diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,21 @@
 # Changelog
 
+## [23.0.0](https://github.com/theforeman/puppet-foreman_proxy/tree/23.0.0) (2022-08-04)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/22.1.3...23.0.0)
+
+**Breaking changes:**
+
+- Refs [\#35184](https://projects.theforeman.org/issues/35184) - Drop puppetca\_http\_api provider [\#768](https://github.com/theforeman/puppet-foreman_proxy/pull/768) ([ekohl](https://github.com/ekohl))
+- Drop EL7 support [\#767](https://github.com/theforeman/puppet-foreman_proxy/pull/767) ([ekohl](https://github.com/ekohl))
+- drop support for Debian 10 Buster [\#766](https://github.com/theforeman/puppet-foreman_proxy/pull/766) ([evgeni](https://github.com/evgeni))
+
+**Implemented enhancements:**
+
+- Use modern networking facts & correct data types on IPs [\#764](https://github.com/theforeman/puppet-foreman_proxy/pull/764) ([ekohl](https://github.com/ekohl))
+- Update to voxpupuli-test 5 [\#763](https://github.com/theforeman/puppet-foreman_proxy/pull/763) ([ekohl](https://github.com/ekohl))
+- add foreman::shell param [\#742](https://github.com/theforeman/puppet-foreman_proxy/pull/742) ([jhoblitt](https://github.com/jhoblitt))
+
 ## [22.1.3](https://github.com/theforeman/puppet-foreman_proxy/tree/22.1.3) (2022-05-11)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman_proxy/compare/22.1.2...22.1.3)

diff --git a/Gemfile b/Gemfile
@@ -13,7 +13,7 @@ gem 'puppet-lint-param-docs', '>= 1.3.0', {"groups"=>["test"]}
 gem 'puppet-lint-spaceship_operator_without_tag-check', {"groups"=>["test"]}
 gem 'puppet-lint-strict_indent-check', {"groups"=>["test"]}
 gem 'puppet-lint-undef_in_function-check', {"groups"=>["test"]}
-gem 'voxpupuli-test', '~> 1.4', {"groups"=>["test"]}
+gem 'voxpupuli-test', '~> 5.0', {"groups"=>["test"]}
 gem 'github_changelog_generator', '>= 1.15.0', {"groups"=>["development"]}
 gem 'puppet_metadata', '~> 1.3'
 gem 'puppet-blacksmith', '>= 6.0.0', {"groups"=>["development"]}

diff --git a/README.md b/README.md
@@ -12,6 +12,7 @@ Part of the Foreman installer: <https://github.com/theforeman/foreman-installer>
 
 | Module version | Proxy versions | Notes                                               |
 |----------------|----------------|-----------------------------------------------------|
+| 23.x           | 3.4 and newer  | See compatibility notes in its README for 3.1-3.3   |
 | 22.x           | 3.3 and newer  | See compatibility notes in its README for 3.1-3.3   |
 | 21.x           | 3.1 and 3.2    |                                                     |
 | 20.x           | 3.1 and 3.2    | See compatibility notes in its README for 2.3-3.0   |
@@ -26,6 +27,7 @@ Part of the Foreman installer: <https://github.com/theforeman/foreman-installer>
 | 2.x            | 1.5 - 1.10     |                                                     |
 | 1.x            | 1.4 and older  |                                                     |
 
+ * 23.x dropped EL7 support. 3.1 and newer work on EL8.
  * 22.x renamed foreman_proxy::plugin::remote_execution::ssh to foreman_proxy::plugin::remote_execution::script as the feature within the plugin has changed from SSH to Script.
  * 20.x started to register as a Smart Proxy host. This requires Foreman 3.1. When using an older Foreman, set `$register_in_foreman` to false. This does require manual registration then.
  * 18.x switched to running `smart_proxy_dynflow` as part of `foreman-proxy` service by default. On EL* distributions and Foreman < 2.5, `foreman_proxy::plugin::dynflow::external_core` needs to be explicitly set to `true`.

diff --git a/manifests/config.pp b/manifests/config.pp
@@ -1,7 +1,6 @@
 # @summary Configure the foreman proxy
 # @api private
 class foreman_proxy::config {
-
   # Ensure SSL certs from the puppetmaster are available
   # Relationship is duplicated there as defined() is parse-order dependent
   if $foreman_proxy::ssl and defined(Class['puppet::server::config']) {
@@ -90,7 +89,11 @@
   contain foreman_proxy::module::puppetca
   foreman_proxy::provider { ['puppetca_hostname_whitelisting', 'puppetca_token_whitelisting']:
   }
-  foreman_proxy::provider { ['puppetca_http_api', 'puppetca_puppet_cert']:
+  foreman_proxy::provider { 'puppetca_http_api':
+  }
+  # Foreman Proxy 3.4 dropped puppetca_puppet_cert
+  foreman_proxy::provider { 'puppetca_puppet_cert':
+    ensure => absent,
   }
 
   contain foreman_proxy::module::realm
@@ -105,29 +108,8 @@
 
   contain foreman_proxy::module::registration
 
-  if $foreman_proxy::puppetca or $foreman_proxy::puppet {
-    $uses_sudo = $foreman_proxy::puppetca and versioncmp($facts['puppetversion'], '6.0') < 0
-
-    if $foreman_proxy::use_sudoersd {
-      if $uses_sudo and $foreman_proxy::manage_sudoersd {
-        ensure_resource('file', "${foreman_proxy::sudoers}.d", {'ensure' => 'directory'})
-      }
-
-      file { "${foreman_proxy::sudoers}.d/foreman-proxy":
-        ensure  => bool2str($uses_sudo, 'file', 'absent'),
-        owner   => 'root',
-        group   => 0,
-        mode    => '0440',
-        content => template('foreman_proxy/sudo.erb'),
-      }
-    } elsif $foreman_proxy::use_sudoers {
-      augeas { 'sudo-foreman-proxy':
-        context => "/files${foreman_proxy::sudoers}",
-        changes => template('foreman_proxy/sudo_augeas.erb'),
-      }
-    }
-  } else {
-    # The puppet-agent (puppet 4 AIO package) doesn't create a puppet user and group
+  unless $foreman_proxy::puppetca or $foreman_proxy::puppet {
+    # The puppet-agent doesn't create a puppet user and group
     # but the foreman proxy still needs to be able to read the agent's private key
     if $foreman_proxy::manage_puppet_group and $foreman_proxy::ssl {
       if !defined(Group[$foreman_proxy::puppet_group]) {

diff --git a/manifests/globals.pp b/manifests/globals.pp
@@ -15,11 +15,15 @@
 # @param tftp_syslinux_filenames
 #   Syslinux files to install on TFTP (full paths)
 #
+# @param shell
+#   Shell of foreman-proxy user
+#
 class foreman_proxy::globals (
   Optional[String] $user = undef,
   Optional[String] $group = undef,
   Optional[Stdlib::Absolutepath] $dir = undef,
   Enum['latest', 'present', 'installed', 'absent'] $plugin_version = 'installed',
   Optional[Array[Stdlib::Absolutepath]] $tftp_syslinux_filenames = undef,
+  Optional[Stdlib::Absolutepath] $shell = undef,
 ) {
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -48,13 +48,6 @@
 #
 # $trusted_hosts::              Only hosts listed will be permitted, empty array to disable authorization
 #
-# $manage_sudoersd::            Whether to manage File['/etc/sudoers.d'] or not.  When reusing this module, this may be
-#                               disabled to let a dedicated sudo module manage it instead.
-#
-# $use_sudoersd::               Add a file to /etc/sudoers.d (true).
-#
-# $use_sudoers::                Add contents to /etc/sudoers (true). This is ignored if $use_sudoersd is true.
-#
 # $puppetca::                   Enable Puppet CA feature
 #
 # $puppetca_listen_on::         Protocols for the Puppet CA feature to listen on
@@ -65,8 +58,6 @@
 #
 # $puppetdir::                  Puppet var directory
 #
-# $puppetca_cmd::               Puppet CA command to be allowed in sudoers
-#
 # $puppet_group::               Groups of Foreman proxy user
 #
 # $autosignfile::               Hostname-Whitelisting only: Location of puppets autosign.conf
@@ -308,14 +299,10 @@
   Array[String] $trusted_hosts = $foreman_proxy::params::trusted_hosts,
   Array[String] $ssl_disabled_ciphers = [],
   Array[String] $tls_disabled_versions = [],
-  Boolean $manage_sudoersd = true,
-  Boolean $use_sudoersd = true,
-  Boolean $use_sudoers = true,
   Boolean $puppetca = true,
   Foreman_proxy::ListenOn $puppetca_listen_on = 'https',
   Stdlib::Absolutepath $ssldir = $foreman_proxy::params::ssldir,
   Stdlib::Absolutepath $puppetdir = $foreman_proxy::params::puppetdir,
-  String $puppetca_cmd = $foreman_proxy::params::puppetca_cmd,
   String $puppet_group = 'puppet',
   String $puppetca_provider = 'puppetca_hostname_whitelisting',
   Stdlib::Absolutepath $autosignfile = $foreman_proxy::params::autosignfile,
@@ -360,12 +347,12 @@
   Array[String] $dhcp_additional_interfaces = [],
   Optional[String] $dhcp_gateway = undef,
   Variant[Undef, Boolean, String] $dhcp_range = undef,
-  Optional[String] $dhcp_pxeserver = undef,
+  Optional[Stdlib::IP::Address::V4::Nosubnet] $dhcp_pxeserver = undef,
   String $dhcp_pxefilename = 'pxelinux.0',
   Optional[String[1]] $dhcp_ipxefilename = undef,
   Boolean $dhcp_ipxe_bootstrap = false,
-  Optional[String] $dhcp_network = undef,
-  Optional[String] $dhcp_netmask = undef,
+  Optional[Stdlib::IP::Address::V4::Nosubnet] $dhcp_network = undef,
+  Optional[Stdlib::IP::Address::V4::Nosubnet] $dhcp_netmask = undef,
   String $dhcp_nameservers = 'default',
   String $dhcp_server = '127.0.0.1',
   Stdlib::Absolutepath $dhcp_config = $foreman_proxy::params::dhcp_config,
@@ -376,12 +363,12 @@
   Optional[String] $dhcp_peer_address = undef,
   Enum['standalone', 'primary', 'secondary'] $dhcp_node_type = 'standalone',
   Optional[String] $dhcp_failover_address = $foreman_proxy::params::dhcp_failover_address,
-  Optional[Stdlib::Port] $dhcp_failover_port = 519,
-  Optional[Integer[0]] $dhcp_max_response_delay = 30,
-  Optional[Integer[0]] $dhcp_max_unacked_updates = 10,
-  Optional[Integer[0]] $dhcp_mclt = 300,
-  Optional[Integer[0, 255]] $dhcp_load_split = 255,
-  Optional[Integer[0]] $dhcp_load_balance = 3,
+  Stdlib::Port $dhcp_failover_port = 519,
+  Integer[0] $dhcp_max_response_delay = 30,
+  Integer[0] $dhcp_max_unacked_updates = 10,
+  Integer[0] $dhcp_mclt = 300,
+  Integer[0, 255] $dhcp_load_split = 255,
+  Integer[0] $dhcp_load_balance = 3,
   Boolean $dhcp_manage_acls = $foreman_proxy::params::dhcp_manage_acls,
   Boolean $dns = false,
   Foreman_proxy::ListenOn $dns_listen_on = 'https',

diff --git a/manifests/install.pp b/manifests/install.pp
@@ -1,7 +1,7 @@
 # @summary Install the foreman proxy
 # @api private
 class foreman_proxy::install {
-  package {'foreman-proxy':
+  package { 'foreman-proxy':
     ensure => $foreman_proxy::version,
   }
 

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -5,16 +5,12 @@
 
   case $facts['os']['family'] {
     'RedHat': {
-      if versioncmp($facts['os']['release']['major'], '7') <= 0 {
-        $ruby_package_prefix = 'tfm-rubygem-'
-      } else {
-        $ruby_package_prefix = 'rubygem-'
-      }
+      $ruby_package_prefix = 'rubygem-'
       $plugin_prefix = "${ruby_package_prefix}smart_proxy_"
 
       $dir   = pick($foreman_proxy::globals::dir, '/usr/share/foreman-proxy')
       $etc   = '/etc'
-      $shell = '/bin/false'
+      $shell = pick($foreman_proxy::globals::shell, '/bin/false')
       $user  = pick($foreman_proxy::globals::user, 'foreman-proxy')
       $group = pick($foreman_proxy::globals::group, 'foreman-proxy')
 
@@ -25,34 +21,24 @@
       $keyfile  = '/etc/rndc.key'
       $nsupdate = 'bind-utils'
 
-      if versioncmp($facts['os']['release']['major'], '7') <= 0 {
-        $_tftp_syslinux_filenames = [
-          '/usr/share/syslinux/chain.c32',
-          '/usr/share/syslinux/mboot.c32',
-          '/usr/share/syslinux/menu.c32',
-          '/usr/share/syslinux/memdisk',
-          '/usr/share/syslinux/pxelinux.0',
-        ]
-      } else {
-        $_tftp_syslinux_filenames = [
-          '/usr/share/syslinux/chain.c32',
-          '/usr/share/syslinux/ldlinux.c32',
-          '/usr/share/syslinux/libcom32.c32',
-          '/usr/share/syslinux/libutil.c32',
-          '/usr/share/syslinux/mboot.c32',
-          '/usr/share/syslinux/menu.c32',
-          '/usr/share/syslinux/memdisk',
-          '/usr/share/syslinux/pxelinux.0',
-        ]
-      }
+      $_tftp_syslinux_filenames = [
+        '/usr/share/syslinux/chain.c32',
+        '/usr/share/syslinux/ldlinux.c32',
+        '/usr/share/syslinux/libcom32.c32',
+        '/usr/share/syslinux/libutil.c32',
+        '/usr/share/syslinux/mboot.c32',
+        '/usr/share/syslinux/menu.c32',
+        '/usr/share/syslinux/memdisk',
+        '/usr/share/syslinux/pxelinux.0',
+      ]
     }
     'Debian': {
       $ruby_package_prefix = 'ruby-'
       $plugin_prefix = "${ruby_package_prefix}smart-proxy-"
 
       $dir   = pick($foreman_proxy::globals::dir, '/usr/share/foreman-proxy')
       $etc   = '/etc'
-      $shell = '/bin/false'
+      $shell = pick($foreman_proxy::globals::shell, '/bin/false')
       $user  = pick($foreman_proxy::globals::user, 'foreman-proxy')
       $group = pick($foreman_proxy::globals::group, 'foreman-proxy')
 
@@ -80,7 +66,7 @@
 
       $dir   = pick($foreman_proxy::globals::dir, '/usr/local/share/foreman-proxy')
       $etc   = '/usr/local/etc'
-      $shell = '/usr/bin/false'
+      $shell = pick($foreman_proxy::globals::shell, '/usr/bin/false')
       $user  = pick($foreman_proxy::globals::user, 'foreman_proxy')
       $group = pick($foreman_proxy::globals::group, 'foreman_proxy')
 
@@ -144,13 +130,10 @@
   # Only hosts listed will be permitted, empty array to disable authorization
   $trusted_hosts = [$lower_fqdn]
 
-  $sudoers = "${etc}/sudoers"
-
   # puppet settings
   $puppet_url = "https://${facts['networking']['fqdn']}:8140"
 
   # puppetca settings
-  $puppetca_cmd = "${puppet_cmd} cert"
   $autosignfile = "${puppetdir}/autosign.conf"
 
   # Template settings
@@ -166,7 +149,7 @@
   } else {
     $dhcp_option_domain  = []
   }
-  $dhcp_failover_address = fact('ipaddress')
+  $dhcp_failover_address = fact('networking.ip')
 
   # DNS settings - requires optional DNS puppet module
   $dns_interface      = pick(fact('networking.primary'), 'eth0')

diff --git a/manifests/plugin.pp b/manifests/plugin.pp
@@ -6,9 +6,9 @@
 # @param package
 #   The package to install. Underscores are replaced with dashes on Debian
 #
-define foreman_proxy::plugin(
-  $version = $foreman_proxy::params::plugin_version,
-  $package = "${foreman_proxy::params::plugin_prefix}${title}",
+define foreman_proxy::plugin (
+  String[1] $version = $foreman_proxy::params::plugin_version,
+  String[1] $package = "${foreman_proxy::params::plugin_prefix}${title}",
 ) {
   # Debian gem2deb converts underscores to hyphens
   case $facts['os']['family'] {

diff --git a/manifests/plugin/ansible.pp b/manifests/plugin/ansible.pp
@@ -62,7 +62,7 @@
   $foreman_ssl_ca = pick($foreman_proxy::foreman_ssl_ca, $foreman_proxy::ssl_ca)
   $proxy_url = $foreman_proxy::real_registered_proxy_url
 
-  file {"${foreman_proxy::config_dir}/ansible.cfg":
+  file { "${foreman_proxy::config_dir}/ansible.cfg":
     ensure  => file,
     content => template('foreman_proxy/plugin/ansible.cfg.erb'),
     owner   => 'root',

diff --git a/manifests/plugin/ansible/params.pp b/manifests/plugin/ansible/params.pp
@@ -27,7 +27,7 @@
       } else {
         $callback = 'foreman'
       }
-      $manage_runner_repo = true
+      $manage_runner_repo = false
       $runner_package_name = 'python3-ansible-runner'
     }
     default: {

diff --git a/manifests/plugin/ansible/runner.pp b/manifests/plugin/ansible/runner.pp
@@ -4,19 +4,12 @@
 #
 # $package_name:: Name of the package to install to provide 'ansible-runner' command
 #
-class foreman_proxy::plugin::ansible::runner(
+class foreman_proxy::plugin::ansible::runner (
   Boolean $manage_runner_repo = $foreman_proxy::plugin::ansible::manage_runner_repo,
   String  $package_name = $foreman_proxy::plugin::ansible::runner_package_name,
 ) {
-
   if $manage_runner_repo {
     case $facts['os']['family'] {
-      'Debian': {
-        include apt
-        apt::source { 'ansible-runner':
-          ensure  => absent,
-        }
-      }
       'RedHat': {
         yumrepo { 'ansible-runner':
           descr    => 'Ansible runner',
@@ -36,5 +29,4 @@
   package { $package_name:
     ensure => 'installed',
   }
-
 }
diff --git a/manifests/plugin/discovery.pp b/manifests/plugin/discovery.pp
@@ -20,15 +20,15 @@
   Stdlib::HTTPUrl $source_url = $foreman_proxy::plugin::discovery::params::source_url,
   String $image_name = $foreman_proxy::plugin::discovery::params::image_name,
 ) inherits foreman_proxy::plugin::discovery::params {
-  foreman_proxy::plugin {'discovery':
+  foreman_proxy::plugin { 'discovery':
   }
 
   foreman_proxy::feature { 'Discovery': }
 
   if $install_images {
     $tftp_root_clean = regsubst($tftp_root, '/$', '')
 
-    foreman_proxy::remote_file {"${tftp_root_clean}/boot/${image_name}":
+    foreman_proxy::remote_file { "${tftp_root_clean}/boot/${image_name}":
       remote_location => "${source_url}${image_name}",
       mode            => '0644',
     } ~> exec { "untar ${image_name}":

diff --git a/manifests/plugin/dns/powerdns.pp b/manifests/plugin/dns/powerdns.pp
@@ -7,8 +7,8 @@
 #   The REST API key
 #
 class foreman_proxy::plugin::dns::powerdns (
+  String $rest_api_key,
   Stdlib::HTTPUrl $rest_url = 'http://localhost:8081/api/v1/servers/localhost',
-  String $rest_api_key = '', # lint:ignore:empty_string_assignment
 ) {
   foreman_proxy::plugin::provider { 'dns_powerdns':
   }

diff --git a/manifests/plugin/pulp.pp b/manifests/plugin/pulp.pp
@@ -32,8 +32,7 @@
   Array[String[1], 1] $client_authentication = ['client_certificate'],
   Stdlib::HTTPUrl $rhsm_url = $foreman_proxy::plugin::pulp::params::rhsm_url,
 ) inherits foreman_proxy::plugin::pulp::params {
-
-  foreman_proxy::plugin {'pulp':
+  foreman_proxy::plugin { 'pulp':
     version => $version,
   }
   -> [

diff --git a/manifests/plugin/remote_execution/script.pp b/manifests/plugin/remote_execution/script.pp
@@ -79,5 +79,4 @@
   }
 
   Class['foreman_proxy::config'] ~> Class['foreman_proxy::plugin::remote_execution::mosquitto']
-
 }