.github/workflows/ci.yml

@@ -19,5 +19,3 @@ jobs:
   puppet:
     name: Puppet
     uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v2
-    with:
-      pidfile_workaround: 'false'

.msync.yml

@@ -2,4 +2,4 @@
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-modulesync_config_version: '7.5.0'
+modulesync_config_version: '8.0.1'

.overcommit.yml

@@ -43,10 +43,12 @@ PreCommit:
     enabled: true
     description: 'Runs rubocop on modified files only'
     command: ['bundle', 'exec', 'rubocop']
-  PuppetLint:
+  RakeTarget:
     enabled: true
-    description: 'Runs puppet-lint on modified files only'
-    command: ['bundle', 'exec', 'puppet-lint']
+    description: 'Runs lint on modified files only'
+    targets:
+      - 'lint'
+    command: ['bundle', 'exec', 'rake']
   YamlSyntax:
     enabled: true
   JsonSyntax:

CHANGELOG.md

@@ -4,7 +4,23 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
-## [v7.0.0](https://github.com/voxpupuli/puppet-systemd/tree/v7.0.0) (2024-04-23)
+## [v7.1.0](https://github.com/voxpupuli/puppet-systemd/tree/v7.1.0) (2024-06-03)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-systemd/compare/v7.0.0...v7.1.0)
+
+**Implemented enhancements:**
+
+- add MemoryDenyWriteExecute to Systemd::Unit::Service type [\#465](https://github.com/voxpupuli/puppet-systemd/pull/465) ([TheMeier](https://github.com/TheMeier))
+- Allow setting a specific package name for systemd-oomd [\#464](https://github.com/voxpupuli/puppet-systemd/pull/464) ([jcpunk](https://github.com/jcpunk))
+- Add support for timezone and hardware clock [\#462](https://github.com/voxpupuli/puppet-systemd/pull/462) ([jcpunk](https://github.com/jcpunk))
+- fix typo in service\_limits deprecation message [\#460](https://github.com/voxpupuli/puppet-systemd/pull/460) ([saz](https://github.com/saz))
+- fix: refresh service only based on drop-in file changes [\#406](https://github.com/voxpupuli/puppet-systemd/pull/406) ([shieldwed](https://github.com/shieldwed))
+
+**Merged pull requests:**
+
+- Update README to reflect service\_limits is deprecated [\#461](https://github.com/voxpupuli/puppet-systemd/pull/461) ([ekohl](https://github.com/ekohl))
+
+## [v7.0.0](https://github.com/voxpupuli/puppet-systemd/tree/v7.0.0) (2024-04-26)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-systemd/compare/v6.6.0...v7.0.0)
 
@@ -39,7 +55,6 @@ These should not affect the functionality of the module.
 **Closed issues:**
 
 - Service not enabled on systemd::timer [\#391](https://github.com/voxpupuli/puppet-systemd/issues/391)
-- Add documentation about user services [\#381](https://github.com/voxpupuli/puppet-systemd/issues/381)
 - create systemd::path [\#370](https://github.com/voxpupuli/puppet-systemd/issues/370)
 - create services/timers for users [\#328](https://github.com/voxpupuli/puppet-systemd/issues/328)
 

Gemfile

@@ -4,10 +4,10 @@
 source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 
 group :test do
-  gem 'voxpupuli-test', '~> 7.0',   :require => false
+  gem 'voxpupuli-test', '~> 7.2',   :require => false
   gem 'coveralls',                  :require => false
   gem 'simplecov-console',          :require => false
-  gem 'puppet_metadata', '~> 3.5',  :require => false
+  gem 'puppet_metadata', '~> 4.0',  :require => false
 end
 
 group :development do

README.md

@@ -280,7 +280,8 @@ systemd::timer { 'daily.timer':
 
 ### service limits
 
-Manage soft and hard limits on various resources for executed processes.
+It's possible to ensure soft and hard limits on various resources for executed processes.
+Previously `systemd::service_limits` was provided, but this is deprecated and will be removed in the next version.
 
 ```puppet
 systemd::service_limits { 'foo.service':
@@ -291,14 +292,21 @@ systemd::service_limits { 'foo.service':
 }
 ```
 
-Or provide the configuration file yourself. Systemd reloading and restarting of the service are handled by the module.
+The replacement is to use the `systemd::manage_dropin` defined type directly.
+To migrate from the above example, use the following:
 
 ```puppet
-systemd::service_limits { 'foo.service':
-  source => "puppet:///modules/${module_name}/foo.conf",
+systemd::manage_dropin { 'foo.service-90-limits.conf':
+  unit     => 'foo.service',
+  filename => '90-limits.conf',
+  limits   => {
+    'LimitNOFILE' => 8192,
+    'LimitNPROC'  => 16384,
+  },
 }
 ```
 
+
 ### machine-info (hostnamectl)
 
 You can set elements of `/etc/machine-info` via the `machine_info_settings` parameter.  These values are read by `hostnamectl`.

REFERENCE.md

@@ -23,6 +23,7 @@
 * `systemd::oomd`: This class manages and configures oomd.
 * `systemd::resolved`: This class provides an abstract way to trigger resolved.
 * `systemd::system`: This class provides a solution to enable accounting
+* `systemd::timedatectl`: This class provides an abstract way to set elements with timedatectl
 * `systemd::timesyncd`: This class provides an abstract way to trigger systemd-timesyncd
 * `systemd::udevd`: This class manages systemd's udev config
 
@@ -121,6 +122,8 @@ The following parameters are available in the `systemd` class:
 * [`timesyncd_package`](#-systemd--timesyncd_package)
 * [`ntp_server`](#-systemd--ntp_server)
 * [`fallback_ntp_server`](#-systemd--fallback_ntp_server)
+* [`timezone`](#-systemd--timezone)
+* [`set_local_rtc`](#-systemd--set_local_rtc)
 * [`manage_journald`](#-systemd--manage_journald)
 * [`journald_settings`](#-systemd--journald_settings)
 * [`manage_udevd`](#-systemd--manage_udevd)
@@ -147,6 +150,7 @@ The following parameters are available in the `systemd` class:
 * [`coredump_settings`](#-systemd--coredump_settings)
 * [`coredump_backtrace`](#-systemd--coredump_backtrace)
 * [`manage_oomd`](#-systemd--manage_oomd)
+* [`oomd_package`](#-systemd--oomd_package)
 * [`oomd_ensure`](#-systemd--oomd_ensure)
 * [`oomd_settings`](#-systemd--oomd_settings)
 * [`udev_purge_rules`](#-systemd--udev_purge_rules)
@@ -416,6 +420,30 @@ systemd-networkd take precedence over this setting. requires puppetlabs-inifile
 
 Default value: `undef`
 
+##### <a name="-systemd--timezone"></a>`timezone`
+
+Data type: `Optional[String[1]]`
+
+Set the system time zone to the specified value.
+Available timezones can be listed with list-timezones.
+If the RTC is configured to be in the local time, this will also update
+the RTC time. This call will alter the /etc/localtime symlink.
+
+Default value: `undef`
+
+##### <a name="-systemd--set_local_rtc"></a>`set_local_rtc`
+
+Data type: `Optional[Boolean]`
+
+Takes a boolean argument. If "false", the system is configured to maintain
+the RTC in universal time.
+If "true", it will maintain the RTC in local time instead.
+Note that maintaining the RTC in the local timezone is not fully supported
+and will create various problems with time zone changes and daylight saving
+adjustments. If at all possible, keep the RTC in UTC mode.
+
+Default value: `undef`
+
 ##### <a name="-systemd--manage_journald"></a>`manage_journald`
 
 Data type: `Boolean`
@@ -626,6 +654,14 @@ Should systemd-oomd configuration be managed
 
 Default value: `false`
 
+##### <a name="-systemd--oomd_package"></a>`oomd_package`
+
+Data type: `Optional[String[1]]`
+
+Name of the package required for systemd-oomd, if any
+
+Default value: `undef`
+
 ##### <a name="-systemd--oomd_ensure"></a>`oomd_ensure`
 
 Data type: `Enum['stopped','running']`
@@ -2925,6 +2961,7 @@ Struct[{
     Optional['NoNewPrivileges']           => Boolean,
     Optional['LockPersonality']           => Boolean,
     Optional['NetworkNamespacePath']      => Stdlib::Unixpath,
+    Optional['MemoryDenyWriteExecute']    => Boolean,
   }]
 ```
 

data/RedHat-family-9.yaml

@@ -1,5 +1,6 @@
 ---
 systemd::resolved_package: 'systemd-resolved'
+systemd::oomd_package: 'systemd-oomd'
 
 systemd::accounting:
   DefaultCPUAccounting: 'yes'

manifests/dropin_file.pp

@@ -81,15 +81,15 @@
     File[$full_filename] ~> Service <| title == $unit or name == $unit |>
 
     if $daemon_reload {
-      Systemd::Daemon_reload[$unit] ~> Service <| title == $unit or name == $unit |>
+      Systemd::Daemon_reload[$unit] -> Service <| title == $unit or name == $unit |>
     }
 
     if $unit =~ /\.service$/ {
       $short_service_name = regsubst($unit, /\.service$/, '')
       File[$full_filename] ~> Service <| title == $short_service_name or name == $short_service_name |>
 
       if $daemon_reload {
-        Systemd::Daemon_reload[$unit] ~> Service <| title == $short_service_name or name == $short_service_name |>
+        Systemd::Daemon_reload[$unit] -> Service <| title == $short_service_name or name == $short_service_name |>
       }
     }
   }

manifests/init.pp

@@ -112,6 +112,20 @@
 #   as the fallback NTP servers. Any per-interface NTP servers obtained from
 #   systemd-networkd take precedence over this setting. requires puppetlabs-inifile
 #
+# @param timezone
+#   Set the system time zone to the specified value.
+#   Available timezones can be listed with list-timezones.
+#   If the RTC is configured to be in the local time, this will also update
+#   the RTC time. This call will alter the /etc/localtime symlink.
+#
+# @param set_local_rtc
+#   Takes a boolean argument. If "false", the system is configured to maintain
+#   the RTC in universal time.
+#   If "true", it will maintain the RTC in local time instead.
+#   Note that maintaining the RTC in the local timezone is not fully supported
+#   and will create various problems with time zone changes and daylight saving
+#   adjustments. If at all possible, keep the RTC in UTC mode.
+#
 # @param manage_journald
 #   Manage the systemd journald
 #
@@ -191,6 +205,9 @@
 # @param manage_oomd
 #   Should systemd-oomd configuration be managed
 #
+# @param oomd_package
+#   Name of the package required for systemd-oomd, if any
+#
 # @param oomd_ensure
 #   The state that the ``oomd`` service should be in
 #
@@ -230,6 +247,8 @@
   Optional[String[1]]                                 $timesyncd_package = undef,
   Optional[Variant[Array,String]]                     $ntp_server = undef,
   Optional[Variant[Array,String]]                     $fallback_ntp_server = undef,
+  Optional[Boolean]                                   $set_local_rtc = undef,
+  Optional[String[1]]                                 $timezone = undef,
   Boolean                                             $manage_accounting = false,
   Boolean                                             $purge_dropin_dirs = true,
   Boolean                                             $manage_journald = true,
@@ -257,6 +276,7 @@
   Systemd::CoredumpSettings                           $coredump_settings = {},
   Boolean                                             $coredump_backtrace = false,
   Boolean                                             $manage_oomd = false,
+  Optional[String[1]]                                 $oomd_package = undef,
   Enum['stopped','running']                           $oomd_ensure = 'running',
   Systemd::OomdSettings                               $oomd_settings = {},
   Boolean                                             $udev_purge_rules = false,
@@ -313,6 +333,8 @@
     Class['systemd::install'] -> Class['systemd::networkd']
   }
 
+  contain systemd::timedatectl
+
   if $manage_timesyncd and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-timesyncd.service'] {
     contain systemd::timesyncd
   }

manifests/install.pp

@@ -8,6 +8,12 @@
     }
   }
 
+  if $systemd::manage_oomd and $systemd::oomd_package {
+    package { $systemd::oomd_package:
+      ensure => present,
+    }
+  }
+
   if $systemd::manage_resolved and $systemd::resolved_package {
     package { $systemd::resolved_package:
       ensure => present,

manifests/service_limits.pp

@@ -74,7 +74,7 @@
       }
     }.reduce | $_memo, $_value | { $_memo + $_value }
 
-    deprecation("systemd::servicelimits - ${title}",'systemd::servicelimits is deprecated, use systemd::manage_dropin')
+    deprecation("systemd::service_limits - ${title}",'systemd::service_limits is deprecated, use systemd::manage_dropin')
     systemd::manage_dropin { "${name}-90-limits.conf":
       ensure                  => $ensure,
       unit                    => $name,
@@ -85,7 +85,7 @@
       notify_service          => true,
     }
   } else {
-    deprecation("systemd::servicelimits ${title}",'systemd::servicelimits is deprecated, use systemd::dropin_file or systemd::manage_dropin')
+    deprecation("systemd::service_limits ${title}",'systemd::service_limits is deprecated, use systemd::dropin_file or systemd::manage_dropin')
     systemd::dropin_file { "${name}-90-limits.conf":
       ensure                  => $ensure,
       unit                    => $name,

manifests/timedatectl.pp

@@ -0,0 +1,46 @@
+# @api private
+#
+# @summary This class provides an abstract way to set elements with timedatectl
+#
+# @param set_local_rtc
+# Takes a boolean argument. If "false", the system is configured to maintain
+# the RTC in universal time.
+# If "true", it will maintain the RTC in local time instead.
+# Note that maintaining the RTC in the local timezone is not fully supported
+# and will create various problems with time zone changes and daylight saving
+# adjustments. If at all possible, keep the RTC in UTC mode.
+#
+# @param timezone
+# Set the system time zone to the specified value.
+# Available timezones can be listed with list-timezones.
+# If the RTC is configured to be in the local time, this will also update
+# the RTC time. This call will alter the /etc/localtime symlink.
+class systemd::timedatectl (
+  Optional[Boolean] $set_local_rtc = $systemd::set_local_rtc,
+  Optional[String[1]] $timezone = $systemd::timezone,
+) {
+  assert_private()
+
+  if $timezone {
+    exec { 'set system timezone':
+      command => "timedatectl set-timezone ${timezone}",
+      unless  => "test $(timedatectl show --property Timezone --value) = ${timezone}",
+      path    => $facts['path'],
+    }
+  }
+
+  # if $set_local_rtc is undef, this remains unmanaged
+  if $set_local_rtc {
+    exec { 'set local hardware clock to local time':
+      command => 'timedatectl set-local-rtc 1',
+      onlyif  => 'test $(timedatectl show --property LocalRTC --value) = no',
+      path    => $facts['path'],
+    }
+  } elsif $set_local_rtc == false {
+    exec { 'set local hardware clock to UTC time':
+      command => 'timedatectl set-local-rtc 0',
+      unless  => 'test $(timedatectl show --property LocalRTC --value) = no',
+      path    => $facts['path'],
+    }
+  }
+}

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppet-systemd",
-  "version": "7.0.0",
+  "version": "7.1.0",
   "author": "Vox Pupuli",
   "summary": "Puppet Systemd module",
   "license": "Apache-2.0",