summaryrefslogtreecommitdiff
path: root/src/systemd
AgeCommit message (Collapse)Author
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }
2022-01-30Merge pull request #789 from jack9603301/T3420Daniil Baturin
upnpd: T3420: Support UPNP protocol
2022-01-03keepalived: T4128: add missing keepalived.service fileChristian Poessinger
2021-12-30dhclient: T4121: Fixed resolv.conf generation at early boot stagezsdc
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils.
2021-12-26http: api: T4055: add VRF supportChristian Poessinger
2021-12-01http-api: T3440: simplify vyos-http-api initializationJohn Estabrook
2021-11-29Merge pull request #1076 from DmitriyEshenko/current-22112021-01Christian Poessinger
tftp: T4012: Add TFTP VRF support
2021-11-23tftp: T4012: Add TFTP VRF supportDmitriyEshenko
2021-11-19filesystem: T3946: partition resize as a serviceAndrii
2021-11-13upnpd: T3420: Implement featuresjack9603301
2021-10-04T3889: Revert "dhcpv6-pd: T421: disable wide dhcpv6 client debug messages"Christian Poessinger
This reverts commit 6b48900358ce9b01eaa78e3a086e95a26064f0df.
2021-09-14dhcpv6-pd: T421: disable wide dhcpv6 client debug messagesChristian Poessinger
2021-08-21nhrp: T3599: move PID file to /run/opennhrpChristian Poessinger
2021-07-29dhcp-server: T2432: Run dhcpd in group vyattacfg to allow recreate lease filesDmitriyEshenko
2021-06-24systemd: lcdproc: T3641: override upstream filesChristian Poessinger
Debian Bullseye ships an upstream version of lcdproc.service which infact will start LCDd instead of the lcdproc client. Divert the Debian Upstream service file and use the ones provided by vyos-1x.
2021-06-24Revert "T3641: lcdproc.service is now shipped in lcdproc package"Christian Poessinger
This reverts commit a4bb1b77ff415700e00df3768915fdc176f779d1.
2021-06-20T3641: lcdproc.service is now shipped in lcdproc packageChristian Poessinger
2021-06-06nhrp: T3599: Migrate NHRP to XML/Pythonsarthurdev
2021-03-26http api: T3412: use FastAPI as web framework; support application/jsonJohn Estabrook
Replace the Flask micro-framework with FastAPI, in order to support extensions to the API and OpenAPI 3.* generation. This change will remain backwards compatible with previous versions. Notably, the multipart forms version of requests remain supported; in addition application/json requests are now natively supported.
2021-02-21console-server: T2490: do not use cli-shell-api in systemd unitChristian Poessinger
(cherry picked from commit d5804b19d3ffecdd4fe6bd89d50ac84dabb549fd)
2021-01-24nptv6: T2515: Modify the field order of ndppdjack9603301
2021-01-23nptv6: T2518: Optimized implementationjack9603301
2021-01-23nptv6: T2518: Initial support for nat66 (NPT)jack9603301
2021-01-23console-server: T2490: dropbear can restart as long as necessaryChristian Poessinger
Lift the default daemon startup rate-limit when launching the dropbear service used by SSH connections to the console port.
2020-12-28ddns: T3151: update scripts to work with Bullseye upstream versionChristian Poessinger
2020-11-29dhcpv6-relay: T3095: improve verify()Christian Poessinger
- Upstream interfaces require a DHCPv6 server to be configured - Listen interface must have a a global unicast address assigned, else ISC dhcrelay won't start.
2020-11-29dhcpv6-relay: T3095: migrate service to get_config_dict()Christian Poessinger
2020-11-29smoketest: dhcp-relay: T3095: initial testsChristian Poessinger
2020-08-31configd: T2582: add config daemon and supporting filesJohn Estabrook
2020-08-18lcd: T2564: add support for Lanner, Watchguard, Symantec boxesChristian Poessinger
2020-08-15lcd: T2564: flatten CLI interfaceChristian Poessinger
* set system lcd device <device> * set system lcd model <modeml> Both device and model have completion helpers for supported interfaces and LCD displays.
2020-08-12Merge branch 'system-display' of https://github.com/fmertz/vyos-1x into ↵Christian Poessinger
t2564-lcd * 'system-display' of https://github.com/fmertz/vyos-1x: system display: T2564: Added test model system display: T2564: Dictionary code update system display: T2564: Conf files to /run system display: T2564: Changed "duration" to "time" system display: T2564: py code cleanup system display: T2564: Replace "config (enabled|disabled)" with "display disabled" system display: T2564: Lowercase model names system display: T2564 Extend VyOS to support appliance LCDs
2020-08-04cleanup: convert multiple files from DOS to UNIX line endingChristian Poessinger
2020-07-05system display: T2564: Conf files to /runfmertz
* src/conf_mode/system-display.py conf files to /run + src/systemd/LCDd@.service lo - src/systemd/lcdproc.service + src/systemd/lcdproc@.service lo
2020-07-05system display: T2564 Extend VyOS to support appliance LCDsfmertz
Added support for system LCDs under CLI system display +data/templates/system-display/LCDd.conf.tmpl template for LCDd server configuration file +data/templates/system-display/lcdproc.conf.tmpl template for lcdproc client configuration file +interface-definitions/system-display.xml.in CLI for system display +src/conf_mode/system-display.py processing code for system display +src/systemd/lcdproc.service systemd service definition file for lcdproc client CLI: system display model (SDEC|EZIO) system display config (enabled|disabled) system display show host (cpu|cpu-all|cpu-hist|disk|load-hist|memory|proc|uptime) network interface <intName> alias <alias> units (bps|Bps|pps) clock (big|mini|date-time) title <name> system display duration <s> system display hello <string> system display bye <string>
2020-06-22Merge pull request #452 from jjakob/T2486-dns-hostsd-fixesDaniil Baturin
T2486: DNS, vyos-hostsd fixes
2020-06-19dhcpv6-pd: T421: fix unknown lvalue 'StartLimitIntervalSec' warningChristian Poessinger
StartLimitIntervalSec is part of the [Unit] definition and not the [Service] definition [1]. This caused the following warning message: systemd[1]: /lib/systemd/system/dhcp6c@.service:12: Unknown lvalue 'StartLimitIntervalSec' in section 'Service', ignoring This error has been introduced via commit 992d356 ("dhcpv6-pd: T421: workaround for non existing interfaces"). [1]: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
2020-06-19console-server: T2490: add SSH support for direct device accessChristian Poessinger
2020-06-18console-server: T2490: rename CLI to console-serverChristian Poessinger
2020-06-18console-server: T2490: add SSH supportChristian Poessinger
A user can define a port under the SSH node per device. WHen connecting to that port and authenticating using regular credentials we will immediately drop to the serial console. This is the same as executing "connect serial-proxy <name>".
2020-06-18console-server: T2490: replace ser2net with conserverChristian Poessinger
2020-06-18console-server: T2490: initial supportChristian Poessinger
2020-06-11dhcp(v6)-server: T2583: run as 'dhcpd' userJernej Jakob
Add a 'dhcpd' system user that is a member of hostsd group and can connect to vyos-hostsd. Run dhcpd as this user.
2020-06-11vyos-hostsd: T2583: add hostsd groupJernej Jakob
To better control access from other daemons that may not be running as root, create a new group 'hostsd' to which the other daemons running users can be added. Run vyos-hostsd as root:hostsd to create the socket file with correct user and group.
2020-06-11vyos-hostsd: T2583: update systemd serviceJernej Jakob
- set RuntimeDirectory to vyos-hostsd - set RuntimeDirectoryPreserve in order to not delete the state file between service restarts (/run will be deleted across reboots as it's on a tmpfs but the state doesn't need to be saved across reboots anyway) - set WorkingDirectory to /run/vyos-hostsd
2020-06-05dhcpv6-pd: T421: workaround for non existing interfacesChristian Poessinger
When DHCPv6-PD is configured to delegate a prefix to a non existing interface, it is restarted (systemd default) but will then hit the restart rate-limit which disables the service entirely. As VyOS currently has no "hook" to be called once an interface goes online we need this "try and error" approach until there is a way to deal with it. This behavior can be reproduced when delegating an IPv6 prefix to a bridge interface as a bridge interface will always be started after all interfaces have been configured. We will now restart dhcp6c as long as the requested interface is online.
2020-05-21macsec: T2023: delete wpa_supplicant config when interface is removedChristian Poessinger
2020-05-21macsec: T2023: cleanup wpa_supplicant config file nameChristian Poessinger
2020-05-21macsec: T2023: use wpa_supplicant for key managementChristian Poessinger
2020-05-17pppoe: dhcpv6-pd: T421: change system type to forkingChristian Poessinger
Wide dhcp client forks by itself