From 55977c0dc7522b93bd746bd209afc3ef4b3e6c52 Mon Sep 17 00:00:00 2001
From: Faerbit <faerbit@posteo.net>
Date: Thu, 7 Nov 2024 16:50:21 +0100
Subject: [PATCH] Add support for Un/Mask

---
 main.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/main.py b/main.py
index 806e414..5338add 100755
--- a/main.py
+++ b/main.py
@@ -171,6 +171,27 @@ def write_service_units(args, yaml_dict):
         if "group_add" in service:
             enforce_list("group_add", service)
             unit_file["Container"]["GroupAdd"] = service["group_add"]
+        if "security_opt" in service:
+            enforce_list("security_opt", service)
+            unmask = []
+            mask = []
+            for line in service["security_opt"]:
+                parts = line.split(":")
+                if len(parts) != 2:
+                    abort(f'Can only parts security_opts of form "type:path". Got: {line}')
+                type_ = parts[0]
+                match type_:
+                    case "mask":
+                        mask.append(parts[1])
+                    case "unmask":
+                        unmask.append(parts[1])
+                    case _:
+                        abort(f'security_opt type "{type_}" is not supported"')
+            if mask:
+                unit_file["Container"]["Mask"] = mask
+            if unmask:
+                unit_file["Container"]["Unmask"] = unmask
+
 
 
         unit_file["Service"] = {}