summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
authorMarcus Hoff <marcus.hoff@ring2.dk>2020-09-26 13:19:37 +0200
committerMarcus Hoff <marcus.hoff@ring2.dk>2020-09-26 13:19:37 +0200
commit1141bee72677b25d18436975625d2d298be503ff (patch)
tree4b6dc8fe1a8ced931e1ba08c58a348abfcd85a6b /data/templates
parent45b30adfaaec7065f768d04085138a75a76ed376 (diff)
parent374724be64728101c262fcac1579beece63ee651 (diff)
downloadvyos-1x-1141bee72677b25d18436975625d2d298be503ff.tar.gz
vyos-1x-1141bee72677b25d18436975625d2d298be503ff.zip
Merge remote-tracking branch 'upstream/current' into current
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/dns-forwarding/recursor.conf.tmpl2
-rw-r--r--data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl34
-rw-r--r--data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl28
-rw-r--r--data/templates/macsec/wpa_supplicant.conf.tmpl2
-rw-r--r--data/templates/openvpn/server.conf.tmpl10
-rw-r--r--data/templates/wifi/hostapd.conf.tmpl23
-rw-r--r--data/templates/wifi/wpa_supplicant.conf.tmpl8
-rw-r--r--data/templates/wwan/peer.tmpl2
8 files changed, 72 insertions, 37 deletions
diff --git a/data/templates/dns-forwarding/recursor.conf.tmpl b/data/templates/dns-forwarding/recursor.conf.tmpl
index d233b8abc..b0ae3cc61 100644
--- a/data/templates/dns-forwarding/recursor.conf.tmpl
+++ b/data/templates/dns-forwarding/recursor.conf.tmpl
@@ -21,7 +21,7 @@ max-cache-entries={{ cache_size }}
max-negative-ttl={{ negative_ttl }}
# ignore-hosts-file
-export-etc-hosts={{ export_hosts_file }}
+export-etc-hosts={{ 'no' if ignore_hosts_file is defined else 'yes' }}
# listen-address
local-address={{ listen_address | join(',') }}
diff --git a/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl b/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl
index de5eaee00..90f35ae1c 100644
--- a/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl
+++ b/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl
@@ -3,26 +3,26 @@
# dot zone (catch-all): '+' indicates recursion is desired
# (same as forward-zones-recurse)
-{#- the code below ensures the order of nameservers is determined first by #}
-{#- the order of tags, then by the order of nameservers within that tag #}
-{%- set n = namespace(dot_zone_ns='') %}
-{%- for tag in name_server_tags_recursor %}
-{%- set ns = '' %}
-{%- if tag in name_servers %}
-{%- set ns = ns + name_servers[tag]|join(', ') %}
-{%- set n.dot_zone_ns = (n.dot_zone_ns, ns)|join(', ') if n.dot_zone_ns != '' else ns %}
-{%- endif %}
+{# the code below ensures the order of nameservers is determined first by #}
+{# the order of tags, then by the order of nameservers within that tag #}
+{% set n = namespace(dot_zone_ns='') %}
+{% for tag in name_server_tags_recursor %}
+{% set ns = '' %}
+{% if tag in name_servers %}
+{% set ns = ns + name_servers[tag]|join(', ') %}
+{% set n.dot_zone_ns = (n.dot_zone_ns, ns)|join(', ') if n.dot_zone_ns != '' else ns %}
+{% endif %}
# {{ tag }}: {{ ns }}
-{%- endfor %}
+{% endfor %}
-{%- if n.dot_zone_ns %}
+{% if n.dot_zone_ns %}
+.={{ n.dot_zone_ns }}
-{%- endif %}
+{% endif %}
-{% if forward_zones -%}
+{% if forward_zones is defined %}
# zones added via 'service dns forwarding domain'
-{%- for zone, zonedata in forward_zones.items() %}
-{% if zonedata['recursion-desired'] %}+{% endif %}{{ zone }}={{ zonedata['nslist']|join(', ') }}
-{%- endfor %}
-{%- endif %}
+{% for zone, zonedata in forward_zones.items() %}
+{{ "+" if zonedata['recursion_desired'] is defined }}{{ zone }}={{ zonedata['server']|join(', ') }}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl b/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl
index b0d99d9ae..784d5c360 100644
--- a/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl
+++ b/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl
@@ -1,24 +1,24 @@
-- Autogenerated by VyOS (vyos-hostsd) --
-- Do not edit, your changes will get overwritten --
-{% if hosts -%}
+{% if hosts %}
-- from 'system static-host-mapping' and DHCP server
-{%- for tag, taghosts in hosts.items() %}
-{%- for host, hostprops in taghosts.items() %}
+{% for tag, taghosts in hosts.items() %}
+{% for host, hostprops in taghosts.items() %}
addNTA("{{ host }}.", "{{ tag }}")
-{%- for a in hostprops['aliases'] %}
+{% for a in hostprops['aliases'] %}
addNTA("{{ a }}.", "{{ tag }} alias")
-{%- endfor %}
-{%- endfor %}
-{%- endfor %}
-{%- endif %}
+{% endfor %}
+{% endfor %}
+{% endfor %}
+{% endif %}
-{% if forward_zones -%}
+{% if forward_zones is defined %}
-- from 'service dns forwarding domain'
-{%- for zone, zonedata in forward_zones.items() %}
-{%- if zonedata['addNTA'] %}
+{% for zone, zonedata in forward_zones.items() %}
+{% if zonedata['addnta'] is defined %}
addNTA("{{ zone }}", "static")
-{%- endif %}
-{%- endfor %}
-{%- endif %}
+{% endif %}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl
index 1731bf160..5b353def8 100644
--- a/data/templates/macsec/wpa_supplicant.conf.tmpl
+++ b/data/templates/macsec/wpa_supplicant.conf.tmpl
@@ -1,4 +1,4 @@
-# autogenerated by interfaces-macsec.py
+### Autogenerated by interfaces-macsec.py ###
# see full documentation:
# https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index 401f8e04b..fea310236 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -181,7 +181,11 @@ dh {{ tls_dh }}
{%- endif %}
{%- if tls_auth %}
-tls-auth {{tls_auth}}
+{%- if mode == 'client' %}
+tls-auth {{tls_auth}} 1
+{%- elif mode == 'server' %}
+tls-auth {{tls_auth}} 0
+{%- endif %}
{%- endif %}
{%- if tls_role %}
@@ -196,7 +200,9 @@ tls-server
# Encryption options
{%- if encryption %}
-{% if encryption == 'des' -%}
+{% if encryption == 'none' -%}
+cipher none
+{%- elif encryption == 'des' -%}
cipher des-cbc
{%- elif encryption == '3des' -%}
cipher des-ede3-cbc
diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl
index 132c4ce40..c5e4240d1 100644
--- a/data/templates/wifi/hostapd.conf.tmpl
+++ b/data/templates/wifi/hostapd.conf.tmpl
@@ -11,6 +11,21 @@ device_name={{ description | truncate(32, True) }}
# command line parameter.
interface={{ ifname }}
+{% if is_bridge_member is defined %}
+# In case of atheros and nl80211 driver interfaces, an additional
+# configuration parameter, bridge, may be used to notify hostapd if the
+# interface is included in a bridge. This parameter is not used with Host AP
+# driver. If the bridge parameter is not set, the drivers will automatically
+# figure out the bridge interface (assuming sysfs is enabled and mounted to
+# /sys) and this parameter may not be needed.
+#
+# For nl80211, this parameter can be used to request the AP interface to be
+# added to the bridge automatically (brctl may refuse to do this before hostapd
+# has been started to change the interface mode). If needed, the bridge
+# interface is also created.
+bridge={{ is_bridge_member }}
+{% endif %}
+
# Driver interface type (hostap/wired/none/nl80211/bsd);
# default: hostap). nl80211 is used with all Linux mac80211 drivers.
# Use driver=none if building hostapd as a standalone RADIUS server that does
@@ -433,6 +448,14 @@ macaddr_acl=0
max_num_sta={{ max_stations }}
{% endif %}
+{% if wds is defined %}
+# WDS (4-address frame) mode with per-station virtual interfaces
+# (only supported with driver=nl80211)
+# This mode allows associated stations to use 4-address frames to allow layer 2
+# bridging to be used.
+wds_sta=1
+{% endif %}
+
{% if isolate_stations is defined %}
# Client isolation can be used to prevent low-level bridging of frames between
# associated stations in the BSS. By default, this bridging is allowed.
diff --git a/data/templates/wifi/wpa_supplicant.conf.tmpl b/data/templates/wifi/wpa_supplicant.conf.tmpl
index 9ddad35fd..f84892dc0 100644
--- a/data/templates/wifi/wpa_supplicant.conf.tmpl
+++ b/data/templates/wifi/wpa_supplicant.conf.tmpl
@@ -1,7 +1,13 @@
-# WPA supplicant config
+### Autogenerated by interfaces-macsec.py ###
+
+# see full documentation:
+# https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
+
network={
ssid="{{ ssid }}"
+ scan_ssid=1
{% if security is defined and security.wpa is defined and security.wpa.passphrase is defined %}
+ key_mgmt=WPA-PSK
psk="{{ security.wpa.passphrase }}"
{% else %}
key_mgmt=NONE
diff --git a/data/templates/wwan/peer.tmpl b/data/templates/wwan/peer.tmpl
index aa759f741..e23881bf8 100644
--- a/data/templates/wwan/peer.tmpl
+++ b/data/templates/wwan/peer.tmpl
@@ -21,7 +21,7 @@ noauth
crtscts
lock
persist
-{{ "demand" if ondemand is defined }}
+{{ "demand" if connect_on_demand is defined }}
connect '/usr/sbin/chat -v -t6 -f /etc/ppp/peers/chat.{{ ifname }}'