diff options
Diffstat (limited to 'data/templates')
-rw-r--r-- | data/templates/macsec/wpa_supplicant.conf.tmpl | 21 | ||||
-rw-r--r-- | data/templates/ssh/sshd_config.tmpl | 2 | ||||
-rw-r--r-- | data/templates/wwan/ip-down.script.tmpl | 12 | ||||
-rw-r--r-- | data/templates/wwan/ip-pre-up.script.tmpl | 10 | ||||
-rw-r--r-- | data/templates/wwan/ip-up.script.tmpl | 12 | ||||
-rw-r--r-- | data/templates/wwan/peer.tmpl | 24 |
6 files changed, 41 insertions, 40 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl index a614d23f5..1731bf160 100644 --- a/data/templates/macsec/wpa_supplicant.conf.tmpl +++ b/data/templates/macsec/wpa_supplicant.conf.tmpl @@ -45,9 +45,10 @@ network={ # - the key server has decided to enable MACsec # 0: Encrypt traffic (default) # 1: Integrity only - macsec_integ_only={{ '0' if security_encrypt else '1' }} + macsec_integ_only={{ '0' if security is defined and security.encrypt is defined else '1' }} -{% if security_encrypt %} +{% if security is defined %} +{% if security.encrypt is defined %} # mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode # This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair. # In this mode, instances of wpa_supplicant can act as MACsec peers. The peer @@ -56,21 +57,22 @@ network={ # hex-string (32 hex-digits) or a 32-byte (256-bit) hex-string (64 hex-digits) # mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string # (2..64 hex-digits) - mka_cak={{ security_mka_cak }} - mka_ckn={{ security_mka_ckn }} + mka_cak={{ security.mka.cak }} + mka_ckn={{ security.mka.ckn }} # mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being # default priority - mka_priority={{ security_mka_priority }} -{% endif %} -{% if security_replay_window %} + mka_priority={{ security.mka.priority }} +{% endif %} + +{% if security.replay_window is defined %} # macsec_replay_protect: IEEE 802.1X/MACsec replay protection # This setting applies only when MACsec is in use, i.e., # - macsec_policy is enabled # - the key server has decided to enable MACsec # 0: Replay protection disabled (default) # 1: Replay protection enabled - macsec_replay_protect={{ '1' if security_replay_window else '0' }} + macsec_replay_protect=1 # macsec_replay_window: IEEE 802.1X/MACsec replay protection window # This determines a window in which replay is tolerated, to allow receipt @@ -80,7 +82,8 @@ network={ # - the key server has decided to enable MACsec # 0: No replay window, strict check (default) # 1..2^32-1: number of packets that could be misordered - macsec_replay_window={{ security_replay_window }} + macsec_replay_window={{ security.replay_window }} +{% endif %} {% endif %} } diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl index 1c136bb23..dbc5c3646 100644 --- a/data/templates/ssh/sshd_config.tmpl +++ b/data/templates/ssh/sshd_config.tmpl @@ -57,7 +57,7 @@ PasswordAuthentication {{ "no" if disable_password_authentication is defined els ListenAddress {{ listen_address }} {% else %} {% for address in listen_address %} -ListenAddress {{ value }} +ListenAddress {{ address }} {% endfor %} {% endif %} {% endif %} diff --git a/data/templates/wwan/ip-down.script.tmpl b/data/templates/wwan/ip-down.script.tmpl index f7b38cbc5..9dc15ea99 100644 --- a/data/templates/wwan/ip-down.script.tmpl +++ b/data/templates/wwan/ip-down.script.tmpl @@ -11,17 +11,17 @@ fi # Determine if we are running inside a VRF or not, required for proper routing table # NOTE: the down script can not be properly templated as we need the VRF name, # which is not present on deletion, thus we read it from the operating system. -if [ -d /sys/class/net/{{ intf }}/upper_* ]; then +if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then # Determine upper (VRF) interface - VRF=$(basename $(ls -d /sys/class/net/{{ intf }}/upper_*)) + VRF=$(basename $(ls -d /sys/class/net/{{ ifname }}/upper_*)) # Remove upper_ prefix from result string VRF_NAME=${VRF#"upper_"} # Remove default route from VRF routing table - vtysh -c "conf t" -c "vrf ${VRF_NAME}" -c "no ip route 0.0.0.0/0 {{ intf }}" + vtysh -c "conf t" -c "vrf ${VRF_NAME}" -c "no ip route 0.0.0.0/0 {{ ifname }}" else # Remove default route from GRT (global routing table) - vtysh -c "conf t" -c "no ip route 0.0.0.0/0 {{ intf }}" + vtysh -c "conf t" -c "no ip route 0.0.0.0/0 {{ ifname }}" fi -DIALER_PID=$(cat /var/run/{{ intf }}.pid) -logger -t pppd[$DIALER_PID] "removed default route via {{ intf }} metric {{ metric }}" +DIALER_PID=$(cat /var/run/{{ ifname }}.pid) +logger -t pppd[$DIALER_PID] "removed default route via {{ ifname }} metric {{ backup.distance }}" diff --git a/data/templates/wwan/ip-pre-up.script.tmpl b/data/templates/wwan/ip-pre-up.script.tmpl index 7a17a1c71..efc065bad 100644 --- a/data/templates/wwan/ip-pre-up.script.tmpl +++ b/data/templates/wwan/ip-pre-up.script.tmpl @@ -7,17 +7,17 @@ ipparam=$6 # device name and metric are received using ipparam device=`echo "$ipparam"|awk '{ print $1 }'` -if [ "$device" != "{{ intf }}" ]; then +if [ "$device" != "{{ ifname }}" ]; then exit fi # add some info to syslog -DIALER_PID=$(cat /var/run/{{ intf }}.pid) +DIALER_PID=$(cat /var/run/{{ ifname }}.pid) logger -t pppd[$DIALER_PID] "executing $0" -echo "{{ description }}" > /sys/class/net/{{ intf }}/ifalias +echo "{{ description }}" > /sys/class/net/{{ ifname }}/ifalias {% if vrf -%} -logger -t pppd[$DIALER_PID] "configuring interface {{ intf }} for VRF {{ vrf }}" -ip link set dev {{ intf }} master {{ vrf }} +logger -t pppd[$DIALER_PID] "configuring interface {{ ifname }} for VRF {{ vrf }}" +ip link set dev {{ ifname }} master {{ vrf }} {% endif %} diff --git a/data/templates/wwan/ip-up.script.tmpl b/data/templates/wwan/ip-up.script.tmpl index 3a7eec800..2603a0286 100644 --- a/data/templates/wwan/ip-up.script.tmpl +++ b/data/templates/wwan/ip-up.script.tmpl @@ -9,17 +9,17 @@ if [ -z $(echo $2 | egrep "(ttyS[0-9]+|usb[0-9]+b.*)$") ]; then fi # Determine if we are running inside a VRF or not, required for proper routing table -if [ -d /sys/class/net/{{ intf }}/upper_* ]; then +if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then # Determine upper (VRF) interface - VRF=$(basename $(ls -d /sys/class/net/{{ intf }}/upper_*)) + VRF=$(basename $(ls -d /sys/class/net/{{ ifname }}/upper_*)) # Remove upper_ prefix from result string VRF_NAME=${VRF#"upper_"} # Remove default route from VRF routing table - vtysh -c "conf t" -c "vrf ${VRF_NAME}" -c "ip route 0.0.0.0/0 {{ intf }} {{ metric }}" + vtysh -c "conf t" -c "vrf ${VRF_NAME}" -c "ip route 0.0.0.0/0 {{ ifname }} {{ backup.distance }}" else # Remove default route from GRT (global routing table) - vtysh -c "conf t" -c "ip route 0.0.0.0/0 {{ intf }} {{ metric }}" + vtysh -c "conf t" -c "ip route 0.0.0.0/0 {{ ifname }} {{ backup.distance }}" fi -DIALER_PID=$(cat /var/run/{{ intf }}.pid) -logger -t pppd[$DIALER_PID] "added default route via {{ intf }} metric {{ metric }} ${VRF_NAME}" +DIALER_PID=$(cat /var/run/{{ ifname }}.pid) +logger -t pppd[$DIALER_PID] "added default route via {{ ifname }} metric {{ backup.distance }} ${VRF_NAME}" diff --git a/data/templates/wwan/peer.tmpl b/data/templates/wwan/peer.tmpl index 0168283fd..aa759f741 100644 --- a/data/templates/wwan/peer.tmpl +++ b/data/templates/wwan/peer.tmpl @@ -1,19 +1,18 @@ ### Autogenerated by interfaces-wirelessmodem.py ### -{% if description %} -# {{ description }} -{% endif %} -ifname {{ intf }} -ipparam {{ intf }} -linkname {{ intf }} -{% if name_server -%} -usepeerdns -{%- endif %} +{{ "# description: " + description if description is defined }} +ifname {{ ifname }} +ipparam {{ ifname }} +linkname {{ ifname }} +{{ "usepeerdns" if no_peer_dns is defined }} # physical device {{ device }} lcp-echo-failure 0 115200 debug +debug +mtu {{ mtu }} +mru {{ mtu }} nodefaultroute ipcp-max-failure 4 ipcp-accept-local @@ -22,8 +21,7 @@ noauth crtscts lock persist -{% if on_demand -%} -demand -{%- endif %} +{{ "demand" if ondemand is defined }} + +connect '/usr/sbin/chat -v -t6 -f /etc/ppp/peers/chat.{{ ifname }}' -connect '/usr/sbin/chat -v -t6 -f {{ chat_script }}' |