service('systemd-resolved').with_ensure('running') }
it { is_expected.to create_service('systemd-resolved').with_enable(true) }
it {
is_expected.to contain_ini_setting('cache').with(
path: '/etc/systemd/resolved.conf',
value: 'no-negative'
)
}
end
context 'when enabling timesyncd' do
let(:params) do
{
manage_timesyncd: true,
}
end
it { is_expected.to create_service('systemd-timesyncd').with_ensure('running') }
it { is_expected.to create_service('systemd-timesyncd').with_enable(true) }
it { is_expected.not_to create_service('systemd-resolved').with_ensure('running') }
it { is_expected.not_to create_service('systemd-resolved').with_enable(true) }
it { is_expected.not_to create_service('systemd-networkd').with_ensure('running') }
it { is_expected.not_to create_service('systemd-networkd').with_enable(true) }
end
context 'when enabling timesyncd with NTP values (string)' do
let(:params) do
{
manage_timesyncd: true,
ntp_server: '0.pool.ntp.org 1.pool.ntp.org',
fallback_ntp_server: '2.pool.ntp.org 3.pool.ntp.org',
}
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_ini_setting('ntp_server') }
it { is_expected.to contain_ini_setting('fallback_ntp_server') }
end
context 'when enabling timesyncd with NTP values (array)' do
let(:params) do
{
manage_timesyncd: true,
ntp_server: ['0.pool.ntp.org', '1.pool.ntp.org'],
fallback_ntp_server: ['2.pool.ntp.org', '3.pool.ntp.org'],
}
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_ini_setting('ntp_server') }
it { is_expected.to contain_ini_setting('fallback_ntp_server') }
end
context 'when passing service limits' do
let(:params) do
{
service_limits: { 'openstack-nova-compute.service' => { 'limits' => { 'LimitNOFILE' => 32_768 } } },
}
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_systemd__service_limits('openstack-nova-compute.service').with_limits('LimitNOFILE' => 32_768) }
end
+ context 'when passing networks' do
+ let :params do
+ {
+ networks: { 'uplink.network' => { 'content' => 'foo' }, 'uplink.netdev' => { 'content' => 'bar' }, },
+ }
+ end
+
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_systemd__network('uplink.network').with_content('foo') }
+ it { is_expected.to contain_systemd__network('uplink.netdev').with_content('bar') }
+ it { is_expected.to contain_file('/etc/systemd/network/uplink.network') }
+ it { is_expected.to contain_file('/etc/systemd/network/uplink.netdev') }
+ it { is_expected.to have_systemd__network_resource_count(2) }
+ end
+ context 'when passing timers' do
+ let :params do
+ {
+ timers: { 'first.timer' => { 'timer_content' => 'foo' }, 'second.timer' => { 'timer_content' => 'bar' }, },
+ }
+ end
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_systemd__timer('first.timer').with_timer_content('foo') }
+ it { is_expected.to contain_systemd__timer('second.timer').with_timer_content('bar') }
+ it { is_expected.to contain_systemd__unit_file('first.timer').with_content('foo') }
+ it { is_expected.to contain_systemd__unit_file('second.timer').with_content('bar') }
+ it { is_expected.to contain_file('/etc/systemd/system/first.timer') }
+ it { is_expected.to contain_file('/etc/systemd/system/second.timer') }
+ it { is_expected.to have_systemd__timer_resource_count(2) }
+ it { is_expected.to have_systemd__unit_file_resource_count(2) }
+ end
+ context 'when passing tmpfiles' do
+ let :params do
+ {
+ tmpfiles: { 'first_tmpfile.conf' => { 'content' => 'foo' }, 'second_tmpfile.conf' => { 'content' => 'bar' }, },
+ }
+ end
+
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_systemd__tmpfile('first_tmpfile.conf').with_content('foo') }
+ it { is_expected.to contain_systemd__tmpfile('second_tmpfile.conf').with_content('bar') }
+ it { is_expected.to contain_file('/etc/tmpfiles.d/first_tmpfile.conf') }
+ it { is_expected.to contain_file('/etc/tmpfiles.d/second_tmpfile.conf') }
+ it { is_expected.to have_systemd__tmpfile_resource_count(2) }
+ end
+ context 'when passing unit_files' do
+ let :params do
+ {
+ unit_files: { 'first.service' => { 'content' => 'foo' }, 'second.service' => { 'content' => 'bar' }, },
+ }
+ end
+
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_systemd__unit_file('first.service').with_content('foo') }
+ it { is_expected.to contain_systemd__unit_file('second.service').with_content('bar') }
+ it { is_expected.to contain_file('/etc/systemd/system/first.service') }
+ it { is_expected.to contain_file('/etc/systemd/system/second.service') }
+ it { is_expected.to have_systemd__unit_file_resource_count(2) }
+ end
context 'when managing Accounting options' do
let :params do
{
manage_accounting: true,
}
end
it { is_expected.to contain_class('systemd::system') }
case facts[:os]['family']
when 'Archlinux'
accounting = %w[DefaultCPUAccounting DefaultIOAccounting DefaultIPAccounting DefaultBlockIOAccounting DefaultMemoryAccounting DefaultTasksAccounting]
when 'Debian'
accounting = %w[DefaultCPUAccounting DefaultBlockIOAccounting DefaultMemoryAccounting]
when 'RedHat'
accounting = %w[DefaultCPUAccounting DefaultBlockIOAccounting DefaultMemoryAccounting DefaultTasksAccounting]
when 'Suse'
accounting = %w[DefaultCPUAccounting DefaultBlockIOAccounting DefaultMemoryAccounting DefaultTasksAccounting]
end
accounting.each do |account|
it { is_expected.to contain_ini_setting(account) }
end
it { is_expected.to compile.with_all_deps }
end
context 'when enabling journald with options' do
let(:params) do
{
manage_journald: true,
journald_settings: {
'Storage' => 'auto',
'MaxRetentionSec' => '5day',
'MaxLevelStore' => {
'ensure' => 'absent',
},
},
}
end
it { is_expected.to compile.with_all_deps }
it {
is_expected.to contain_service('systemd-journald').with(
ensure: 'running'
)
}
it { is_expected.to have_ini_setting_resource_count(3) }
it {
is_expected.to contain_ini_setting('Storage').with(
path: '/etc/systemd/journald.conf',
section: 'Journal',
notify: 'Service[systemd-journald]',
value: 'auto'
)
}
it {
is_expected.to contain_ini_setting('MaxRetentionSec').with(
path: '/etc/systemd/journald.conf',
section: 'Journal',
notify: 'Service[systemd-journald]',
value: '5day'
)
}
it {
is_expected.to contain_ini_setting('MaxLevelStore').with(
path: '/etc/systemd/journald.conf',
section: 'Journal',
notify: 'Service[systemd-journald]',
ensure: 'absent'
)
}
end
context 'when disabling journald' do
let(:params) do
{
manage_journald: false,
}
end
it { is_expected.to compile.with_all_deps }
it { is_expected.not_to contain_service('systemd-journald') }
end
context 'when disabling udevd management' do
let(:params) do
{
manage_udevd: false,
}
end
it { is_expected.to compile.with_all_deps }
it { is_expected.not_to contain_service('systemd-udevd') }
it { is_expected.not_to contain_file('/etc/udev/udev.conf') }
end
context 'when working with udevd and no custom rules' do
let(:params) do
{
manage_udevd: true,
udev_log: 'daemon',
udev_children_max: 1,
udev_exec_delay: 2,
udev_event_timeout: 3,
udev_resolve_names: 'early',
udev_timeout_signal: 'SIGKILL',
}
end
it { is_expected.to compile.with_all_deps }
it {
is_expected.to contain_service('systemd-udevd').
with(enable: true,
ensure: 'running')
}
it {
is_expected.to contain_file('/etc/udev/udev.conf').
with(ensure: 'file',
owner: 'root',
group: 'root',
mode: '0444').
with_content(%r{^udev_log=daemon$}).
with_content(%r{^children_max=1$}).
with_content(%r{^exec_delay=2$}).
with_content(%r{^event_timeout=3$}).
with_content(%r{^resolve_names=early$}).
with_content(%r{^timeout_signal=SIGKILL$})
}
end
context 'when working with udevd and a rule set' do
let(:params) do
{
manage_udevd: true,
udev_log: 'daemon',
udev_children_max: 1,
udev_exec_delay: 2,
udev_event_timeout: 3,
udev_resolve_names: 'early',
udev_timeout_signal: 'SIGKILL',
udev_rules: { 'example_raw.rules' => {
'rules' => [
'# I am a comment',
'ACTION=="add", KERNEL=="sda", RUN+="/bin/raw /dev/raw/raw1 %N"',
'ACTION=="add", KERNEL=="sdb", RUN+="/bin/raw /dev/raw/raw2 %N"',
],
} },
}
end
it { is_expected.to compile.with_all_deps }
it {
is_expected.to contain_service('systemd-udevd').
with(enable: true,
ensure: 'running')
}
it {
is_expected.to contain_file('/etc/udev/udev.conf').
with(ensure: 'file',
owner: 'root',
group: 'root',
mode: '0444').
with_content(%r{^udev_log=daemon$}).
with_content(%r{^children_max=1$}).
with_content(%r{^exec_delay=2$}).
with_content(%r{^event_timeout=3$}).
with_content(%r{^resolve_names=early$}).
with_content(%r{^timeout_signal=SIGKILL$})
}
it {
is_expected.to contain_systemd__udev__rule('example_raw.rules').
with(rules: [
'# I am a comment',
'ACTION=="add", KERNEL=="sda", RUN+="/bin/raw /dev/raw/raw1 %N"',
'ACTION=="add", KERNEL=="sdb", RUN+="/bin/raw /dev/raw/raw2 %N"',
])
}
end
context 'when enabling logind with options' do
let(:params) do
{
manage_logind: true,
logind_settings: {
'HandleSuspendKey' => 'ignore',
'KillUserProcesses' => 'no',
'KillExcludeUsers' => %w[a b],
'RemoveIPC' => {
'ensure' => 'absent',
},
'UserTasksMax' => '10000',
},
loginctl_users: {
'foo' => { 'linger' => 'enabled' },
},
}
end
it { is_expected.to compile.with_all_deps }
it {
is_expected.to contain_service('systemd-logind').with(
ensure: 'running'
)
}
it { is_expected.to have_ini_setting_resource_count(5) }
it {
is_expected.to contain_ini_setting('HandleSuspendKey').with(
path: '/etc/systemd/logind.conf',
section: 'Login',
notify: 'Service[systemd-logind]',
value: 'ignore'
)
}
it {
is_expected.to contain_ini_setting('KillUserProcesses').with(
path: '/etc/systemd/logind.conf',
section: 'Login',
notify: 'Service[systemd-logind]',
value: 'no'
)
}
it {
is_expected.to contain_ini_setting('KillExcludeUsers').with(
path: '/etc/systemd/logind.conf',
section: 'Login',
notify: 'Service[systemd-logind]',
value: 'a b'
)
}
it {
is_expected.to contain_ini_setting('RemoveIPC').with(
path: '/etc/systemd/logind.conf',
section: 'Login',
notify: 'Service[systemd-logind]',
ensure: 'absent'
)
}
it {
is_expected.to contain_ini_setting('UserTasksMax').with(
path: '/etc/systemd/logind.conf',
section: 'Login',
notify: 'Service[systemd-logind]',
value: '10000'
)
}
it { is_expected.to contain_loginctl_user('foo').with(linger: 'enabled') }
end
context 'when passing dropin_files' do
let(:params) do
{
dropin_files: {
'my-foo.conf' => {
'unit' => 'foo.service',
'content' => '[Service]\nReadWritePaths=/',
},
},
}
end
it { is_expected.to contain_systemd__dropin_file('my-foo.conf').with_content('[Service]\nReadWritePaths=/') }
end
context 'with managed networkd directory' do
let :params do
{
manage_networkd: true,
manage_all_network_files: true
}
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('systemd::networkd') }
it { is_expected.to contain_file('/etc/systemd/network').with_ensure('directory') }
end
end
end
end
end