From d3bfa1dcd5cf667a1b315a57925304cca1865604 Mon Sep 17 00:00:00 2001
From: Evgeni Golov <evgeni@golov.de>
Date: Fri, 3 Nov 2023 08:50:53 +0100
Subject: [PATCH] set PrivateTmp=true for puppetserver

---
 manifests/server/puppetserver.pp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp
index 6be222fa..72ec6270 100644
--- a/manifests/server/puppetserver.pp
+++ b/manifests/server/puppetserver.pp
@@ -214,6 +214,13 @@
         unit     => 'puppetserver.service',
         content  => "[Service]\nLimitNOFILE=${max_open_files}\n",
       }
+
+      systemd::dropin_file { 'puppetserver.service-privatetmp.conf':
+        ensure   => present,
+        filename => 'privatetmp.conf',
+        unit     => 'puppetserver.service',
+        content  => "[Service]\nPrivateTmp=true\n",
+      }
     } else {
       file_line { 'puppet::server::puppetserver::max_open_files':
         ensure => $ensure_max_open_files,