diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,21 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v3.2.0](https://github.com/voxpupuli/puppet-systemd/tree/v3.2.0) (2021-07-27)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-systemd/compare/v3.1.0...v3.2.0)
+
+**Implemented enhancements:**
+
+- Add option to purge non-managed networkd files [\#209](https://github.com/voxpupuli/puppet-systemd/pull/209) ([bastelfreak](https://github.com/bastelfreak))
+- Allow `systemd::unit_file` `Deferred` `content` [\#208](https://github.com/voxpupuli/puppet-systemd/pull/208) ([alexjfisher](https://github.com/alexjfisher))
+- systemd::network: Validate if content/source are set for file resource [\#205](https://github.com/voxpupuli/puppet-systemd/pull/205) ([bastelfreak](https://github.com/bastelfreak))
+
+**Merged pull requests:**
+
+- Add puppet-strings documentation for systemd::network [\#207](https://github.com/voxpupuli/puppet-systemd/pull/207) ([bastelfreak](https://github.com/bastelfreak))
+- Fix `Optional` datatype for non-optional parameters [\#206](https://github.com/voxpupuli/puppet-systemd/pull/206) ([bastelfreak](https://github.com/bastelfreak))
+
 ## [v3.1.0](https://github.com/voxpupuli/puppet-systemd/tree/v3.1.0) (2021-07-12)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-systemd/compare/3.0.0...v3.1.0)

diff --git a/REFERENCE.md b/REFERENCE.md
@@ -88,6 +88,8 @@ The following parameters are available in the `systemd` class:
 * [`logind_settings`](#logind_settings)
 * [`loginctl_users`](#loginctl_users)
 * [`dropin_files`](#dropin_files)
+* [`manage_all_network_files`](#manage_all_network_files)
+* [`network_path`](#network_path)
 * [`manage_accounting`](#manage_accounting)
 * [`accounting`](#accounting)
 * [`purge_dropin_dirs`](#purge_dropin_dirs)
@@ -309,6 +311,18 @@ Configure dropin files via hiera with factory pattern
 
 Default value: `{}`
 
+##### <a name="manage_all_network_files"></a>`manage_all_network_files`
+
+Data type: `Boolean`
+
+
+
+##### <a name="network_path"></a>`network_path`
+
+Data type: `Stdlib::Absolutepath`
+
+where all networkd files are placed in
+
 ##### <a name="manage_accounting"></a>`manage_accounting`
 
 Data type: `Boolean`
@@ -395,7 +409,7 @@ Default value: `'/etc/systemd/system'`
 
 ##### <a name="selinux_ignore_defaults"></a>`selinux_ignore_defaults`
 
-Data type: `Optional[Boolean]`
+Data type: `Boolean`
 
 If Puppet should ignore the default SELinux labels.
 
@@ -516,79 +530,79 @@ The following parameters are available in the `systemd::network` defined type:
 
 Data type: `Enum['file', 'absent']`
 
-
+configure if the file should be configured or deleted
 
 Default value: `file`
 
 ##### <a name="path"></a>`path`
 
 Data type: `Stdlib::Absolutepath`
 
-
+directory where the network configs are stored
 
 Default value: `'/etc/systemd/network'`
 
 ##### <a name="content"></a>`content`
 
 Data type: `Optional[String]`
 
-
+the content of the file
 
 Default value: ``undef``
 
 ##### <a name="source"></a>`source`
 
 Data type: `Optional[String]`
 
-
+a path to a file that's used as source
 
 Default value: ``undef``
 
 ##### <a name="target"></a>`target`
 
 Data type: `Optional[Stdlib::Absolutepath]`
 
-
+optional absolute path  in case the file should be stored somewhere else
 
 Default value: ``undef``
 
 ##### <a name="owner"></a>`owner`
 
 Data type: `String`
 
-
+the user who owns the file
 
 Default value: `'root'`
 
 ##### <a name="group"></a>`group`
 
 Data type: `String`
 
-
+the group that owns the file
 
 Default value: `'root'`
 
 ##### <a name="mode"></a>`mode`
 
 Data type: `String`
 
-
+the mode of the file
 
 Default value: `'0444'`
 
 ##### <a name="show_diff"></a>`show_diff`
 
 Data type: `Boolean`
 
-
+whether the file diff should be shown on modifications
 
 Default value: ``true``
 
 ##### <a name="restart_service"></a>`restart_service`
 
 Data type: `Boolean`
 
-
+whether systemd-networkd should be restarted on changes, defaults to true. `$systemd::manage_networkd` needs to be true as well
 
 Default value: ``true``
 
@@ -635,7 +649,7 @@ Default value: `'/etc/systemd/system'`
 
 ##### <a name="selinux_ignore_defaults"></a>`selinux_ignore_defaults`
 
-Data type: `Optional[Boolean]`
+Data type: `Boolean`
 
 If Puppet should ignore the default SELinux labels.
 
@@ -929,15 +943,15 @@ Default value: `'/etc/udev/rules.d'`
 
 ##### <a name="selinux_ignore_defaults"></a>`selinux_ignore_defaults`
 
-Data type: `Optional[Boolean]`
+Data type: `Boolean`
 
 If Puppet should ignore the default SELinux labels.
 
 Default value: ``false``
 
 ##### <a name="notify_services"></a>`notify_services`
 
-Data type: `Optional[Variant[Array, String]]`
+Data type: `Variant[Array[String[1]], String[1]]`
 
 List of services to notify when this rule is updated
 
@@ -998,7 +1012,7 @@ Default value: `'/etc/systemd/system'`
 
 ##### <a name="content"></a>`content`
 
-Data type: `Optional[String]`
+Data type: `Optional[Variant[String, Sensitive[String]]]`
 
 The full content of the unit file
 

diff --git a/data/common.yaml b/data/common.yaml
@@ -32,3 +32,5 @@ systemd::udev_timeout_signal: ~
 systemd::udev_resolve_names: ~
 systemd::manage_logind: false
 systemd::logind_settings: {}
+systemd::manage_all_network_files: false
+systemd::network_path: '/etc/systemd/network'
diff --git a/manifests/dropin_file.pp b/manifests/dropin_file.pp
@@ -48,7 +48,7 @@
   Systemd::Dropin                             $filename                = $name,
   Enum['present', 'absent', 'file']           $ensure                  = 'present',
   Stdlib::Absolutepath                        $path                    = '/etc/systemd/system',
-  Optional[Boolean]                           $selinux_ignore_defaults = false,
+  Boolean                                     $selinux_ignore_defaults = false,
   Optional[Variant[String,Sensitive[String]]] $content                 = undef,
   Optional[String]                            $source                  = undef,
   Optional[Stdlib::Absolutepath]              $target                  = undef,

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -112,6 +112,11 @@
 #
 # @param dropin_files
 #   Configure dropin files via hiera with factory pattern
+#
+# @param manage_all_network_files
+#
+# @param network_path
+#   where all networkd files are placed in
 class systemd (
   Hash[String,Hash[String, Any]]                         $service_limits,
   Boolean                                                $manage_resolved,
@@ -146,6 +151,8 @@
   Optional[Variant[Integer,String]]                      $udev_timeout_signal,
   Boolean                                                $manage_logind,
   Systemd::LogindSettings                                $logind_settings,
+  Boolean                                                $manage_all_network_files,
+  Stdlib::Absolutepath                                   $network_path,
   Hash                                                   $loginctl_users = {},
   Hash                                                   $dropin_files = {},
   Hash                                                   $udev_rules = {},

diff --git a/manifests/network.pp b/manifests/network.pp
@@ -1,4 +1,17 @@
 # @summary Creates network config for systemd-networkd
+#
+# @param ensure configure if the file should be configured or deleted
+# @param path directory where the network configs are stored
+# @param content the content of the file
+# @param source a path to a file that's used as source
+# @param target optional absolute path  in case the file should be stored somewhere else
+# @param owner the user who owns the file
+# @param group the group that owns the file
+# @param mode the mode of the file
+# @param show_diff whether the file diff should be shown on modifications
+# @param restart_service whether systemd-networkd should be restarted on changes, defaults to true. `$systemd::manage_networkd` needs to be true as well
+#
+# @author Tim Meusel <tim@bastelfreak.de>
 define systemd::network (
   Enum['file', 'absent']         $ensure          = file,
   Stdlib::Absolutepath           $path            = '/etc/systemd/network',
@@ -19,6 +32,14 @@
     $notify = undef
   }
 
+  if $ensure == 'file' {
+    if $content =~ Undef and $source =~ Undef {
+      fail('Either content or source must be set')
+    }
+    if $content =~ NotUndef and $source =~ NotUndef {
+      fail('Either content or source must be set but not both')
+    }
+  }
   file { "${path}/${name}":
     ensure    => $ensure,
     content   => $content,

diff --git a/manifests/networkd.pp b/manifests/networkd.pp
@@ -1,12 +1,14 @@
 # @api private
 #
-# This class provides an abstract way to trigger systemd-networkd
-#
-# @param ensure
-#   The state that the ``networkd`` service should be in
+# @summary This class provides an abstract way to trigger systemd-networkd
 #
+# @param ensure The state that the ``networkd`` service should be in
+# @param path path where all networkd files are placed in
+# @param manage_all_network_files if enabled, all networkd files that aren't managed by puppet will be purged
 class systemd::networkd (
   Enum['stopped','running'] $ensure = $systemd::networkd_ensure,
+  Stdlib::Absolutepath $path = $systemd::network_path,
+  Boolean $manage_all_network_files = $systemd::manage_all_network_files,
 ) {
   assert_private()
 
@@ -20,4 +22,14 @@
     ensure => $ensure,
     enable => $_enable_networkd,
   }
+  # this directory is created by systemd
+  # we define it here to purge non-managed files
+  if $manage_all_network_files {
+    file { $path:
+      ensure  => 'directory',
+      recurse => true,
+      purge   => true,
+      notify  => Service['systemd-networkd'],
+    }
+  }
 }
diff --git a/manifests/service_limits.pp b/manifests/service_limits.pp
@@ -32,7 +32,7 @@
 define systemd::service_limits (
   Enum['present', 'absent', 'file'] $ensure                  = 'present',
   Stdlib::Absolutepath              $path                    = '/etc/systemd/system',
-  Optional[Boolean]                 $selinux_ignore_defaults = false,
+  Boolean                           $selinux_ignore_defaults = false,
   Optional[Systemd::ServiceLimits]  $limits                  = undef,
   Optional[String]                  $source                  = undef,
   Boolean                           $restart_service         = true

diff --git a/manifests/udev/rule.pp b/manifests/udev/rule.pp
@@ -26,8 +26,8 @@
   Array                             $rules,
   Enum['present', 'absent', 'file'] $ensure                  = 'present',
   Stdlib::Absolutepath              $path                    = '/etc/udev/rules.d',
-  Optional[Variant[Array, String]]  $notify_services         = [],
-  Optional[Boolean]                 $selinux_ignore_defaults = false,
+  Variant[Array[String[1]], String[1]] $notify_services      = [],
+  Boolean                           $selinux_ignore_defaults = false,
 ) {
   include systemd
 

diff --git a/manifests/unit_file.pp b/manifests/unit_file.pp
@@ -1,4 +1,4 @@
-# Creates a systemd unit file
+# @summary Creates a systemd unit file
 #
 # @api public
 #
@@ -52,7 +52,7 @@
 define systemd::unit_file (
   Enum['present', 'absent', 'file']        $ensure    = 'present',
   Stdlib::Absolutepath                     $path      = '/etc/systemd/system',
-  Optional[Variant[String, Sensitive[String]]] $content = undef,
+  Optional[Variant[String, Sensitive[String], Deferred]] $content = undef,
   Optional[String]                         $source    = undef,
   Optional[Stdlib::Absolutepath]           $target    = undef,
   String                                   $owner     = 'root',

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppet-systemd",
-  "version": "3.1.0",
+  "version": "3.2.0",
   "author": "Vox Pupuli",
   "summary": "Puppet Systemd module",
   "license": "Apache-2.0",

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -27,6 +27,7 @@
           it { is_expected.to create_service('systemd-resolved').with_enable(true) }
           it { is_expected.to create_service('systemd-networkd').with_ensure('running') }
           it { is_expected.to create_service('systemd-networkd').with_enable(true) }
+          it { is_expected.not_to contain_file('/etc/systemd/network') }
         end
 
         context 'when enabling resolved with DNS values (string)' do
@@ -439,6 +440,18 @@
 
           it { is_expected.to contain_systemd__dropin_file('my-foo.conf').with_content('[Service]\nReadWritePaths=/') }
         end
+        context 'with managed networkd directory' do
+          let :params do
+            {
+              manage_networkd: true,
+              manage_all_network_files: true
+            }
+          end
+
+          it { is_expected.to compile.with_all_deps }
+          it { is_expected.to contain_class('systemd::networkd') }
+          it { is_expected.to contain_file('/etc/systemd/network').with_ensure('directory') }
+        end
       end
     end
   end

diff --git a/spec/defines/network_spec.rb b/spec/defines/network_spec.rb
@@ -61,6 +61,23 @@
 
           it { is_expected.to create_file("/etc/systemd/network/#{title}").that_notifies('Service[systemd-networkd]') }
         end
+        context 'without content and without source' do
+          let :params do
+            {}
+          end
+
+          it { is_expected.to compile.and_raise_error(%r{Either content or source must be set}) }
+        end
+        context 'with content and source' do
+          let :params do
+            {
+              content: 'bla',
+              source: 'foo'
+            }
+          end
+
+          it { is_expected.to compile.and_raise_error(%r{Either content or source must be set but not both}) }
+        end
       end
     end
   end