From 5ec208ed9ee060f7c1a7707dc2369c83657196e8 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 1 May 2022 20:46:44 +0200 Subject: http: api: T4353: fix Jinja2 linting errors --- data/templates/https/nginx.default.j2 | 56 +++++++++++++++++++++++ data/templates/https/nginx.default.tmpl | 59 ------------------------- data/templates/https/override.conf.j2 | 15 +++++++ data/templates/https/override.conf.tmpl | 15 ------- data/templates/https/vyos-http-api.service.j2 | 22 +++++++++ data/templates/https/vyos-http-api.service.tmpl | 22 --------- 6 files changed, 93 insertions(+), 96 deletions(-) create mode 100644 data/templates/https/nginx.default.j2 delete mode 100644 data/templates/https/nginx.default.tmpl create mode 100644 data/templates/https/override.conf.j2 delete mode 100644 data/templates/https/override.conf.tmpl create mode 100644 data/templates/https/vyos-http-api.service.j2 delete mode 100644 data/templates/https/vyos-http-api.service.tmpl (limited to 'data/templates/https') diff --git a/data/templates/https/nginx.default.j2 b/data/templates/https/nginx.default.j2 new file mode 100644 index 000000000..70e62ae7a --- /dev/null +++ b/data/templates/https/nginx.default.j2 @@ -0,0 +1,56 @@ +### Autogenerated by https.py ### +# Default server configuration + +{% for server in server_block_list %} +server { + # SSL configuration + # +{% if server.address == '*' %} + listen {{ server.port }} ssl; + listen [::]:{{ server.port }} ssl; +{% else %} + listen {{ server.address | bracketize_ipv6 }}:{{ server.port }} ssl; +{% endif %} + +{% for name in server.name %} + server_name {{ name }}; +{% endfor %} + +{% if server.certbot %} + ssl_certificate {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/fullchain.pem; + ssl_certificate_key {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/privkey.pem; + include {{ server.certbot_dir }}/options-ssl-nginx.conf; + ssl_dhparam {{ server.certbot_dir }}/ssl-dhparams.pem; +{% elif server.vyos_cert %} + ssl_certificate {{ server.vyos_cert.crt }}; + ssl_certificate_key {{ server.vyos_cert.key }}; +{% else %} + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + include snippets/snakeoil.conf; +{% endif %} + ssl_protocols TLSv1.2 TLSv1.3; + + # proxy settings for HTTP API, if enabled; 503, if not + location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) { +{% if server.api %} +{% if server.api.socket %} + proxy_pass http://unix:/run/api.sock; +{% else %} + proxy_pass http://localhost:{{ server.api.port }}; +{% endif %} + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 600; + proxy_buffering off; +{% else %} + return 503; +{% endif %} + } + + error_page 497 =301 https://$host:{{ server.port }}$request_uri; +} + +{% endfor %} diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl deleted file mode 100644 index a51505270..000000000 --- a/data/templates/https/nginx.default.tmpl +++ /dev/null @@ -1,59 +0,0 @@ -### Autogenerated by https.py ### -# Default server configuration -# - -{% for server in server_block_list %} -server { - - # SSL configuration - # -{% if server.address == '*' %} - listen {{ server.port }} ssl; - listen [::]:{{ server.port }} ssl; -{% else %} - listen {{ server.address | bracketize_ipv6 }}:{{ server.port }} ssl; -{% endif %} - -{% for name in server.name %} - server_name {{ name }}; -{% endfor %} - -{% if server.certbot %} - ssl_certificate {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/fullchain.pem; - ssl_certificate_key {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/privkey.pem; - include {{ server.certbot_dir }}/options-ssl-nginx.conf; - ssl_dhparam {{ server.certbot_dir }}/ssl-dhparams.pem; -{% elif server.vyos_cert %} - ssl_certificate {{ server.vyos_cert.crt }}; - ssl_certificate_key {{ server.vyos_cert.key }}; -{% else %} - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - include snippets/snakeoil.conf; -{% endif %} - ssl_protocols TLSv1.2 TLSv1.3; - - # proxy settings for HTTP API, if enabled; 503, if not - location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) { -{% if server.api %} -{% if server.api.socket %} - proxy_pass http://unix:/run/api.sock; -{% else %} - proxy_pass http://localhost:{{ server.api.port }}; -{% endif %} - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 600; - proxy_buffering off; -{% else %} - return 503; -{% endif %} - } - - error_page 497 =301 https://$host:{{ server.port }}$request_uri; - -} - -{% endfor %} diff --git a/data/templates/https/override.conf.j2 b/data/templates/https/override.conf.j2 new file mode 100644 index 000000000..c2c191b06 --- /dev/null +++ b/data/templates/https/override.conf.j2 @@ -0,0 +1,15 @@ +{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} +[Unit] +StartLimitIntervalSec=0 +After=vyos-router.service + +[Service] +ExecStartPre= +ExecStartPre={{ vrf_command }}/usr/sbin/nginx -t -q -g 'daemon on; master_process on;' +ExecStart= +ExecStart={{ vrf_command }}/usr/sbin/nginx -g 'daemon on; master_process on;' +ExecReload= +ExecReload={{ vrf_command }}/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload +Restart=always +RestartPreventExitStatus= +RestartSec=10 diff --git a/data/templates/https/override.conf.tmpl b/data/templates/https/override.conf.tmpl deleted file mode 100644 index c2c191b06..000000000 --- a/data/templates/https/override.conf.tmpl +++ /dev/null @@ -1,15 +0,0 @@ -{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} -[Unit] -StartLimitIntervalSec=0 -After=vyos-router.service - -[Service] -ExecStartPre= -ExecStartPre={{ vrf_command }}/usr/sbin/nginx -t -q -g 'daemon on; master_process on;' -ExecStart= -ExecStart={{ vrf_command }}/usr/sbin/nginx -g 'daemon on; master_process on;' -ExecReload= -ExecReload={{ vrf_command }}/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload -Restart=always -RestartPreventExitStatus= -RestartSec=10 diff --git a/data/templates/https/vyos-http-api.service.j2 b/data/templates/https/vyos-http-api.service.j2 new file mode 100644 index 000000000..fb424e06c --- /dev/null +++ b/data/templates/https/vyos-http-api.service.j2 @@ -0,0 +1,22 @@ +{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} +[Unit] +Description=VyOS HTTP API service +After=vyos-router.service +Requires=vyos-router.service + +[Service] +ExecStart={{ vrf_command }}/usr/libexec/vyos/services/vyos-http-api-server +Type=idle + +SyslogIdentifier=vyos-http-api +SyslogFacility=daemon + +Restart=on-failure + +# Does't work but leave it here +User=root +Group=vyattacfg + +[Install] +WantedBy=vyos.target + diff --git a/data/templates/https/vyos-http-api.service.tmpl b/data/templates/https/vyos-http-api.service.tmpl deleted file mode 100644 index fb424e06c..000000000 --- a/data/templates/https/vyos-http-api.service.tmpl +++ /dev/null @@ -1,22 +0,0 @@ -{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} -[Unit] -Description=VyOS HTTP API service -After=vyos-router.service -Requires=vyos-router.service - -[Service] -ExecStart={{ vrf_command }}/usr/libexec/vyos/services/vyos-http-api-server -Type=idle - -SyslogIdentifier=vyos-http-api -SyslogFacility=daemon - -Restart=on-failure - -# Does't work but leave it here -User=root -Group=vyattacfg - -[Install] -WantedBy=vyos.target - -- cgit v1.2.3