vyos-1x.git - VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git)

Age	Commit message (Collapse)	Author
2023-11-20	PAM: T5577: Optimized RADIUS PAM config	zsdc
	- Added system `radius` group - Added `mandatory` and `optional` modes for RADIUS - Improved PAM config for RADIUS New modes: - `mandatory` - if RADIUS answered with `Access-Reject`, authentication must be stopped and access denied immediately. - `optional` (default) - if RADIUS answers with `Access-Reject`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if RADIUS clearly answered that access should be denied (no user in RADIUS database, wrong password, etc.). If RADIUS is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode.
2023-05-04	cloud-init: T5190: Added Cloud-init pre-configurator	zsdc
	Added a new service that starts before Cloud-init, waits for all network interfaces initialization, and if requested by config, checks which interfaces can get configuration via DHCP server and creates a corresponding Cloud-init network configuration. This protects from two situations: * when Cloud-init tries to get meta-data via eth0 (default and fallback variant for any data source which depends on network), but the real network is connected to another interface * when Cloud-init starts simultaneously with udev and initializes the first interface to get meta-data before it is renamed to eth0 by udev
2022-11-15	backport: T4815: Fix various name server config issues	Yuxiang Zhu
	This is a backport of https://github.com/vyos/vyos-1x/pull/1656. Note I also changed `ip-down.script.tmpl` to not wait for `systemctl stop dhcp6c@$iface.service`, because that command is slow and pppd will kill the ip-down script if it times out. I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch. Not sure if there is another mechanism to handle that functionality or it is missed.
2022-03-05	conntrackd: T4259: fix daemon configuration path	Christian Poessinger
	(cherry picked from commit aa8080d316dbeb4d26bf67f6d67efeda43b2bc07)
2020-12-28	webproxy: T563: squidguard: support default ruleset	Christian Poessinger

2020-06-11	dhcp(v6)-server: T2583: run as 'dhcpd' user	Jernej Jakob
	Add a 'dhcpd' system user that is a member of hostsd group and can connect to vyos-hostsd. Run dhcpd as this user.
2020-06-11	vyos-hostsd: T2583: add hostsd group	Jernej Jakob
	To better control access from other daemons that may not be running as root, create a new group 'hostsd' to which the other daemons running users can be added. Run vyos-hostsd as root:hostsd to create the socket file with correct user and group.
2020-04-26	salt: T2382: run as user minion	Christian Poessinger