diff --git a/REFERENCE.md b/REFERENCE.md
index 9f063ea..31041e9 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -15,6 +15,12 @@
 * `hdm::docker`: A short summary of the purpose of this class
 * `hdm::puppet_ruby`: A short summary of the purpose of this class
 
+### Data types
+
+* [`Hdm::Gitdata`](#hdmgitdata): type to enforce git settings for HDM
+* [`Hdm::Ldap_settings`](#hdmldap_settings): type to enforce ldap settings for HDM
+* [`Hdm::Puppetdb`](#hdmpuppetdb): type to enforce puppetdb settings for HDM
+
 ## Classes
 
 ### <a name="hdm"></a>`hdm`
@@ -95,7 +101,7 @@ Default value: `3000`
 
 ##### <a name="bind_ip"></a>`bind_ip`
 
-Data type: `String[1]`
+Data type: `Stdlib::IP::Address::Nosubnet`
 
 The ip address to bind the process to
 
@@ -143,7 +149,7 @@ Default value: `'hdm'`
 
 ##### <a name="puppetdb_settings"></a>`puppetdb_settings`
 
-Data type: `Hash`
+Data type: `Hdm::Puppetdb`
 
 A hash to provide information on how
 HDM can connect to puppetdb
@@ -159,6 +165,7 @@ Using PE token:
   {
     'server'           => 'https://localhost:8081',
     'token'            => '/etc/hdm/puppetdb.token',
+    'cacert'           => '<path to cacert>',
   }
 ```
 Using SSL cert:
@@ -209,7 +216,7 @@ Default value: ``true``
 
 ##### <a name="git_data"></a>`git_data`
 
-Data type: `Array`
+Data type: `Hdm::Gitdata`
 
 Configure several settings related to the option
 to modify data via Webfrontend. WARNING!! untested!!
@@ -229,7 +236,7 @@ Default value: `[]`
 
 ##### <a name="ldap_settings"></a>`ldap_settings`
 
-Data type: `Hash`
+Data type: `Hdm::Ldap_settings`
 
 Config for LDAP integration
 Needs the following Hash:
@@ -254,3 +261,59 @@ want HDM to not use hiera.yaml.
 
 Default value: `'hiera.yaml'`
 
+## Data types
+
+### <a name="hdmgitdata"></a>`Hdm::Gitdata`
+
+type to enforce git settings for HDM
+
+Alias of
+
+```puppet
+Array[Optional[Struct[
+    {
+      datadir                => Stdlib::Unixpath,
+      git_url                => String[1],
+      path_in_repo           => String[1],
+      Optional[ssh_priv_key] => String[1],
+    }
+  ]]]
+```
+
+### <a name="hdmldap_settings"></a>`Hdm::Ldap_settings`
+
+type to enforce ldap settings for HDM
+
+Alias of
+
+```puppet
+Struct[{
+    Optional[host]             => Stdlib::Host,
+    Optional[port]             => Stdlib::Port,
+    Optional[base_dn]          => String[1],
+    Optional[bind_dn]          => String[1],
+    Optional[bind_dn_password] => String[1],
+  }]
+```
+
+### <a name="hdmpuppetdb"></a>`Hdm::Puppetdb`
+
+type to enforce puppetdb settings for HDM
+
+Alias of
+
+```puppet
+Struct[{
+    server           => Stdlib::Httpurl,
+    Optional[pem]    => Struct[
+      {
+        key     => Stdlib::Unixpath,
+        cert    => Stdlib::Unixpath,
+        ca_file => Stdlib::Unixpath,
+      }
+    ],
+    Optional[token]  => Stdlib::Unixpath,
+    Optional[cacert] => Stdlib::Unixpath,
+  }]
+```
+
diff --git a/manifests/init.pp b/manifests/init.pp
index 4e9494b..faf452a 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -46,6 +46,7 @@
 #     {
 #       'server'           => 'https://localhost:8081',
 #       'token'            => '/etc/hdm/puppetdb.token',
+#       'cacert'           => '<path to cacert>',
 #     }
 #   ```
 #   Using SSL cert:
@@ -110,19 +111,19 @@
   Boolean                       $manage_docker         = true,
   String[1]                     $version               = 'main',
   Stdlib::Port                  $port                  = 3000,
-  String[1]                     $bind_ip               = '0.0.0.0',
+  Stdlib::IP::Address::Nosubnet $bind_ip               = '0.0.0.0',
   String[1]                     $hostname              = $facts['networking']['fqdn'],
   Stdlib::Unixpath              $hdm_path              = '/etc/hdm',
   String[1]                     $user                  = 'hdm',
   String[1]                     $group                 = 'hdm',
   String[1]                     $git_url               = 'https://github.com/betadots/hdm.git',
-  Hash                          $puppetdb_settings     = { 'server' => 'http://localhost:8080', },
+  Hdm::Puppetdb                 $puppetdb_settings     = { 'server' => 'http://localhost:8080', },
   Stdlib::Unixpath              $puppet_code_dir       = '/etc/puppetlabs/code',
   String[1]                     $hdm_hiera_config_file = 'hiera.yaml',
   Boolean                       $allow_encryption      = false,
   Boolean                       $read_only             = true,
-  Array                         $git_data              = [],
-  Hash                          $ldap_settings         = {},
+  Hdm::Gitdata                  $git_data              = [],
+  Hdm::Ldap_settings            $ldap_settings         = {},
 ) {
   case $method {
     'docker': {
diff --git a/types/gitdata.pp b/types/gitdata.pp
new file mode 100644
index 0000000..fe54f90
--- /dev/null
+++ b/types/gitdata.pp
@@ -0,0 +1,11 @@
+# @summary type to enforce git settings for HDM
+type Hdm::Gitdata = Array[
+ Optional[Struct[
+    {
+      datadir                => Stdlib::Unixpath,
+      git_url                => String[1],
+      path_in_repo           => String[1],
+      Optional[ssh_priv_key] => String[1],
+    }
+  ]]
+]
diff --git a/types/ldap_settings.pp b/types/ldap_settings.pp
new file mode 100644
index 0000000..a1b7eb2
--- /dev/null
+++ b/types/ldap_settings.pp
@@ -0,0 +1,10 @@
+# @summary type to enforce ldap settings for HDM
+type Hdm::Ldap_settings = Struct[
+  {
+    Optional[host]             => Stdlib::Host,
+    Optional[port]             => Stdlib::Port,
+    Optional[base_dn]          => String[1],
+    Optional[bind_dn]          => String[1],
+    Optional[bind_dn_password] => String[1],
+  }
+]
diff --git a/types/puppetdb.pp b/types/puppetdb.pp
new file mode 100644
index 0000000..fc1173d
--- /dev/null
+++ b/types/puppetdb.pp
@@ -0,0 +1,15 @@
+# @summary type to enforce puppetdb settings for HDM
+type Hdm::Puppetdb = Struct[
+  {
+    server           => Stdlib::Httpurl,
+    Optional[pem]    => Struct[
+      {
+        key     => Stdlib::Unixpath,
+        cert    => Stdlib::Unixpath,
+        ca_file => Stdlib::Unixpath,
+      }
+    ],
+    Optional[token]  => Stdlib::Unixpath,
+    Optional[cacert] => Stdlib::Unixpath,
+  }
+]