Skip to content

Commit 3bc83ce

Browse files
kenyonkenyon
authored
Merge pull request #582 from DarthRL/reorder-service-options
Reorder service options to match upstream documentation
2 parents a23fefd + f3285bb commit 3bc83ce

File tree

2 files changed

+142
-138
lines changed

2 files changed

+142
-138
lines changed

REFERENCE.md

Lines changed: 71 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -5779,13 +5779,7 @@ Alias of
57795779

57805780
```puppet
57815781
Struct[{
5782-
Optional['AmbientCapabilities'] => Variant[Pattern[/^CAP_[A-Z_]+$/],Array[Pattern[/^CAP_[A-Z_]+$/],1]],
5783-
Optional['UMask'] => String[3,4],
5784-
Optional['User'] => String[1],
5785-
Optional['Group'] => String[1],
5786-
Optional['DynamicUser'] => Boolean,
5787-
Optional['SupplementaryGroups'] => Variant[String[0],Array[String[0],1]],
5788-
Optional['WorkingDirectory'] => String[0],
5782+
# Options from systemd.service
57895783
Optional['Type'] => Enum['simple', 'exec', 'forking', 'oneshot', 'dbus', 'notify', 'idle'],
57905784
Optional['ExitType'] => Enum['main', 'cgroup'],
57915785
Optional['RemainAfterExit'] => Boolean,
@@ -5801,28 +5795,6 @@ Struct[{
58015795
Optional['ExecStopPost'] => Variant[Systemd::Unit::Service::Exec,Array[Systemd::Unit::Service::Exec,1]],
58025796
Optional['KillSignal'] => Pattern[/^SIG[A-Z]+$/],
58035797
Optional['KillMode'] => Enum['control-group', 'mixed', 'process', 'none'],
5804-
Optional['Nice'] => Variant[String[0,0],Integer[-20,19]],
5805-
Optional['CPUSchedulingPolicy'] => Enum['','batch','fifo','idle','other','rr'],
5806-
Optional['IOSchedulingClass'] => Enum['','realtime','best-effort','idle'],
5807-
Optional['IOSchedulingPriority'] => Variant[String[0,0],Integer[0,7]],
5808-
Optional['SyslogIdentifier'] => String,
5809-
Optional['LogLevelMax'] => Enum['emerg','alert','crit','err','warning','notice','info','debug'],
5810-
Optional['LimitCPU'] => Pattern['^\d+(s|m|h|d|w|M|y)?(:\d+(s|m|h|d|w|M|y)?)?$'],
5811-
Optional['LimitFSIZE'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5812-
Optional['LimitDATA'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5813-
Optional['LimitSTACK'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5814-
Optional['LimitCORE'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5815-
Optional['LimitRSS'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5816-
Optional['LimitNOFILE'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$']],
5817-
Optional['LimitAS'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5818-
Optional['LimitNPROC'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$']],
5819-
Optional['LimitMEMLOCK'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5820-
Optional['LimitLOCKS'] => Integer[1],
5821-
Optional['LimitSIGPENDING'] => Integer[1],
5822-
Optional['LimitMSGQUEUE'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5823-
Optional['LimitNICE'] => Variant[Integer[0,40], Pattern['^(-\+([0-1]?[0-9]|20))|([0-3]?[0-9]|40)$']],
5824-
Optional['LimitRTPRIO'] => Integer[0],
5825-
Optional['LimitRTTIME'] => Pattern['^\d+(ms|s|m|h|d|w|M|y)?(:\d+(ms|s|m|h|d|w|M|y)?)?$'],
58265798
Optional['CPUAccounting'] => Boolean,
58275799
Optional['CPUShares'] => Integer[2,262144],
58285800
Optional['StartupCPUShares'] => Integer[2,262144],
@@ -5866,66 +5838,96 @@ Struct[{
58665838
Optional['NonBlocking'] => Boolean,
58675839
Optional['NotifyAccess'] => Enum['none', 'default', 'main', 'exec', 'all'],
58685840
Optional['OOMPolicy'] => Enum['continue', 'stop','kill'],
5841+
# Options from systemd.exec
5842+
Optional['WorkingDirectory'] => String[0],
5843+
Optional['RootDirectory'] => Stdlib::Unixpath,
5844+
Optional['RootImage'] => Stdlib::Unixpath,
5845+
Optional['RootImageOptions'] => String,
5846+
Optional['RootEphemeral'] => Boolean,
5847+
Optional['RootHash'] => String,
5848+
Optional['ProtectProc'] => Enum['noaccess', 'invisible', 'ptraceable', 'default'],
5849+
Optional['BindPaths'] => Variant[Stdlib::Unixpath,Pattern[/-\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/-\/.+/]],1]],
5850+
Optional['BindReadOnlyPaths'] => Variant[Stdlib::Unixpath,Pattern[/-\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/-\/.+/]],1]],
5851+
Optional['User'] => String[1],
5852+
Optional['Group'] => String[1],
5853+
Optional['DynamicUser'] => Boolean,
5854+
Optional['SupplementaryGroups'] => Variant[String[0],Array[String[0],1]],
5855+
Optional['SetLoginEnvironment'] => Boolean,
5856+
Optional['PAMName'] => String,
5857+
Optional['CapabilityBoundingSet'] => Variant[String, Array[String]],
5858+
Optional['AmbientCapabilities'] => Variant[Pattern[/^CAP_[A-Z_]+$/],Array[Pattern[/^CAP_[A-Z_]+$/],1]],
5859+
Optional['NoNewPrivileges'] => Boolean,
5860+
Optional['LimitCPU'] => Pattern['^\d+(s|m|h|d|w|M|y)?(:\d+(s|m|h|d|w|M|y)?)?$'],
5861+
Optional['LimitFSIZE'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5862+
Optional['LimitDATA'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5863+
Optional['LimitSTACK'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5864+
Optional['LimitCORE'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5865+
Optional['LimitRSS'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5866+
Optional['LimitNOFILE'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$']],
5867+
Optional['LimitAS'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5868+
Optional['LimitNPROC'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$']],
5869+
Optional['LimitMEMLOCK'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5870+
Optional['LimitLOCKS'] => Integer[1],
5871+
Optional['LimitSIGPENDING'] => Integer[1],
5872+
Optional['LimitMSGQUEUE'] => Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'],
5873+
Optional['LimitNICE'] => Variant[Integer[0,40], Pattern['^(-\+([0-1]?[0-9]|20))|([0-3]?[0-9]|40)$']],
5874+
Optional['LimitRTPRIO'] => Integer[0],
5875+
Optional['LimitRTTIME'] => Pattern['^\d+(ms|s|m|h|d|w|M|y)?(:\d+(ms|s|m|h|d|w|M|y)?)?$'],
5876+
Optional['UMask'] => String[3,4],
58695877
Optional['OOMScoreAdjust'] => Integer[-1000,1000],
5870-
Optional['Environment'] => Variant[String[0],Array[String[1],1]],
5871-
Optional['EnvironmentFile'] => Variant[
5872-
Stdlib::Unixpath,Pattern[/-\/.+/],
5873-
Array[Variant[Stdlib::Unixpath,Pattern[/-\/.+/]],1],
5874-
],
5875-
Optional['StandardOutput'] => Variant[Enum['inherit','null','tty','journal','kmsg','journal+console','kmsg+console','socket'],Pattern[/\A(file:|append:|truncate:).+$\z/]],
5876-
Optional['StandardError'] => Variant[Enum['inherit','null','tty','journal','kmsg','journal+console','kmsg+console','socket'],Pattern[/\A(file:|append:|truncate:).+$\z/]],
5877-
Optional['StandardInput'] => Variant[Enum['null','tty','tty-force','tty-fail','data','socket'], Pattern[/\A(file:|fd:).+$\z/]],
5878-
Optional['PrivateTmp'] => Boolean,
5878+
Optional['Nice'] => Variant[String[0,0],Integer[-20,19]],
5879+
Optional['CPUSchedulingPolicy'] => Enum['','batch','fifo','idle','other','rr'],
5880+
Optional['IOSchedulingClass'] => Enum['','realtime','best-effort','idle'],
5881+
Optional['IOSchedulingPriority'] => Variant[String[0,0],Integer[0,7]],
5882+
Optional['ProtectSystem'] => Variant[Boolean, Enum['full', 'strict']],
5883+
Optional['ProtectHome'] => Variant[Boolean, Enum['read-only', 'tmpfs']],
58795884
Optional['RuntimeDirectory'] => String,
5880-
Optional['RuntimeDirectoryMode'] => Stdlib::Filemode,
58815885
Optional['StateDirectory'] => String,
58825886
Optional['LogsDirectory'] => String,
5887+
Optional['RuntimeDirectoryMode'] => Stdlib::Filemode,
58835888
Optional['LogsDirectoryMode'] => Stdlib::Filemode,
5884-
Optional['LogRateLimitIntervalSec'] => Variant[Pattern[/^[0-9]+(s|min|h|ms|us)?$/]],
5885-
Optional['LogRateLimitBurst'] => Variant[Integer[0], Pattern[/^[0-9]+$/]],
5886-
Optional['ProtectSystem'] => Variant[Boolean, Enum['full', 'strict']],
5887-
Optional['ProtectHome'] => Variant[Boolean, Enum['read-only', 'tmpfs']],
5888-
Optional['BindPaths'] => Variant[Stdlib::Unixpath,Pattern[/-\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/-\/.+/]],1]],
5889-
Optional['BindReadOnlyPaths'] => Variant[Stdlib::Unixpath,Pattern[/-\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/-\/.+/]],1]],
58905889
Optional['ReadWritePaths'] => Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/]],1]],
58915890
Optional['ReadOnlyPaths'] => Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/]],1]],
58925891
Optional['InaccessiblePaths'] => Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/]],1]],
58935892
Optional['ExecPaths'] => Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/]],1]],
58945893
Optional['NoExecPaths'] => Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/]],1]],
5894+
Optional['PrivateTmp'] => Boolean,
58955895
Optional['PrivateDevices'] => Boolean,
58965896
Optional['PrivateNetwork'] => Boolean,
5897+
Optional['NetworkNamespacePath'] => Stdlib::Unixpath,
58975898
Optional['PrivateIPC'] => Boolean,
58985899
Optional['PrivatePIDs'] => Boolean,
5899-
Optional['PrivateBPF'] => Boolean,
5900-
Optional['PrivateMounts'] => Boolean,
5901-
Optional['RemoveIPC'] => Boolean,
5902-
Optional['ProtectKernelModules'] => Boolean,
5900+
Optional['PrivateUsers'] => Boolean,
5901+
Optional['ProtectHostname'] => Boolean,
5902+
Optional['ProtectClock'] => Boolean,
59035903
Optional['ProtectKernelTunables'] => Boolean,
5904+
Optional['ProtectKernelModules'] => Boolean,
5905+
Optional['ProtectKernelLogs'] => Boolean,
59045906
Optional['ProtectControlGroups'] => Boolean,
5905-
Optional['RestrictRealtime'] => Boolean,
59065907
Optional['RestrictAddressFamilies'] => Variant[Enum['AF_UNIX', 'AF_INET', 'AF_INET6', 'AF_NETLINK', 'none'], Array[Enum['AF_UNIX', 'AF_INET', 'AF_INET6', 'AF_NETLINK', 'none']]],
59075908
Optional['RestrictNamespaces'] => Variant[Boolean, Enum['ipc', 'net', 'mnt', 'pid', 'user', 'uts', 'cgroup'], Array[Enum['ipc', 'net', 'mnt', 'pid', 'user', 'uts', 'cgroup']]],
5908-
Optional['SystemCallArchitectures'] => Variant[String, Array[String]],
5909-
Optional['SystemCallFilter'] => Variant[String, Array[String]],
5910-
Optional['SystemCallErrorNumber'] => String,
5911-
Optional['ProtectClock'] => Boolean,
5912-
Optional['PrivateUsers'] => Boolean,
5913-
Optional['ProtectKernelLogs'] => Boolean,
5914-
Optional['ProtectProc'] => Enum['noaccess', 'invisible', 'ptraceable', 'default'],
5915-
Optional['ProtectHostname'] => Boolean,
5916-
Optional['RestrictSUIDSGID'] => Boolean,
5917-
Optional['CapabilityBoundingSet'] => Variant[String, Array[String]],
5918-
Optional['NoNewPrivileges'] => Boolean,
5909+
Optional['PrivateBPF'] => Boolean,
59195910
Optional['LockPersonality'] => Boolean,
5920-
Optional['NetworkNamespacePath'] => Stdlib::Unixpath,
59215911
Optional['MemoryDenyWriteExecute'] => Boolean,
5922-
Optional['PAMName'] => String,
5923-
Optional['SetLoginEnvironment'] => Boolean,
5924-
Optional['RootImage'] => Stdlib::Unixpath,
5925-
Optional['RootImageOptions'] => String,
5926-
Optional['RootEphemeral'] => Boolean,
5927-
Optional['RootHash'] => String,
5928-
Optional['RootDirectory'] => Stdlib::Unixpath,
5912+
Optional['RestrictRealtime'] => Boolean,
5913+
Optional['RestrictSUIDSGID'] => Boolean,
5914+
Optional['RemoveIPC'] => Boolean,
5915+
Optional['PrivateMounts'] => Boolean,
5916+
Optional['SystemCallFilter'] => Variant[String, Array[String]],
5917+
Optional['SystemCallErrorNumber'] => String,
5918+
Optional['SystemCallArchitectures'] => Variant[String, Array[String]],
5919+
Optional['Environment'] => Variant[String[0],Array[String[1],1]],
5920+
Optional['EnvironmentFile'] => Variant[
5921+
Stdlib::Unixpath,Pattern[/-\/.+/],
5922+
Array[Variant[Stdlib::Unixpath,Pattern[/-\/.+/]],1],
5923+
],
5924+
Optional['StandardInput'] => Variant[Enum['null','tty','tty-force','tty-fail','data','socket'], Pattern[/\A(file:|fd:).+$\z/]],
5925+
Optional['StandardOutput'] => Variant[Enum['inherit','null','tty','journal','kmsg','journal+console','kmsg+console','socket'],Pattern[/\A(file:|append:|truncate:).+$\z/]],
5926+
Optional['StandardError'] => Variant[Enum['inherit','null','tty','journal','kmsg','journal+console','kmsg+console','socket'],Pattern[/\A(file:|append:|truncate:).+$\z/]],
5927+
Optional['LogLevelMax'] => Enum['emerg','alert','crit','err','warning','notice','info','debug'],
5928+
Optional['LogRateLimitIntervalSec'] => Variant[Pattern[/^[0-9]+(s|min|h|ms|us)?$/]],
5929+
Optional['LogRateLimitBurst'] => Variant[Integer[0], Pattern[/^[0-9]+$/]],
5930+
Optional['SyslogIdentifier'] => String,
59295931
Optional['LoadCredential'] => Variant[String[0],Array[String[0],1]],
59305932
Optional['LoadCredentialEncrypted'] => Variant[String[0],Array[String[0],1]],
59315933
Optional['SetCredential'] => Variant[String[0],Array[String[0],1]],

0 commit comments

Comments
 (0)