VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=syslog-typos-T6989 2025-02-17T19:51:03+00:00 2025-02-17T19:51:03+00:00 Indrajit Raychaudhuri irc@indrajit.com 2024-12-18T23:15:53+00:00 urn:sha1:caaa35b28df8b9ae26afd0e4b32c489aa90ca932 The helper script updates VyOS hostd records from DHCP server leases. This ensures that hostd records with the DHCP server leases are kept in sync with VyOS hostd records right after the DHCP server is started. Note that `Restart` directive needs to be updated to `on-failure` so that the service is restarted in case of failure/timeout in interaction with hostd service. 2025-02-03T06:16:07+00:00 Christian Breunig christian@breunig.cc 2025-01-13T18:36:41+00:00 urn:sha1:e143e496e28b9d6d5803278fa76a14bf2bc2304e 2025-01-17T04:40:08+00:00 Indrajit Raychaudhuri irc@indrajit.com 2025-01-17T03:37:44+00:00 urn:sha1:4c92ab9ff4ddf44f0d6a2bf4c7e724fc35629f0c Default systemd service for kea-ctrl-agent expects `/etc/kea/kea-api-password` which is not used in VyOS. The systemd unit override to remove the condition does not need to be in a separate (templated and dynamic) override file and can be merged into the existing static override file. 2024-05-12T08:36:34+00:00 Maxime THIEBAUT 46688461+0xThiebaut@users.noreply.github.com 2024-05-01T20:16:03+00:00 urn:sha1:549089a970e39d1ea09c10af5eaf8f696dd19d40 2024-04-01T19:26:16+00:00 Christian Breunig christian@breunig.cc 2024-04-01T18:40:16+00:00 urn:sha1:e5af1f0905991103b12302892e6f0070bbb7b770 Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. 2024-01-21T19:29:25+00:00 Indrajit Raychaudhuri irc@indrajit.com 2023-12-30T00:21:33+00:00 urn:sha1:1c1fb5fb4bd7c0d205b28caf90357ad56423464f Streamline configuration and operation of dns forwarding service in following ways: - Remove `dns_forwarding_reset.py` as its functionality is now covered by `dns.py` - Adjust function names in `dns.py` to disambiguate between DNS forwarding and dynamic DNS - Remove `dns_forwarding_restart.sh` as its functionality is inlined in `dns-forwarding.xml` - Templatize systemd override for `pdns-recursor.service` and move the generated override files in /run. This ensures that the override files are always generated afresh after boot - Simplify the systemd override file by removing the redundant overrides - Relocate configuration path for pdns-recursor to `/run/pdns-recursor` and utilize the `RuntimeDirectory` default that pdns-recursor expects - We do not need to use custom `--socket-dir` path anymore, the default path (viz., `/run/pdns-recursor` is fine) 2024-01-09T06:29:16+00:00 Christian Breunig christian@breunig.cc 2024-01-06T09:55:42+00:00 urn:sha1:d0d3071e99eb65edb888c26ef2fdc9e038438887 We have not seen the adoption of the https virtual-host CLI option. What it did? * Create multiple webservers each listening on a different IP/port (but in the same VRF) * All webservers shared one common document root * All webservers shared the same SSL certificates * All webservers could have had individual allow-client configurations * API could be enabled for a particular virtual-host but was always enabled on the default host This configuration tried to provide a full webserver via the CLI but VyOS is a router and the Webserver is there for an API or to serve files for a local-ui. Changes Remove support for virtual-hosts as it's an incomplete and thus mostly useless "thing". Migrate all allow-client statements to one top-level allow statement. 2024-01-06T07:33:33+00:00 Christian Breunig christian@breunig.cc 2024-01-05T21:27:45+00:00 urn:sha1:b8db1a9d7baf91b70c1b735e58710f1e2bc9fc7a The "idea" of this PR is to add new CLI nodes under the pki subsystem to activate ACME for any given certificate. vyos@vyos# set pki certificate NAME acme Possible completions: + domain-name Domain Name email Email address to associate with certificate listen-address Local IPv4 addresses to listen on rsa-key-size Size of the RSA key (default: 2048) url Remote URL (default: https://acme-v02.api.letsencrypt.org/directory) Users choose if the CLI based custom certificates are used set pki certificate EXAMPLE acme certificate <base64> or if it should be generated via ACME. The ACME server URL defaults to LetsEncrypt but can be changed to their staging API for testing to not get blacklisted. set pki certificate EXAMPLE acme url https://acme-staging-v02.api.letsencrypt.org/directory Certificate retrieval has a certbot --dry-run stage in verify() to see if it can be generated. After successful generation, the certificate is stored in under /config/auth/letsencrypt. Once a certificate is referenced in the CLI (e.g. set interfaces ethernet eth0 eapol certificate EXAMPLE) we call vyos.config.get_config_dict() which will (if with_pki=True is set) blend in the base64 encoded certificate into the JSON data structure normally used when using a certificate set by the CLI. Using this "design" does not need any change to any other code referencing the PKI system, as the base64 encoded certificate is already there. certbot renewal will call the PKI python script to trigger dependency updates. 2024-01-04T10:16:22+00:00 Date Huang tjjh89017@hotmail.com 2024-01-04T10:16:22+00:00 urn:sha1:6d16ab081b70bc4ea837b66dfe032ec6bdb563d7 Signed-off-by: Date Huang <tjjh89017@hotmail.com> 2023-12-07T23:29:38+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2022-12-16T10:41:33+00:00 urn:sha1:d95200e96763e4a7ed02577b1b177c84abb77838