summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/dhcp-client/dhcp6c-script.j231
-rw-r--r--data/templates/dhcp-client/ipv6.j22
-rw-r--r--data/templates/dhcp-client/override.conf.j23
-rw-r--r--data/templates/frr/bgpd.frr.j28
-rw-r--r--data/templates/high-availability/keepalived.conf.j24
-rw-r--r--data/templates/ipsec/swanctl/remote_access.j22
-rw-r--r--data/templates/ssh/override.conf.j214
7 files changed, 39 insertions, 25 deletions
diff --git a/data/templates/dhcp-client/dhcp6c-script.j2 b/data/templates/dhcp-client/dhcp6c-script.j2
new file mode 100644
index 000000000..14fb25cf6
--- /dev/null
+++ b/data/templates/dhcp-client/dhcp6c-script.j2
@@ -0,0 +1,31 @@
+#!/bin/sh
+# Update DNS information for DHCPv6 clients
+# should be used only if vyos-hostsd is running
+
+if /usr/bin/systemctl -q is-active vyos-hostsd; then
+ hostsd_client="/usr/bin/vyos-hostsd-client"
+ hostsd_changes=
+
+ if [ -n "$new_domain_name" ]; then
+ logmsg info "Deleting search domains with tag \"dhcpv6-{{ ifname }}\" via vyos-hostsd-client"
+ $hostsd_client --delete-search-domains --tag "dhcpv6-{{ ifname }}"
+ logmsg info "Adding domain name \"$new_domain_name\" as search domain with tag \"dhcpv6-{{ ifname }}\" via vyos-hostsd-client"
+ $hostsd_client --add-search-domains "$new_domain_name" --tag "dhcpv6-{{ ifname }}"
+ hostsd_changes=y
+ fi
+
+ if [ -n "$new_domain_name_servers" ]; then
+ logmsg info "Deleting nameservers with tag \"dhcpv6-{{ ifname }}\" via vyos-hostsd-client"
+ $hostsd_client --delete-name-servers --tag "dhcpv6-{{ ifname }}"
+ logmsg info "Adding nameservers \"$new_domain_name_servers\" with tag \"dhcpv6-{{ ifname }}\" via vyos-hostsd-client"
+ $hostsd_client --add-name-servers $new_domain_name_servers --tag "dhcpv6-{{ ifname }}"
+ hostsd_changes=y
+ fi
+
+ if [ $hostsd_changes ]; then
+ logmsg info "Applying changes via vyos-hostsd-client"
+ $hostsd_client --apply
+ else
+ logmsg info "No changes to apply via vyos-hostsd-client"
+ fi
+fi
diff --git a/data/templates/dhcp-client/ipv6.j2 b/data/templates/dhcp-client/ipv6.j2
index b5e55cdd1..311c856c8 100644
--- a/data/templates/dhcp-client/ipv6.j2
+++ b/data/templates/dhcp-client/ipv6.j2
@@ -23,6 +23,7 @@ interface {{ ifname }} {
send ia-pd {{ pd }}; # prefix delegation #{{ pd }}
{% endfor %}
{% endif %}
+ script "{{ dhcp6_script_file }}";
};
{% if address is vyos_defined and 'dhcpv6' in address %}
@@ -59,4 +60,3 @@ id-assoc pd {{ pd }} {
};
{% endfor %}
{% endif %}
-
diff --git a/data/templates/dhcp-client/override.conf.j2 b/data/templates/dhcp-client/override.conf.j2
index d09320270..c2e059c7b 100644
--- a/data/templates/dhcp-client/override.conf.j2
+++ b/data/templates/dhcp-client/override.conf.j2
@@ -3,9 +3,6 @@
{% set if_metric = '-e IF_METRIC=' ~ dhcp_options.default_route_distance if dhcp_options.default_route_distance is vyos_defined else '' %}
{% set dhclient_options = '-d -nw -cf ' ~ isc_dhclient_dir ~ '/dhclient_' ~ ifname ~ '.conf -pf ' ~ isc_dhclient_dir ~ '/dhclient_' ~ ifname ~ '.pid -lf ' ~ isc_dhclient_dir ~ '/dhclient_' ~ ifname ~ '.leases ' ~ if_metric %}
-[Unit]
-ConditionPathExists={{ isc_dhclient_dir }}/dhclient_%i.conf
-
[Service]
ExecStart=
ExecStart={{ vrf_command }}/sbin/dhclient -4 {{ dhclient_options }} {{ ifname }}
diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2
index e9422b257..e5bfad59d 100644
--- a/data/templates/frr/bgpd.frr.j2
+++ b/data/templates/frr/bgpd.frr.j2
@@ -290,10 +290,7 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% endif %}
{% if afi_config.aggregate_address is vyos_defined %}
{% for aggregate, aggregate_config in afi_config.aggregate_address.items() %}
- aggregate-address {{ aggregate }}{{ ' as-set' if aggregate_config.as_set is vyos_defined }}{{ ' summary-only' if aggregate_config.summary_only is vyos_defined }}
-{% if aggregate_config.route_map is vyos_defined %}
- aggregate-address {{ aggregate }} route-map {{ aggregate_config.route_map }}
-{% endif %}
+ aggregate-address {{ aggregate }} {{ 'as-set' if aggregate_config.as_set is vyos_defined }} {{ 'summary-only' if aggregate_config.summary_only is vyos_defined }} {{ 'route-map ' ~ aggregate_config.route_map if aggregate_config.route_map is vyos_defined }}
{% endfor %}
{% endif %}
{% if afi_config.maximum_paths.ebgp is vyos_defined %}
@@ -537,6 +534,9 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% if parameters.allow_martian_nexthop is vyos_defined %}
bgp allow-martian-nexthop
{% endif %}
+{% if parameters.disable_ebgp_connected_route_check is vyos_defined %}
+ bgp disable-ebgp-connected-route-check
+{% endif %}
{% if parameters.always_compare_med is vyos_defined %}
bgp always-compare-med
{% endif %}
diff --git a/data/templates/high-availability/keepalived.conf.j2 b/data/templates/high-availability/keepalived.conf.j2
index 240161748..c0d66ae54 100644
--- a/data/templates/high-availability/keepalived.conf.j2
+++ b/data/templates/high-availability/keepalived.conf.j2
@@ -138,8 +138,8 @@ vrrp_instance {{ name }} {
{% endif %}
{% if group_config.excluded_address is vyos_defined %}
virtual_ipaddress_excluded {
-{% for addr in group_config.excluded_address %}
- {{ addr }}
+{% for addr, addr_config in group_config.excluded_address.items() %}
+ {{ addr }}{{ ' dev ' + addr_config.interface if addr_config.interface is vyos_defined }}
{% endfor %}
}
{% endif %}
diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2
index bce8684fe..af7f2994e 100644
--- a/data/templates/ipsec/swanctl/remote_access.j2
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -4,7 +4,7 @@
{% set esp = esp_group[rw_conf.esp_group] %}
ra-{{ name }} {
remote_addrs = %any
- local_addrs = {{ rw_conf.local_address if rw_conf.local_address is vyos_defined else '%any' }}
+ local_addrs = {{ rw_conf.local_address if rw_conf.local_address is not vyos_defined('any') else '%any' }} # dhcp:{{ rw_conf.dhcp_interface if rw_conf.dhcp_interface is vyos_defined else 'no' }}
proposals = {{ ike_group[rw_conf.ike_group] | get_esp_ike_cipher | join(',') }}
version = {{ ike.key_exchange[4:] if ike.key_exchange is vyos_defined else "0" }}
send_certreq = no
diff --git a/data/templates/ssh/override.conf.j2 b/data/templates/ssh/override.conf.j2
deleted file mode 100644
index 4454ad1b8..000000000
--- a/data/templates/ssh/override.conf.j2
+++ /dev/null
@@ -1,14 +0,0 @@
-{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
-[Unit]
-StartLimitIntervalSec=0
-After=vyos-router.service
-ConditionPathExists={{ config_file }}
-
-[Service]
-EnvironmentFile=
-ExecStart=
-ExecStart={{ vrf_command }}/usr/sbin/sshd -f {{ config_file }}
-Restart=always
-RestartPreventExitStatus=
-RestartSec=10
-RuntimeDirectoryPreserve=yes
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-20 01:43:34 +0000