diff --git a/REFERENCE.md b/REFERENCE.md
index 339624ca..b671b662 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -22,7 +22,7 @@
 * `systemd::networkd`: This class provides an abstract way to trigger systemd-networkd
 * `systemd::oomd`: This class manages and configures oomd.
 * `systemd::resolved`: This class provides an abstract way to trigger resolved.
-* `systemd::system`: This class provides a solution to enable accounting
+* `systemd::service_manager`: This class provides a solution to manage system and/or user service manager settings
 * `systemd::timedatectl`: This class provides an abstract way to set elements with timedatectl
 * `systemd::timesyncd`: This class provides an abstract way to trigger systemd-timesyncd
 * `systemd::udevd`: This class manages systemd's udev config
@@ -54,15 +54,24 @@
 
 ### Data types
 
+* [`Systemd::Boolean`](#Systemd--Boolean): Defines systemd boolean type representation
+* [`Systemd::Boolean::False`](#Systemd--Boolean--False): Defines systemd boolean "false" type representation
+* [`Systemd::Boolean::True`](#Systemd--Boolean--True): Defines systemd boolean "true" type representation
+* [`Systemd::Capabilities`](#Systemd--Capabilities): Defines allowed capabilities
 * [`Systemd::CoredumpSettings`](#Systemd--CoredumpSettings): Configurations for coredump.conf
 * [`Systemd::Dropin`](#Systemd--Dropin): custom datatype that validates filenames/paths for valid systemd dropin files
 * [`Systemd::JournaldSettings`](#Systemd--JournaldSettings): Matches Systemd journald config Struct
 * [`Systemd::JournaldSettings::Ensure`](#Systemd--JournaldSettings--Ensure): defines allowed ensure states for systemd-journald settings
+* [`Systemd::LogLevel`](#Systemd--LogLevel): Defines allowed log levels
 * [`Systemd::LogindSettings`](#Systemd--LogindSettings): Matches Systemd Login Manager Struct
 * [`Systemd::LogindSettings::Ensure`](#Systemd--LogindSettings--Ensure): defines allowed ensure states for systemd-logind settings
 * [`Systemd::MachineInfoSettings`](#Systemd--MachineInfoSettings): Matches Systemd machine-info (hostnamectl) file Struct
 * [`Systemd::OomdSettings`](#Systemd--OomdSettings): Configurations for oomd.conf
+* [`Systemd::Output`](#Systemd--Output): Defines allowed output values
 * [`Systemd::ServiceLimits`](#Systemd--ServiceLimits): Deprecated - Matches Systemd Service Limit Struct
+* [`Systemd::ServiceManagerSettings`](#Systemd--ServiceManagerSettings): Matches Systemd system.conf/user.conf settings
+* [`Systemd::SettingEnsure`](#Systemd--SettingEnsure): Defines allowed ensure states for an ini_setting
+* [`Systemd::Timespan`](#Systemd--Timespan): Defines a timespan type
 * [`Systemd::Unit`](#Systemd--Unit): custom datatype that validates different filenames for systemd units and unit templates
 * [`Systemd::Unit::Amount`](#Systemd--Unit--Amount): Systemd definition of amount, often bytes or united bytes
 * [`Systemd::Unit::AmountOrPercent`](#Systemd--Unit--AmountOrPercent): Systemd definition of amount, often bytes or united bytes
@@ -156,6 +165,10 @@ The following parameters are available in the `systemd` class:
 * [`oomd_ensure`](#-systemd--oomd_ensure)
 * [`oomd_settings`](#-systemd--oomd_settings)
 * [`udev_purge_rules`](#-systemd--udev_purge_rules)
+* [`manage_system_conf`](#-systemd--manage_system_conf)
+* [`system_settings`](#-systemd--system_settings)
+* [`manage_user_conf`](#-systemd--manage_user_conf)
+* [`user_settings`](#-systemd--user_settings)
 
 ##### <a name="-systemd--default_target"></a>`default_target`
 
@@ -612,7 +625,8 @@ Default value: `'/etc/systemd/network'`
 
 Data type: `Boolean`
 
-when enabled, the different accounting options (network traffic, IO, CPU util...) are enabled for units
+When enabled, the different accounting options (network traffic, IO,
+CPU util...) are enabled for units.
 
 Default value: `false`
 
@@ -620,7 +634,9 @@ Default value: `false`
 
 Data type: `Hash[String,String]`
 
-Hash of the different accounting options. This highly depends on the used systemd version. The module provides sane defaults per operating system using Hiera.
+Hash of the different accounting options. This highly depends on the used
+systemd version. The module provides sane defaults per operating system
+using Hiera.
 
 Default value: `{}`
 
@@ -696,6 +712,42 @@ Toggle if unmanaged files in /etc/udev/rules.d should be purged if manage_udevd
 
 Default value: `false`
 
+##### <a name="-systemd--manage_system_conf"></a>`manage_system_conf`
+
+Data type: `Boolean`
+
+Should system service manager configurations be managed
+
+Default value: `false`
+
+##### <a name="-systemd--system_settings"></a>`system_settings`
+
+Data type: `Systemd::ServiceManagerSettings`
+
+Config Hash that is used to configure settings in system.conf
+NOTE: It's currently impossible to have multiple entries of the same key in
+the settings.
+
+Default value: `{}`
+
+##### <a name="-systemd--manage_user_conf"></a>`manage_user_conf`
+
+Data type: `Boolean`
+
+Should user service manager configurations be managed
+
+Default value: `false`
+
+##### <a name="-systemd--user_settings"></a>`user_settings`
+
+Data type: `Systemd::ServiceManagerSettings`
+
+Config Hash that is used to configure settings in user.conf
+NOTE: It's currently impossible to have multiple entries of the same key in
+the settings.
+
+Default value: `{}`
+
 ### <a name="systemd--tmpfiles"></a>`systemd::tmpfiles`
 
 Update the systemd temp files
@@ -2587,6 +2639,30 @@ Use path (-p) ornon-path  style escaping.
 
 ## Data types
 
+### <a name="Systemd--Boolean"></a>`Systemd::Boolean`
+
+Defines systemd boolean type representation
+
+Alias of `Variant[Systemd::Boolean::True, Systemd::Boolean::False]`
+
+### <a name="Systemd--Boolean--False"></a>`Systemd::Boolean::False`
+
+Defines systemd boolean "false" type representation
+
+Alias of `Variant[Integer[0,0], Enum['no', 'false'], Boolean[false]]`
+
+### <a name="Systemd--Boolean--True"></a>`Systemd::Boolean::True`
+
+Defines systemd boolean "true" type representation
+
+Alias of `Variant[Integer[1], Enum['yes', 'true'], Boolean[true]]`
+
+### <a name="Systemd--Capabilities"></a>`Systemd::Capabilities`
+
+Defines allowed capabilities
+
+Alias of `Variant[Pattern[/^~?(CAP_[A-Z_]+ *)+$/]]`
+
 ### <a name="Systemd--CoredumpSettings"></a>`Systemd::CoredumpSettings`
 
 Configurations for coredump.conf
@@ -2661,6 +2737,12 @@ defines allowed ensure states for systemd-journald settings
 
 Alias of `Struct[{ 'ensure' => Enum['present','absent'] }]`
 
+### <a name="Systemd--LogLevel"></a>`Systemd::LogLevel`
+
+Defines allowed log levels
+
+Alias of `Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'], Integer[0,7]]`
+
 ### <a name="Systemd--LogindSettings"></a>`Systemd::LogindSettings`
 
 Matches Systemd Login Manager Struct
@@ -2738,6 +2820,12 @@ Struct[{
   }]
 ```
 
+### <a name="Systemd--Output"></a>`Systemd::Output`
+
+Used in DefaultStandardOutput/DefaultStandardError e.g.
+
+Alias of `Enum['inherit', 'null', 'tty', 'journal', 'journal+console', 'kmsg', 'kmsg+console']`
+
 ### <a name="Systemd--ServiceLimits"></a>`Systemd::ServiceLimits`
 
 Deprecated - Matches Systemd Service Limit Struct
@@ -2791,6 +2879,110 @@ Struct[{
   }]
 ```
 
+### <a name="Systemd--ServiceManagerSettings"></a>`Systemd::ServiceManagerSettings`
+
+NOTE: Systemd::SettingEnsure here allows to delete the setting from the INI
+file. See the example below for Hiera:
+
+```yaml
+systemd::system_settings:
+  LogLevel:
+    ensure: absent
+```
+
+* **See also**
+  * https://www.freedesktop.org/software/systemd/man/latest/systemd-system.conf.html
+
+Alias of
+
+```puppet
+Struct[{
+    Optional['LogLevel'] => Variant[Systemd::LogLevel, Systemd::SettingEnsure],
+    Optional['LogTarget'] => Variant[Enum['console','console-prefixed','kmsg','journal','journal-or-kmsg','auto','null'], Systemd::SettingEnsure],
+    Optional['LogColor'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['LogLocation'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['LogTime'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DumpCore'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['ShowStatus'] => Variant[Systemd::Boolean, Enum['auto','error'], Systemd::SettingEnsure],
+    Optional['CrashChangeVT'] => Variant[Systemd::Boolean, Integer[1,63], Systemd::SettingEnsure],
+    Optional['CrashShell'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['CrashReboot'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], # Obsoleted by CrashAction in v256, delete after Debian 12 EOL
+    Optional['CrashAction'] => Variant[Enum['freeze', 'reboot', 'poweroff'], Systemd::SettingEnsure],
+    Optional['CtrlAltDelBurstAction'] => Variant[Enum['reboot-force','poweroff-force','reboot-immediate','poweroff-immediate','none'], Systemd::SettingEnsure],
+    Optional['CPUAffinity'] => Variant[Enum['numa'], Pattern['^[0-9, -]+$'], Systemd::SettingEnsure],
+    Optional['NUMAPolicy'] => Variant[Enum['default','preferred','bind','interleave','local'], Systemd::SettingEnsure],
+    Optional['NUMAMask'] => Variant[Enum['all'], Pattern['^[0-9, -]+$'], Systemd::SettingEnsure],
+    Optional['RuntimeWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['RuntimeWatchdogPreSec'] => Variant[Enum['off'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['RuntimeWatchdogPreGovernor'] => Variant[Enum['noop', 'panic'], String[1], Systemd::SettingEnsure],
+    Optional['RebootWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['KExecWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['WatchdogDevice'] => Variant[Stdlib::Absolutepath, Systemd::SettingEnsure],
+    Optional['CapabilityBoundingSet'] => Variant[Systemd::Capabilities, Systemd::SettingEnsure],
+    Optional['NoNewPrivileges'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['ProtectSystem'] => Variant[Enum['auto'], Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['SystemCallArchitectures'] => Variant[String[1], Systemd::SettingEnsure],
+    Optional['TimerSlackNSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['StatusUnitFormat'] => Variant[Enum['combined','description','name'], Systemd::SettingEnsure],
+    Optional['DefaultTimerAccuracySec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultStandardOutput'] => Variant[Systemd::Output, Systemd::SettingEnsure],
+    Optional['DefaultStandardError'] => Variant[Systemd::Output, Systemd::SettingEnsure],
+    Optional['DefaultTimeoutStartSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultTimeoutStopSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultTimeoutAbortSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultDeviceTimeoutSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultRestartSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultStartLimitIntervalSec'] => Variant[Enum['infinity'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultStartLimitBurst'] => Variant[Integer[0], Systemd::SettingEnsure],
+    Optional['DefaultEnvironment'] => Variant[String, Systemd::SettingEnsure],
+    Optional['ManagerEnvironment'] => Variant[String, Systemd::SettingEnsure],
+    Optional['DefaultCPUAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DefaultBlockIOAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], # Deprecated in v252. Delete after Debian 11 EOL
+    Optional['DefaultIOAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DefaultIPAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DefaultMemoryAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DefaultTasksAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DefaultTasksMax'] => Variant[Enum['infinity'], Integer[0], Systemd::Unit::Percent, Systemd::SettingEnsure],
+    Optional['DefaultLimitCPU'] => Variant[Enum['infinity'], Pattern['^\d+(s|m|h|d|w|M|y)?(:\d+(s|m|h|d|w|M|y)?)?$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitFSIZE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitDATA'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitSTACK'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitCORE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitRSS'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitNOFILE'] => Variant[Integer[-1], Pattern['^(infinity|\d+(:(infinity|\d+))?)$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitAS'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitNPROC'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitMEMLOCK'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitLOCKS'] => Variant[Integer[1], Systemd::SettingEnsure],
+    Optional['DefaultLimitSIGPENDING'] => Variant[Integer[1], Systemd::SettingEnsure],
+    Optional['DefaultLimitMSGQUEUE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitNICE'] => Variant[Integer[0,40], Pattern['^(-\+([0-1]?[0-9]|20))|([0-3]?[0-9]|40)$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitRTPRIO'] => Variant[Integer[0], Systemd::SettingEnsure],
+    Optional['DefaultLimitRTTIME'] => Variant[Pattern['^\d+(ms|s|m|h|d|w|M|y)?(:\d+(ms|s|m|h|d|w|M|y)?)?$'], Systemd::SettingEnsure],
+    Optional['DefaultOOMPolicy'] => Variant[Enum['continue', 'stop','kill'], Systemd::SettingEnsure],
+    Optional['DefaultSmackProcessLabel'] => Variant[String, Systemd::SettingEnsure],
+    Optional['ReloadLimitIntervalSec'] => Variant[Enum['infinity'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['ReloadLimitBurst'] => Variant[Integer[0], Systemd::SettingEnsure],
+    Optional['DefaultMemoryPressureWatch'] => Variant[Systemd::SettingEnsure],
+    Optional['DefaultMemoryPressureThresholdSec'] => Variant[Systemd::SettingEnsure],
+  }]
+```
+
+### <a name="Systemd--SettingEnsure"></a>`Systemd::SettingEnsure`
+
+Defines allowed ensure states for an ini_setting
+
+Alias of `Struct[{ 'ensure' => Enum['absent'] }]`
+
+### <a name="Systemd--Timespan"></a>`Systemd::Timespan`
+
+Defines a timespan type
+
+* **See also**
+  * https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html
+
+Alias of `Variant[Integer[0], Pattern[/^([0-9]+ *(usec|us|msec|ms|seconds?|sec|s|minutes?|min|m|hours?|hr|h|days?|d|weeks?|w|months?|M|years?|y)? *)+$/]]`
+
 ### <a name="Systemd--Unit"></a>`Systemd::Unit`
 
 custom datatype that validates different filenames for systemd units and unit templates
diff --git a/manifests/init.pp b/manifests/init.pp
index 95aeda78..dc0e7f00 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -188,10 +188,13 @@
 #   where all networkd files are placed in
 #
 # @param manage_accounting
-#   when enabled, the different accounting options (network traffic, IO, CPU util...) are enabled for units
+#   When enabled, the different accounting options (network traffic, IO,
+#   CPU util...) are enabled for units.
 #
 # @param accounting
-#   Hash of the different accounting options. This highly depends on the used systemd version. The module provides sane defaults per operating system using Hiera.
+#   Hash of the different accounting options. This highly depends on the used
+#   systemd version. The module provides sane defaults per operating system
+#   using Hiera.
 #
 # @param purge_dropin_dirs
 #   When enabled, unused directories for dropin files will be purged
@@ -219,6 +222,22 @@
 #
 # @param udev_purge_rules
 #   Toggle if unmanaged files in /etc/udev/rules.d should be purged if manage_udevd is enabled
+#
+# @param manage_system_conf
+#   Should system service manager configurations be managed
+#
+# @param system_settings
+#   Config Hash that is used to configure settings in system.conf
+#   NOTE: It's currently impossible to have multiple entries of the same key in
+#   the settings.
+#
+# @param manage_user_conf
+#   Should user service manager configurations be managed
+#
+# @param user_settings
+#   Config Hash that is used to configure settings in user.conf
+#   NOTE: It's currently impossible to have multiple entries of the same key in
+#   the settings.
 class systemd (
   Optional[Pattern['^.+\.target$']]                   $default_target = undef,
   Hash[String,String]                                 $accounting = {},
@@ -284,6 +303,10 @@
   Enum['stopped','running']                           $oomd_ensure = 'running',
   Systemd::OomdSettings                               $oomd_settings = {},
   Boolean                                             $udev_purge_rules = false,
+  Boolean                                             $manage_system_conf = false,
+  Systemd::ServiceManagerSettings                     $system_settings = {},
+  Boolean                                             $manage_user_conf = false,
+  Systemd::ServiceManagerSettings                     $user_settings = {},
 ) {
   contain systemd::install
 
@@ -347,8 +370,9 @@
     contain systemd::udevd
   }
 
-  if $manage_accounting {
-    contain systemd::system
+  # $manage_accounting is retained for backward compatibility
+  if $manage_accounting or $manage_system_conf or $manage_user_conf {
+    contain systemd::service_manager
   }
 
   unless empty($machine_info_settings) {
diff --git a/manifests/service_manager.pp b/manifests/service_manager.pp
new file mode 100644
index 00000000..c783f4d5
--- /dev/null
+++ b/manifests/service_manager.pp
@@ -0,0 +1,79 @@
+# @api private
+#
+# This class provides a solution to manage system and/or user service manager settings
+# @see https://www.freedesktop.org/software/systemd/man/latest/systemd-system.conf.html
+#
+# @param manage_accounting
+#   When enabled, the different accounting options (network traffic, IO,
+#   CPU util...) are enabled for units.
+#
+# @param accounting_settings
+#   Hash of the different accounting options. This highly depends on the used
+#   systemd version. The module provides sane defaults per operating system
+#   using Hiera.
+#
+# @param manage_system_conf
+#   Should system service manager configurations be managed
+#
+# @param system_settings
+#   Config Hash that is used to configure settings in system.conf
+#   NOTE: It's currently impossible to have multiple entries of the same key in
+#   the settings.
+#
+# @param manage_user_conf
+#   Should user service manager configurations be managed
+#
+# @param user_settings
+#   Config Hash that is used to configure settings in user.conf
+#   NOTE: It's currently impossible to have multiple entries of the same key in
+#   the settings.
+#
+class systemd::service_manager (
+  Boolean $manage_accounting = $systemd::manage_accounting,
+  Boolean $manage_system_conf = $systemd::manage_system_conf,
+  Boolean $manage_user_conf = $systemd::manage_user_conf,
+  Systemd::ServiceManagerSettings $accounting_settings = $systemd::accounting,
+  Systemd::ServiceManagerSettings $system_settings = $systemd::system_settings,
+  Systemd::ServiceManagerSettings $user_settings = $systemd::user_settings,
+) {
+  assert_private()
+
+  $real_system_settings = case [$manage_accounting, $manage_system_conf] {
+    [true, false]: { $accounting_settings }
+    [false, true]: { $system_settings }
+    [true, true]:  { $system_settings + $accounting_settings } # Accounting settings have preference
+    default: { ({}) } # Empty Hash otherwise
+  }
+
+  $real_system_settings.each |$option, $value| {
+    $vh = $value ? {
+      Systemd::SettingEnsure => $value,
+      default => { value => $value },
+    }
+
+    ini_setting { "system/${option}":
+      ensure  => $vh.get('ensure', 'present'),
+      path    => '/etc/systemd/system.conf',
+      section => 'Manager',
+      setting => $option,
+      value   => $vh['value'],
+    }
+  }
+
+  if $manage_user_conf {
+    $user_settings.each |$option, $value| {
+      $vh = $value ? {
+        Systemd::SettingEnsure => $value,
+        default => { value => $value },
+      }
+
+      ini_setting { "user/${option}":
+        ensure  => $vh.get('ensure', 'present'),
+        path    => '/etc/systemd/user.conf',
+        section => 'Manager',
+        setting => $option,
+        value   => $vh['value'],
+      }
+    }
+  }
+}
diff --git a/manifests/system.pp b/manifests/system.pp
deleted file mode 100644
index 368048dc..00000000
--- a/manifests/system.pp
+++ /dev/null
@@ -1,17 +0,0 @@
-# @api private
-#
-# This class provides a solution to enable accounting
-#
-class systemd::system {
-  assert_private()
-
-  $systemd::accounting.each |$option, $value| {
-    ini_setting { $option:
-      ensure  => 'present',
-      path    => '/etc/systemd/system.conf',
-      section => 'Manager',
-      setting => $option,
-      value   => $value,
-    }
-  }
-}
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index b53ad18a..4e90a50d 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -508,7 +508,7 @@
             }
           end
 
-          it { is_expected.to contain_class('systemd::system') }
+          it { is_expected.to contain_class('systemd::service_manager') }
 
           case facts[:os]['family']
           when 'Archlinux', 'Gentoo'
@@ -519,9 +519,97 @@
             accounting = %w[DefaultCPUAccounting DefaultBlockIOAccounting DefaultMemoryAccounting DefaultTasksAccounting]
           end
           accounting.each do |account|
-            it { is_expected.to contain_ini_setting(account) }
+            it { is_expected.to contain_ini_setting("system/#{account}") }
           end
           it { is_expected.to compile.with_all_deps }
+
+          context 'when both manage_accounting and manage_system_conf are enabled' do
+            let :params do
+              super().merge(
+                manage_system_conf: true,
+                system_settings: {
+                  'DefaultTimeoutStartSec' => '120s',
+                  'DefaultCPUAccounting' => true,
+                  'DefaultMemoryAccounting' => { 'ensure' => 'absent' },
+                }
+              )
+            end
+
+            it { is_expected.to compile.with_all_deps }
+            it { is_expected.to contain_ini_setting('system/DefaultTimeoutStartSec').with_ensure('present').with_value('120s') }
+            # Value is overriden by accounting settings
+            it { is_expected.to contain_ini_setting('system/DefaultCPUAccounting').with_ensure('present').with_value('yes') }
+            # Ensure and value are overriden by accounting settings
+            it { is_expected.to contain_ini_setting('system/DefaultMemoryAccounting').with_ensure('present').with_value('yes') }
+            # Included by accounting (switch to DefaultIOAccounting after RHEL7 EOL)
+            it { is_expected.to contain_ini_setting('system/DefaultBlockIOAccounting').with_ensure('present').with_value('yes') }
+          end
+        end
+
+        context 'when managing system service manager config' do
+          let :params do
+            {
+              manage_system_conf: true,
+              system_settings: {
+                'DefaultTimeoutStartSec' => '120s',
+                'DefaultCPUAccounting' => true,
+                'DefaultMemoryAccounting' => { 'ensure' => 'absent' },
+              }
+            }
+          end
+
+          it { is_expected.to compile.with_all_deps }
+          it { is_expected.to have_ini_setting_resource_count(3) }
+          it { is_expected.to contain_ini_setting('system/DefaultMemoryAccounting').with_ensure('absent') }
+
+          it do
+            is_expected.to contain_ini_setting('system/DefaultTimeoutStartSec').with(
+              ensure: 'present',
+              path: '/etc/systemd/system.conf',
+              value: '120s'
+            )
+          end
+
+          it do
+            is_expected.to contain_ini_setting('system/DefaultCPUAccounting').with(
+              ensure: 'present',
+              path: '/etc/systemd/system.conf',
+              value: true
+            )
+          end
+        end
+
+        context 'when managing user service manager config' do
+          let :params do
+            {
+              manage_user_conf: true,
+              user_settings: {
+                'DefaultTimeoutStartSec' => '123s',
+                'DefaultLimitCORE' => 'infinity',
+                'DefaultLimitCPU' => { 'ensure' => 'absent' },
+              }
+            }
+          end
+
+          it { is_expected.to compile.with_all_deps }
+          it { is_expected.to have_ini_setting_resource_count(3) }
+          it { is_expected.to contain_ini_setting('user/DefaultLimitCPU').with_ensure('absent') }
+
+          it do
+            is_expected.to contain_ini_setting('user/DefaultTimeoutStartSec').with(
+              ensure: 'present',
+              path: '/etc/systemd/user.conf',
+              value: '123s'
+            )
+          end
+
+          it do
+            is_expected.to contain_ini_setting('user/DefaultLimitCORE').with(
+              ensure: 'present',
+              path: '/etc/systemd/user.conf',
+              value: 'infinity'
+            )
+          end
         end
 
         context 'when enabling journald with options' do
diff --git a/types/boolean.pp b/types/boolean.pp
new file mode 100644
index 00000000..e21196d1
--- /dev/null
+++ b/types/boolean.pp
@@ -0,0 +1,2 @@
+# @summary Defines systemd boolean type representation
+type Systemd::Boolean = Variant[Systemd::Boolean::True, Systemd::Boolean::False]
diff --git a/types/boolean/false.pp b/types/boolean/false.pp
new file mode 100644
index 00000000..878e1c5f
--- /dev/null
+++ b/types/boolean/false.pp
@@ -0,0 +1,2 @@
+# @summary Defines systemd boolean "false" type representation
+type Systemd::Boolean::False = Variant[Integer[0,0], Enum['no', 'false'], Boolean[false]]
diff --git a/types/boolean/true.pp b/types/boolean/true.pp
new file mode 100644
index 00000000..69aa0f51
--- /dev/null
+++ b/types/boolean/true.pp
@@ -0,0 +1,2 @@
+# @summary Defines systemd boolean "true" type representation
+type Systemd::Boolean::True = Variant[Integer[1], Enum['yes', 'true'], Boolean[true]]
diff --git a/types/capabilities.pp b/types/capabilities.pp
new file mode 100644
index 00000000..acbc7701
--- /dev/null
+++ b/types/capabilities.pp
@@ -0,0 +1,2 @@
+# @summary Defines allowed capabilities
+type Systemd::Capabilities = Variant[Pattern[/^~?(CAP_[A-Z_]+ *)+$/]]
diff --git a/types/loglevel.pp b/types/loglevel.pp
new file mode 100644
index 00000000..49f81904
--- /dev/null
+++ b/types/loglevel.pp
@@ -0,0 +1,2 @@
+# @summary Defines allowed log levels
+type Systemd::LogLevel = Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'], Integer[0,7]]
diff --git a/types/output.pp b/types/output.pp
new file mode 100644
index 00000000..3735bd5c
--- /dev/null
+++ b/types/output.pp
@@ -0,0 +1,3 @@
+# @summary Defines allowed output values
+# Used in DefaultStandardOutput/DefaultStandardError e.g.
+type Systemd::Output = Enum['inherit', 'null', 'tty', 'journal', 'journal+console', 'kmsg', 'kmsg+console']
diff --git a/types/servicemanagersettings.pp b/types/servicemanagersettings.pp
new file mode 100644
index 00000000..69ea08c3
--- /dev/null
+++ b/types/servicemanagersettings.pp
@@ -0,0 +1,86 @@
+# @summary Matches Systemd system.conf/user.conf settings
+#
+# NOTE: Systemd::SettingEnsure here allows to delete the setting from the INI
+# file. See the example below for Hiera:
+#
+# ```yaml
+# systemd::system_settings:
+#   LogLevel:
+#     ensure: absent
+# ```
+#
+# @see https://www.freedesktop.org/software/systemd/man/latest/systemd-system.conf.html
+type Systemd::ServiceManagerSettings = Struct[
+  # lint:ignore:140chars
+  {
+    Optional['LogLevel'] => Variant[Systemd::LogLevel, Systemd::SettingEnsure],
+    Optional['LogTarget'] => Variant[Enum['console','console-prefixed','kmsg','journal','journal-or-kmsg','auto','null'], Systemd::SettingEnsure],
+    Optional['LogColor'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['LogLocation'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['LogTime'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DumpCore'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['ShowStatus'] => Variant[Systemd::Boolean, Enum['auto','error'], Systemd::SettingEnsure],
+    Optional['CrashChangeVT'] => Variant[Systemd::Boolean, Integer[1,63], Systemd::SettingEnsure],
+    Optional['CrashShell'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['CrashReboot'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], # Obsoleted by CrashAction in v256, delete after Debian 12 EOL
+    Optional['CrashAction'] => Variant[Enum['freeze', 'reboot', 'poweroff'], Systemd::SettingEnsure],
+    Optional['CtrlAltDelBurstAction'] => Variant[Enum['reboot-force','poweroff-force','reboot-immediate','poweroff-immediate','none'], Systemd::SettingEnsure],
+    Optional['CPUAffinity'] => Variant[Enum['numa'], Pattern['^[0-9, -]+$'], Systemd::SettingEnsure],
+    Optional['NUMAPolicy'] => Variant[Enum['default','preferred','bind','interleave','local'], Systemd::SettingEnsure],
+    Optional['NUMAMask'] => Variant[Enum['all'], Pattern['^[0-9, -]+$'], Systemd::SettingEnsure],
+    Optional['RuntimeWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['RuntimeWatchdogPreSec'] => Variant[Enum['off'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['RuntimeWatchdogPreGovernor'] => Variant[Enum['noop', 'panic'], String[1], Systemd::SettingEnsure],
+    Optional['RebootWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['KExecWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['WatchdogDevice'] => Variant[Stdlib::Absolutepath, Systemd::SettingEnsure],
+    Optional['CapabilityBoundingSet'] => Variant[Systemd::Capabilities, Systemd::SettingEnsure],
+    Optional['NoNewPrivileges'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['ProtectSystem'] => Variant[Enum['auto'], Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['SystemCallArchitectures'] => Variant[String[1], Systemd::SettingEnsure],
+    Optional['TimerSlackNSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['StatusUnitFormat'] => Variant[Enum['combined','description','name'], Systemd::SettingEnsure],
+    Optional['DefaultTimerAccuracySec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultStandardOutput'] => Variant[Systemd::Output, Systemd::SettingEnsure],
+    Optional['DefaultStandardError'] => Variant[Systemd::Output, Systemd::SettingEnsure],
+    Optional['DefaultTimeoutStartSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultTimeoutStopSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultTimeoutAbortSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultDeviceTimeoutSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultRestartSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultStartLimitIntervalSec'] => Variant[Enum['infinity'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['DefaultStartLimitBurst'] => Variant[Integer[0], Systemd::SettingEnsure],
+    Optional['DefaultEnvironment'] => Variant[String, Systemd::SettingEnsure],
+    Optional['ManagerEnvironment'] => Variant[String, Systemd::SettingEnsure],
+    Optional['DefaultCPUAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DefaultBlockIOAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], # Deprecated in v252. Delete after Debian 11 EOL
+    Optional['DefaultIOAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DefaultIPAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DefaultMemoryAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DefaultTasksAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
+    Optional['DefaultTasksMax'] => Variant[Enum['infinity'], Integer[0], Systemd::Unit::Percent, Systemd::SettingEnsure],
+    Optional['DefaultLimitCPU'] => Variant[Enum['infinity'], Pattern['^\d+(s|m|h|d|w|M|y)?(:\d+(s|m|h|d|w|M|y)?)?$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitFSIZE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitDATA'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitSTACK'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitCORE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitRSS'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitNOFILE'] => Variant[Integer[-1], Pattern['^(infinity|\d+(:(infinity|\d+))?)$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitAS'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitNPROC'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitMEMLOCK'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitLOCKS'] => Variant[Integer[1], Systemd::SettingEnsure],
+    Optional['DefaultLimitSIGPENDING'] => Variant[Integer[1], Systemd::SettingEnsure],
+    Optional['DefaultLimitMSGQUEUE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitNICE'] => Variant[Integer[0,40], Pattern['^(-\+([0-1]?[0-9]|20))|([0-3]?[0-9]|40)$'], Systemd::SettingEnsure],
+    Optional['DefaultLimitRTPRIO'] => Variant[Integer[0], Systemd::SettingEnsure],
+    Optional['DefaultLimitRTTIME'] => Variant[Pattern['^\d+(ms|s|m|h|d|w|M|y)?(:\d+(ms|s|m|h|d|w|M|y)?)?$'], Systemd::SettingEnsure],
+    Optional['DefaultOOMPolicy'] => Variant[Enum['continue', 'stop','kill'], Systemd::SettingEnsure],
+    Optional['DefaultSmackProcessLabel'] => Variant[String, Systemd::SettingEnsure],
+    Optional['ReloadLimitIntervalSec'] => Variant[Enum['infinity'], Systemd::Timespan, Systemd::SettingEnsure],
+    Optional['ReloadLimitBurst'] => Variant[Integer[0], Systemd::SettingEnsure],
+    Optional['DefaultMemoryPressureWatch'] => Variant[Systemd::SettingEnsure],
+    Optional['DefaultMemoryPressureThresholdSec'] => Variant[Systemd::SettingEnsure],
+  }
+  # lint:endignore
+]
diff --git a/types/settingensure.pp b/types/settingensure.pp
new file mode 100644
index 00000000..12e32577
--- /dev/null
+++ b/types/settingensure.pp
@@ -0,0 +1,2 @@
+# @summary Defines allowed ensure states for an ini_setting
+type Systemd::SettingEnsure = Struct[{ 'ensure' => Enum['absent'] }]
diff --git a/types/timespan.pp b/types/timespan.pp
new file mode 100644
index 00000000..34f0eebf
--- /dev/null
+++ b/types/timespan.pp
@@ -0,0 +1,6 @@
+# @summary Defines a timespan type
+# @see https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html
+type Systemd::Timespan = Variant[
+  Integer[0],
+  Pattern[/^([0-9]+ *(usec|us|msec|ms|seconds?|sec|s|minutes?|min|m|hours?|hr|h|days?|d|weeks?|w|months?|M|years?|y)? *)+$/]
+]