diff options
Diffstat (limited to 'data/templates')
-rw-r--r-- | data/templates/frr/isisd.frr.j2 | 14 | ||||
-rw-r--r-- | data/templates/frr/ospfd.frr.j2 | 7 | ||||
-rw-r--r-- | data/templates/login/pam_otp_ga.conf.j2 | 7 | ||||
-rw-r--r-- | data/templates/ssh/sshd_config.j2 | 4 | ||||
-rw-r--r-- | data/templates/telegraf/telegraf.j2 | 2 |
5 files changed, 13 insertions, 21 deletions
diff --git a/data/templates/frr/isisd.frr.j2 b/data/templates/frr/isisd.frr.j2 index 194dbcb07..8df1e9513 100644 --- a/data/templates/frr/isisd.frr.j2 +++ b/data/templates/frr/isisd.frr.j2 @@ -121,22 +121,12 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is vyos_defined }} {% for prefix, prefix_config in segment_routing.prefix.items() %} {% if prefix_config.absolute is vyos_defined %} {% if prefix_config.absolute.value is vyos_defined %} - segment-routing prefix {{ prefix }} absolute {{ prefix_config.absolute.value }} -{% if prefix_config.absolute.explicit_null is vyos_defined %} - segment-routing prefix {{ prefix }} absolute {{ prefix_config.absolute.value }} explicit-null -{% elif prefix_config.absolute.no_php_flag is vyos_defined %} - segment-routing prefix {{ prefix }} absolute {{ prefix_config.absolute.value }} no-php-flag -{% endif %} + segment-routing prefix {{ prefix }} absolute {{ prefix_config.absolute.value }} {{ 'explicit-null' if prefix_config.absolute.explicit_null is vyos_defined }} {{ 'no-php-flag' if prefix_config.absolute.no_php_flag is vyos_defined }} {% endif %} {% endif %} {% if prefix_config.index is vyos_defined %} {% if prefix_config.index.value is vyos_defined %} - segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} -{% if prefix_config.index.explicit_null is vyos_defined %} - segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} explicit-null -{% elif prefix_config.index.no_php_flag is vyos_defined %} - segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} no-php-flag -{% endif %} + segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} {{ 'explicit-null' if prefix_config.index.explicit_null is vyos_defined }} {{ 'no-php-flag' if prefix_config.index.no_php_flag is vyos_defined }} {% endif %} {% endif %} {% endfor %} diff --git a/data/templates/frr/ospfd.frr.j2 b/data/templates/frr/ospfd.frr.j2 index 9cd9b03dc..2a8afefbc 100644 --- a/data/templates/frr/ospfd.frr.j2 +++ b/data/templates/frr/ospfd.frr.j2 @@ -196,12 +196,7 @@ router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }} {% for prefix, prefix_config in segment_routing.prefix.items() %} {% if prefix_config.index is vyos_defined %} {% if prefix_config.index.value is vyos_defined %} - segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} -{% if prefix_config.index.explicit_null is vyos_defined %} - segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} explicit-null -{% elif prefix_config.index.no_php_flag is vyos_defined %} - segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} no-php-flag -{% endif %} + segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} {{ 'explicit-null' if prefix_config.index.explicit_null is vyos_defined }} {{ 'no-php-flag' if prefix_config.index.no_php_flag is vyos_defined }} {% endif %} {% endif %} {% endfor %} diff --git a/data/templates/login/pam_otp_ga.conf.j2 b/data/templates/login/pam_otp_ga.conf.j2 new file mode 100644 index 000000000..cf51ce089 --- /dev/null +++ b/data/templates/login/pam_otp_ga.conf.j2 @@ -0,0 +1,7 @@ +{% if authentication.otp.key is vyos_defined %} +{{ authentication.otp.key | upper }} +" RATE_LIMIT {{ authentication.otp.rate_limit }} {{ authentication.otp.rate_time }} +" WINDOW_SIZE {{ authentication.otp.window_size }} +" DISALLOW_REUSE +" TOTP_AUTH +{% endif %} diff --git a/data/templates/ssh/sshd_config.j2 b/data/templates/ssh/sshd_config.j2 index 79b07478b..5bbfdeb88 100644 --- a/data/templates/ssh/sshd_config.j2 +++ b/data/templates/ssh/sshd_config.j2 @@ -17,7 +17,6 @@ PubkeyAuthentication yes IgnoreRhosts yes HostbasedAuthentication no PermitEmptyPasswords no -ChallengeResponseAuthentication no X11Forwarding yes X11DisplayOffset 10 PrintMotd no @@ -30,6 +29,7 @@ PermitRootLogin no PidFile /run/sshd/sshd.pid AddressFamily any DebianBanner no +PasswordAuthentication no # # User configurable section @@ -48,7 +48,7 @@ Port {{ value }} LogLevel {{ loglevel | upper }} # Specifies whether password authentication is allowed -PasswordAuthentication {{ "no" if disable_password_authentication is vyos_defined else "yes" }} +ChallengeResponseAuthentication {{ "no" if disable_password_authentication is vyos_defined else "yes" }} {% if listen_address is vyos_defined %} # Specifies the local addresses sshd should listen on diff --git a/data/templates/telegraf/telegraf.j2 b/data/templates/telegraf/telegraf.j2 index 2d14230ae..36571ce98 100644 --- a/data/templates/telegraf/telegraf.j2 +++ b/data/templates/telegraf/telegraf.j2 @@ -110,7 +110,7 @@ server = "unixgram:///run/telegraf/telegraf_syslog.sock" best_effort = true syslog_standard = "RFC3164" -{% if influxdb_configured is vyos_defined %} +{% if influxdb is vyos_defined %} [[inputs.exec]] commands = [ "{{ custom_scripts_dir }}/show_firewall_input_filter.py", |