summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/templates/frr/isisd.frr.j214
-rw-r--r--data/templates/frr/ospfd.frr.j27
-rw-r--r--data/templates/login/pam_otp_ga.conf.j27
-rw-r--r--data/templates/ssh/sshd_config.j24
-rw-r--r--data/templates/telegraf/telegraf.j22
5 files changed, 13 insertions, 21 deletions
diff --git a/data/templates/frr/isisd.frr.j2 b/data/templates/frr/isisd.frr.j2
index 194dbcb07..8df1e9513 100644
--- a/data/templates/frr/isisd.frr.j2
+++ b/data/templates/frr/isisd.frr.j2
@@ -121,22 +121,12 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is vyos_defined }}
{% for prefix, prefix_config in segment_routing.prefix.items() %}
{% if prefix_config.absolute is vyos_defined %}
{% if prefix_config.absolute.value is vyos_defined %}
- segment-routing prefix {{ prefix }} absolute {{ prefix_config.absolute.value }}
-{% if prefix_config.absolute.explicit_null is vyos_defined %}
- segment-routing prefix {{ prefix }} absolute {{ prefix_config.absolute.value }} explicit-null
-{% elif prefix_config.absolute.no_php_flag is vyos_defined %}
- segment-routing prefix {{ prefix }} absolute {{ prefix_config.absolute.value }} no-php-flag
-{% endif %}
+ segment-routing prefix {{ prefix }} absolute {{ prefix_config.absolute.value }} {{ 'explicit-null' if prefix_config.absolute.explicit_null is vyos_defined }} {{ 'no-php-flag' if prefix_config.absolute.no_php_flag is vyos_defined }}
{% endif %}
{% endif %}
{% if prefix_config.index is vyos_defined %}
{% if prefix_config.index.value is vyos_defined %}
- segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }}
-{% if prefix_config.index.explicit_null is vyos_defined %}
- segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} explicit-null
-{% elif prefix_config.index.no_php_flag is vyos_defined %}
- segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} no-php-flag
-{% endif %}
+ segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} {{ 'explicit-null' if prefix_config.index.explicit_null is vyos_defined }} {{ 'no-php-flag' if prefix_config.index.no_php_flag is vyos_defined }}
{% endif %}
{% endif %}
{% endfor %}
diff --git a/data/templates/frr/ospfd.frr.j2 b/data/templates/frr/ospfd.frr.j2
index 9cd9b03dc..2a8afefbc 100644
--- a/data/templates/frr/ospfd.frr.j2
+++ b/data/templates/frr/ospfd.frr.j2
@@ -196,12 +196,7 @@ router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% for prefix, prefix_config in segment_routing.prefix.items() %}
{% if prefix_config.index is vyos_defined %}
{% if prefix_config.index.value is vyos_defined %}
- segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }}
-{% if prefix_config.index.explicit_null is vyos_defined %}
- segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} explicit-null
-{% elif prefix_config.index.no_php_flag is vyos_defined %}
- segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} no-php-flag
-{% endif %}
+ segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} {{ 'explicit-null' if prefix_config.index.explicit_null is vyos_defined }} {{ 'no-php-flag' if prefix_config.index.no_php_flag is vyos_defined }}
{% endif %}
{% endif %}
{% endfor %}
diff --git a/data/templates/login/pam_otp_ga.conf.j2 b/data/templates/login/pam_otp_ga.conf.j2
new file mode 100644
index 000000000..cf51ce089
--- /dev/null
+++ b/data/templates/login/pam_otp_ga.conf.j2
@@ -0,0 +1,7 @@
+{% if authentication.otp.key is vyos_defined %}
+{{ authentication.otp.key | upper }}
+" RATE_LIMIT {{ authentication.otp.rate_limit }} {{ authentication.otp.rate_time }}
+" WINDOW_SIZE {{ authentication.otp.window_size }}
+" DISALLOW_REUSE
+" TOTP_AUTH
+{% endif %}
diff --git a/data/templates/ssh/sshd_config.j2 b/data/templates/ssh/sshd_config.j2
index 79b07478b..5bbfdeb88 100644
--- a/data/templates/ssh/sshd_config.j2
+++ b/data/templates/ssh/sshd_config.j2
@@ -17,7 +17,6 @@ PubkeyAuthentication yes
IgnoreRhosts yes
HostbasedAuthentication no
PermitEmptyPasswords no
-ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
@@ -30,6 +29,7 @@ PermitRootLogin no
PidFile /run/sshd/sshd.pid
AddressFamily any
DebianBanner no
+PasswordAuthentication no
#
# User configurable section
@@ -48,7 +48,7 @@ Port {{ value }}
LogLevel {{ loglevel | upper }}
# Specifies whether password authentication is allowed
-PasswordAuthentication {{ "no" if disable_password_authentication is vyos_defined else "yes" }}
+ChallengeResponseAuthentication {{ "no" if disable_password_authentication is vyos_defined else "yes" }}
{% if listen_address is vyos_defined %}
# Specifies the local addresses sshd should listen on
diff --git a/data/templates/telegraf/telegraf.j2 b/data/templates/telegraf/telegraf.j2
index 2d14230ae..36571ce98 100644
--- a/data/templates/telegraf/telegraf.j2
+++ b/data/templates/telegraf/telegraf.j2
@@ -110,7 +110,7 @@
server = "unixgram:///run/telegraf/telegraf_syslog.sock"
best_effort = true
syslog_standard = "RFC3164"
-{% if influxdb_configured is vyos_defined %}
+{% if influxdb is vyos_defined %}
[[inputs.exec]]
commands = [
"{{ custom_scripts_dir }}/show_firewall_input_filter.py",