From 01bdf2dfdb09bf9dd7ca4e7b49def302b2cd7c29 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 1 May 2022 20:42:45 +0200 Subject: openconnect: T4353: fix Jinja2 linting errors --- data/templates/ocserv/ocserv_config.j2 | 91 +++++++++++++++++++++++++++++++ data/templates/ocserv/ocserv_config.tmpl | 91 ------------------------------- data/templates/ocserv/ocserv_otp_usr.j2 | 8 +++ data/templates/ocserv/ocserv_otp_usr.tmpl | 8 --- data/templates/ocserv/ocserv_passwd.j2 | 8 +++ data/templates/ocserv/ocserv_passwd.tmpl | 8 --- data/templates/ocserv/radius_conf.j2 | 22 ++++++++ data/templates/ocserv/radius_conf.tmpl | 22 -------- data/templates/ocserv/radius_servers.j2 | 7 +++ data/templates/ocserv/radius_servers.tmpl | 7 --- 10 files changed, 136 insertions(+), 136 deletions(-) create mode 100644 data/templates/ocserv/ocserv_config.j2 delete mode 100644 data/templates/ocserv/ocserv_config.tmpl create mode 100644 data/templates/ocserv/ocserv_otp_usr.j2 delete mode 100644 data/templates/ocserv/ocserv_otp_usr.tmpl create mode 100644 data/templates/ocserv/ocserv_passwd.j2 delete mode 100644 data/templates/ocserv/ocserv_passwd.tmpl create mode 100644 data/templates/ocserv/radius_conf.j2 delete mode 100644 data/templates/ocserv/radius_conf.tmpl create mode 100644 data/templates/ocserv/radius_servers.j2 delete mode 100644 data/templates/ocserv/radius_servers.tmpl (limited to 'data/templates/ocserv') diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2 new file mode 100644 index 000000000..8418a2185 --- /dev/null +++ b/data/templates/ocserv/ocserv_config.j2 @@ -0,0 +1,91 @@ +### generated by vpn_openconnect.py ### + +tcp-port = {{ listen_ports.tcp }} +udp-port = {{ listen_ports.udp }} + +run-as-user = nobody +run-as-group = daemon + +{% if "radius" in authentication.mode %} +auth = "radius [config=/run/ocserv/radiusclient.conf]" +{% elif "local" in authentication.mode %} +{% if authentication.mode.local == "password-otp" %} +auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]" +{% elif authentication.mode.local == "otp" %} +auth = "plain[otp=/run/ocserv/users.oath]" +{% else %} +auth = "plain[/run/ocserv/ocpasswd]" +{% endif %} +{% else %} +auth = "plain[/run/ocserv/ocpasswd]" +{% endif %} + +{% if ssl.certificate is vyos_defined %} +server-cert = /run/ocserv/cert.pem +server-key = /run/ocserv/cert.key +{% if ssl.passphrase is vyos_defined %} +key-pin = {{ ssl.passphrase }} +{% endif %} +{% endif %} + +{% if ssl.ca_certificate is vyos_defined %} +ca-cert = /run/ocserv/ca.pem +{% endif %} + +socket-file = /run/ocserv/ocserv.socket +occtl-socket-file = /run/ocserv/occtl.socket +use-occtl = true +isolate-workers = true +keepalive = 300 +dpd = 60 +mobile-dpd = 300 +switch-to-tcp-timeout = 30 +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128" +auth-timeout = 240 +idle-timeout = 1200 +mobile-idle-timeout = 1800 +min-reauth-time = 3 +cookie-timeout = 300 +rekey-method = ssl +try-mtu-discovery = true +cisco-client-compat = true +dtls-legacy = true +max-ban-score = 80 +ban-reset-time = 300 + +# The name to use for the tun device +device = sslvpn + +# An alternative way of specifying the network: +{% if network_settings %} +# DNS settings +{% if network_settings.name_server is string %} +dns = {{ network_settings.name_server }} +{% else %} +{% for dns in network_settings.name_server %} +dns = {{ dns }} +{% endfor %} +{% endif %} +# IPv4 network pool +{% if network_settings.client_ip_settings %} +{% if network_settings.client_ip_settings.subnet %} +ipv4-network = {{ network_settings.client_ip_settings.subnet }} +{% endif %} +{% endif %} +# IPv6 network pool +{% if network_settings.client_ipv6_pool %} +{% if network_settings.client_ipv6_pool.prefix %} +ipv6-network = {{ network_settings.client_ipv6_pool.prefix }} +ipv6-subnet-prefix = {{ network_settings.client_ipv6_pool.mask }} +{% endif %} +{% endif %} +{% endif %} + +{% if network_settings.push_route is string %} +route = {{ network_settings.push_route }} +{% else %} +{% for route in network_settings.push_route %} +route = {{ route }} +{% endfor %} +{% endif %} + diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl deleted file mode 100644 index 05b85a610..000000000 --- a/data/templates/ocserv/ocserv_config.tmpl +++ /dev/null @@ -1,91 +0,0 @@ -### generated by vpn_openconnect.py ### - -tcp-port = {{ listen_ports.tcp }} -udp-port = {{ listen_ports.udp }} - -run-as-user = nobody -run-as-group = daemon - -{% if "radius" in authentication.mode %} -auth = "radius [config=/run/ocserv/radiusclient.conf]" -{% elif "local" in authentication.mode %} -{% if authentication.mode.local == "password-otp" %} -auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]" -{% elif authentication.mode.local == "otp" %} -auth = "plain[otp=/run/ocserv/users.oath]" -{% else %} -auth = "plain[/run/ocserv/ocpasswd]" -{% endif %} -{% else %} -auth = "plain[/run/ocserv/ocpasswd]" -{% endif %} - -{% if ssl.certificate is vyos_defined %} -server-cert = /run/ocserv/cert.pem -server-key = /run/ocserv/cert.key -{% if ssl.passphrase is vyos_defined %} -key-pin = {{ ssl.passphrase }} -{% endif %} -{% endif %} - -{% if ssl.ca_certificate is vyos_defined %} -ca-cert = /run/ocserv/ca.pem -{% endif %} - -socket-file = /run/ocserv/ocserv.socket -occtl-socket-file = /run/ocserv/occtl.socket -use-occtl = true -isolate-workers = true -keepalive = 300 -dpd = 60 -mobile-dpd = 300 -switch-to-tcp-timeout = 30 -tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128" -auth-timeout = 240 -idle-timeout = 1200 -mobile-idle-timeout = 1800 -min-reauth-time = 3 -cookie-timeout = 300 -rekey-method = ssl -try-mtu-discovery = true -cisco-client-compat = true -dtls-legacy = true -max-ban-score = 80 -ban-reset-time = 300 - -# The name to use for the tun device -device = sslvpn - -# An alternative way of specifying the network: -{% if network_settings %} -# DNS settings -{% if network_settings.name_server is string %} -dns = {{ network_settings.name_server }} -{% else %} -{% for dns in network_settings.name_server %} -dns = {{ dns }} -{% endfor %} -{% endif %} -# IPv4 network pool -{% if network_settings.client_ip_settings %} -{% if network_settings.client_ip_settings.subnet %} -ipv4-network = {{ network_settings.client_ip_settings.subnet }} -{% endif %} -{% endif %} -# IPv6 network pool -{% if network_settings.client_ipv6_pool %} -{% if network_settings.client_ipv6_pool.prefix %} -ipv6-network = {{ network_settings.client_ipv6_pool.prefix }} -ipv6-subnet-prefix = {{ network_settings.client_ipv6_pool.mask }} -{% endif %} -{% endif %} -{% endif %} - -{% if network_settings.push_route is string %} -route = {{ network_settings.push_route }} -{% else %} -{% for route in network_settings.push_route %} -route = {{ route }} -{% endfor %} -{% endif %} - diff --git a/data/templates/ocserv/ocserv_otp_usr.j2 b/data/templates/ocserv/ocserv_otp_usr.j2 new file mode 100644 index 000000000..b2511ed94 --- /dev/null +++ b/data/templates/ocserv/ocserv_otp_usr.j2 @@ -0,0 +1,8 @@ +#