Allow to manage systemd unit and service separately

Options added: * manage_systemd_unit * manage_service * service_name * service_ensure * service_enable
voxpupuli · Nov 30, 2024 · 4f859fb · 4f859fb
1 parent 965961e
commit 4f859fb
Show file tree

Hide file tree

Showing 4 changed files with 130 additions and 21 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -72,11 +72,16 @@ The following parameters are available in the `caddy` class:
 * [`caddy_architecture`](#-caddy--caddy_architecture)
 * [`caddy_account_id`](#-caddy--caddy_account_id)
 * [`caddy_api_key`](#-caddy--caddy_api_key)
+* [`manage_systemd_unit`](#-caddy--manage_systemd_unit)
 * [`systemd_limit_processes`](#-caddy--systemd_limit_processes)
 * [`systemd_private_devices`](#-caddy--systemd_private_devices)
 * [`systemd_capability_bounding_set`](#-caddy--systemd_capability_bounding_set)
 * [`systemd_ambient_capabilities`](#-caddy--systemd_ambient_capabilities)
 * [`systemd_no_new_privileges`](#-caddy--systemd_no_new_privileges)
+* [`manage_service`](#-caddy--manage_service)
+* [`service_name`](#-caddy--service_name)
+* [`service_ensure`](#-caddy--service_ensure)
+* [`service_enable`](#-caddy--service_enable)
 
 ##### <a name="-caddy--version"></a>`version`
 
@@ -214,6 +219,14 @@ The API key, required for the commercial license.
 
 Default value: `undef`
 
+##### <a name="-caddy--manage_systemd_unit"></a>`manage_systemd_unit`
+
+Data type: `Boolean`
+
+Whether or not the module should create the systemd unit file.
+
+Default value: `true`
+
 ##### <a name="-caddy--systemd_limit_processes"></a>`systemd_limit_processes`
 
 Data type: `Integer[0]`
@@ -254,6 +267,38 @@ Whether the process and all its children can gain new privileges through execve(
 
 Default value: `undef`
 
+##### <a name="-caddy--manage_service"></a>`manage_service`
+
+Data type: `Boolean`
+
+Whether or not the module should manage the service.
+
+Default value: `true`
+
+##### <a name="-caddy--service_name"></a>`service_name`
+
+Data type: `String[1]`
+
+Customise the name of the system service
+
+Default value: `'caddy'`
+
+##### <a name="-caddy--service_ensure"></a>`service_ensure`
+
+Data type: `Stdlib::Ensure::Service`
+
+Whether the service should be running or stopped
+
+Default value: `'running'`
+
+##### <a name="-caddy--service_enable"></a>`service_enable`
+
+Data type: `Boolean`
+
+Whether the service should be enabled or disabled
+
+Default value: `true`
+
 ## Defined types
 
 ### <a name="caddy--vhost"></a>`caddy::vhost`

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -66,6 +66,9 @@
 # @param caddy_api_key
 #   The API key, required for the commercial license.
 #
+# @param manage_systemd_unit
+#   Whether or not the module should create the systemd unit file.
+#
 # @param systemd_limit_processes
 #   The number of processes.
 #
@@ -81,6 +84,18 @@
 # @param systemd_no_new_privileges
 #   Whether the process and all its children can gain new privileges through execve().
 #
+# @param manage_service
+#   Whether or not the module should manage the service.
+#
+# @param service_name
+#   Customise the name of the system service
+#
+# @param service_ensure
+#   Whether the service should be running or stopped
+#
+# @param service_enable
+#   Whether the service should be enabled or disabled
+#
 class caddy (
   String[1]                      $version                         = '2.0.0',
   Optional[Enum['github']]       $install_method                  = undef,
@@ -99,11 +114,16 @@
   String[1]                      $caddy_architecture              = $facts['os']['architecture'],
   Optional[String[1]]            $caddy_account_id                = undef,
   Optional[String[1]]            $caddy_api_key                   = undef,
+  Boolean                        $manage_systemd_unit             = true,
   Integer[0]                     $systemd_limit_processes         = 64,
   Boolean                        $systemd_private_devices         = true,
   Optional[String[1]]            $systemd_capability_bounding_set = undef,
   String[1]                      $systemd_ambient_capabilities    = 'CAP_NET_BIND_SERVICE',
   Optional[Boolean]              $systemd_no_new_privileges       = undef,
+  Boolean                        $manage_service                  = true,
+  String[1]                      $service_name                    = 'caddy',
+  Stdlib::Ensure::Service        $service_ensure                  = 'running',
+  Boolean                        $service_enable                  = true,
 ) {
   case $caddy_architecture {
     'x86_64', 'amd64': { $arch = 'amd64' }

diff --git a/manifests/service.pp b/manifests/service.pp
@@ -6,23 +6,34 @@
 class caddy::service {
   assert_private()
 
-  systemd::unit_file { 'caddy.service':
-    enable  => true,
-    active  => true,
-    content => epp('caddy/etc/systemd/system/caddy.service.epp',
-      {
-        install_path                    => $caddy::install_path,
-        caddy_user                      => $caddy::caddy_user,
-        caddy_group                     => $caddy::caddy_group,
-        caddy_log_dir                   => $caddy::caddy_log_dir,
-        caddy_ssl_dir                   => $caddy::caddy_ssl_dir,
-        caddy_home                      => $caddy::caddy_home,
-        systemd_limit_processes         => $caddy::systemd_limit_processes,
-        systemd_private_devices         => $caddy::systemd_private_devices,
-        systemd_capability_bounding_set => $caddy::systemd_capability_bounding_set,
-        systemd_ambient_capabilities    => $caddy::systemd_ambient_capabilities,
-        systemd_no_new_privileges       => $caddy::systemd_no_new_privileges,
-      }
-    ),
+  if $caddy::manage_systemd_unit {
+    systemd::unit_file { "${caddy::service_name}.service":
+      content => epp('caddy/etc/systemd/system/caddy.service.epp',
+        {
+          install_path                    => $caddy::install_path,
+          caddy_user                      => $caddy::caddy_user,
+          caddy_group                     => $caddy::caddy_group,
+          caddy_log_dir                   => $caddy::caddy_log_dir,
+          caddy_ssl_dir                   => $caddy::caddy_ssl_dir,
+          caddy_home                      => $caddy::caddy_home,
+          systemd_limit_processes         => $caddy::systemd_limit_processes,
+          systemd_private_devices         => $caddy::systemd_private_devices,
+          systemd_capability_bounding_set => $caddy::systemd_capability_bounding_set,
+          systemd_ambient_capabilities    => $caddy::systemd_ambient_capabilities,
+          systemd_no_new_privileges       => $caddy::systemd_no_new_privileges,
+        }
+      ),
+    }
+  }
+
+  if $caddy::manage_service {
+    service { $caddy::service_name:
+      ensure => $caddy::service_ensure,
+      enable => $caddy::service_enable,
+    }
+
+    if $caddy::manage_systemd_unit {
+      Systemd::Unit_file["${caddy::service_name}.service"] ~> Service[$caddy::service_name]
+    }
   }
 }
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -130,12 +130,12 @@
         it do
           is_expected.to contain_systemd__unit_file('caddy.service').with(
             'content' => %r{User=caddy}
-          )
+          ).that_notifies('Service[caddy]')
         end
 
         it do
-          is_expected.to contain_service('caddy.service').with(
-            'ensure' => true,
+          is_expected.to contain_service('caddy').with(
+            'ensure' => 'running',
             'enable' => true
           )
         end
@@ -195,6 +195,39 @@
         it { is_expected.not_to contain_group('caddy') }
         it { is_expected.to contain_user('caddy').that_requires(nil) }
       end
+
+      context 'with manage_systemd_unit => false' do
+        let(:params) { { manage_systemd_unit: false } }
+
+        it { is_expected.not_to contain_systemd__unit_file('caddy.service') }
+        it { is_expected.to contain_service('caddy').that_subscribes_to(nil) }
+      end
+
+      context 'with manage_service => false' do
+        let(:params) { { manage_service: false } }
+
+        it { is_expected.to contain_systemd__unit_file('caddy.service').that_notifies(nil) }
+        it { is_expected.not_to contain_service('caddy') }
+      end
+
+      context 'with service_name => custom' do
+        let(:params) { { service_name: 'custom' } }
+
+        it { is_expected.to contain_systemd__unit_file('custom.service') }
+        it { is_expected.to contain_service('custom') }
+      end
+
+      context 'with service_ensure => stopped' do
+        let(:params) { { service_ensure: 'stopped' } }
+
+        it { is_expected.to contain_service('caddy').with_ensure('stopped') }
+      end
+
+      context 'with service_enable => false' do
+        let(:params) { { service_enable: false } }
+
+        it { is_expected.to contain_service('caddy').with_enable(false) }
+      end
     end
   end
 end