summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-05-01 19:13:45 +0200
committerChristian Poessinger <christian@poessinger.com>2022-05-01 19:13:45 +0200
commiteafe13ace604a3381a41d07c1d49c495680bf3d7 (patch)
treeffbbdcca419a070f9bbd04a95a32cc4080e9d64a
parente0f1e495b81c8b214a8e12678bf5c643b36567dd (diff)
downloadvyos-1x-eafe13ace604a3381a41d07c1d49c495680bf3d7.tar.gz
vyos-1x-eafe13ace604a3381a41d07c1d49c495680bf3d7.zip
webproxy: T4353: fix Jinja2 linting errors
-rw-r--r--data/templates/squid/sg_acl.conf.j2 (renamed from data/templates/squid/sg_acl.conf.tmpl)0
-rw-r--r--data/templates/squid/squid.conf.j2 (renamed from data/templates/squid/squid.conf.tmpl)38
-rw-r--r--data/templates/squid/squidGuard.conf.j2124
-rw-r--r--data/templates/squid/squidGuard.conf.tmpl124
-rwxr-xr-xsrc/conf_mode/service_webproxy.py6
5 files changed, 146 insertions, 146 deletions
diff --git a/data/templates/squid/sg_acl.conf.tmpl b/data/templates/squid/sg_acl.conf.j2
index ce72b173a..ce72b173a 100644
--- a/data/templates/squid/sg_acl.conf.tmpl
+++ b/data/templates/squid/sg_acl.conf.j2
diff --git a/data/templates/squid/squid.conf.tmpl b/data/templates/squid/squid.conf.j2
index e8627b022..a0fdeb20e 100644
--- a/data/templates/squid/squid.conf.tmpl
+++ b/data/templates/squid/squid.conf.j2
@@ -16,23 +16,23 @@ acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
{% if authentication is vyos_defined %}
-{% if authentication.children is vyos_defined %}
+{% if authentication.children is vyos_defined %}
auth_param basic children {{ authentication.children }}
-{% endif %}
-{% if authentication.credentials_ttl is vyos_defined %}
+{% endif %}
+{% if authentication.credentials_ttl is vyos_defined %}
auth_param basic credentialsttl {{ authentication.credentials_ttl }} minute
-{% endif %}
-{% if authentication.realm is vyos_defined %}
+{% endif %}
+{% if authentication.realm is vyos_defined %}
auth_param basic realm "{{ authentication.realm }}"
-{% endif %}
+{% endif %}
{# LDAP based Authentication #}
-{% if authentication.method is vyos_defined %}
-{% if authentication.ldap is vyos_defined and authentication.method is vyos_defined('ldap') %}
+{% if authentication.method is vyos_defined %}
+{% if authentication.ldap is vyos_defined and authentication.method is vyos_defined('ldap') %}
auth_param basic program /usr/lib/squid/basic_ldap_auth -v {{ authentication.ldap.version }} -b "{{ authentication.ldap.base_dn }}" {{ '-D "' ~ authentication.ldap.bind_dn ~ '"' if authentication.ldap.bind_dn is vyos_defined }} {{ '-w "' ~ authentication.ldap.password ~ '"' if authentication.ldap.password is vyos_defined }} {{ '-f "' ~ authentication.ldap.filter_expression ~ '"' if authentication.ldap.filter_expression is vyos_defined }} {{ '-u "' ~ authentication.ldap.username_attribute ~ '"' if authentication.ldap.username_attribute is vyos_defined }} -p {{ authentication.ldap.port }} {{ '-ZZ' if authentication.ldap.use_ssl is vyos_defined }} -R -h "{{ authentication.ldap.server }}"
-{% endif %}
+{% endif %}
acl auth proxy_auth REQUIRED
http_access allow auth
-{% endif %}
+{% endif %}
{% endif %}
http_access allow manager localhost
@@ -44,18 +44,18 @@ http_access allow net
http_access deny all
{% if reply_block_mime is vyos_defined %}
-{% for mime_type in reply_block_mime %}
+{% for mime_type in reply_block_mime %}
acl BLOCK_MIME rep_mime_type {{ mime_type }}
-{% endfor %}
+{% endfor %}
http_reply_access deny BLOCK_MIME
{% endif %}
{% if cache_size is vyos_defined %}
-{% if cache_size | int > 0 %}
+{% if cache_size | int > 0 %}
cache_dir ufs /var/spool/squid {{ cache_size }} 16 256
-{% else %}
+{% else %}
# disabling disk cache
-{% endif %}
+{% endif %}
{% endif %}
{% if mem_cache_size is vyos_defined %}
cache_mem {{ mem_cache_size }} MB
@@ -87,9 +87,9 @@ tcp_outgoing_address {{ outgoing_address }}
{% if listen_address is vyos_defined %}
-{% for address, config in listen_address.items() %}
+{% for address, config in listen_address.items() %}
http_port {{ address | bracketize_ipv6 }}:{{ config.port if config.port is vyos_defined else default_port }} {{ 'intercept' if config.disable_transparent is not vyos_defined }}
-{% endfor %}
+{% endfor %}
{% endif %}
http_port 127.0.0.1:{{ default_port }}
@@ -104,8 +104,8 @@ url_rewrite_bypass on
{% endif %}
{% if cache_peer is vyos_defined %}
-{% for peer, config in cache_peer.items() %}
+{% for peer, config in cache_peer.items() %}
cache_peer {{ config.address }} {{ config.type }} {{ config.http_port }} {{ config.icp_port }} {{ config.options }}
-{% endfor %}
+{% endfor %}
never_direct allow all
{% endif %}
diff --git a/data/templates/squid/squidGuard.conf.j2 b/data/templates/squid/squidGuard.conf.j2
new file mode 100644
index 000000000..1bc4c984f
--- /dev/null
+++ b/data/templates/squid/squidGuard.conf.j2
@@ -0,0 +1,124 @@
+### generated by service_webproxy.py ###
+
+{% macro sg_rule(category, log, db_dir) %}
+{% set expressions = db_dir + '/' + category + '/expressions' %}
+dest {{ category }}-default {
+ domainlist {{ category }}/domains
+ urllist {{ category }}/urls
+{% if expressions | is_file %}
+ expressionlist {{ category }}/expressions
+{% endif %}
+{% if log is vyos_defined %}
+ log blacklist.log
+{% endif %}
+}
+{% endmacro %}
+
+{% if url_filtering is vyos_defined and url_filtering.disable is not vyos_defined %}
+{% if url_filtering.squidguard is vyos_defined %}
+{% set sg_config = url_filtering.squidguard %}
+{% set acl = namespace(value='local-ok-default') %}
+{% set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %}
+dbhome {{ squidguard_db_dir }}
+logdir /var/log/squid
+
+rewrite safesearch {
+ s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i
+ s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
+ s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
+ s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i
+ s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i
+ s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i
+ log rewrite.log
+}
+
+{% if sg_config.local_ok is vyos_defined %}
+{% set acl.value = acl.value + ' local-ok-default' %}
+dest local-ok-default {
+ domainlist local-ok-default/domains
+}
+{% endif %}
+{% if sg_config.local_ok_url is vyos_defined %}
+{% set acl.value = acl.value + ' local-ok-url-default' %}
+dest local-ok-url-default {
+ urllist local-ok-url-default/urls
+}
+{% endif %}
+{% if sg_config.local_block is vyos_defined %}
+{% set acl.value = acl.value + ' !local-block-default' %}
+dest local-block-default {
+ domainlist local-block-default/domains
+}
+{% endif %}
+{% if sg_config.local_block_url is vyos_defined %}
+{% set acl.value = acl.value + ' !local-block-url-default' %}
+dest local-block-url-default {
+ urllist local-block-url-default/urls
+}
+{% endif %}
+{% if sg_config.local_block_keyword is vyos_defined %}
+{% set acl.value = acl.value + ' !local-block-keyword-default' %}
+dest local-block-keyword-default {
+ expressionlist local-block-keyword-default/expressions
+}
+{% endif %}
+
+{% if sg_config.block_category is vyos_defined %}
+{% for category in sg_config.block_category %}
+{{ sg_rule(category, sg_config.log, squidguard_db_dir) }}
+{% set acl.value = acl.value + ' !' + category + '-default' %}
+{% endfor %}
+{% endif %}
+{% if sg_config.allow_category is vyos_defined %}
+{% for category in sg_config.allow_category %}
+{{ sg_rule(category, False, squidguard_db_dir) }}
+{% set acl.value = acl.value + ' ' + category + '-default' %}
+{% endfor %}
+{% endif %}
+{% if sg_config.source_group is vyos_defined %}
+{% for sgroup, sg_config in sg_config.source_group.items() %}
+{% if sg_config.address is vyos_defined %}
+src {{ sgroup }} {
+{% for address in sg_config.address %}
+ ip {{ address }}
+{% endfor %}
+}
+
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if sg_config.rule is vyos_defined %}
+{% for rule, rule_config in sg_config.rule.items() %}
+{% for b_category in rule_config.block_category %}
+dest {{ b_category }} {
+ domainlist {{ b_category }}/domains
+ urllist {{ b_category }}/urls
+}
+{% endfor %}
+
+{% endfor %}
+{% endif %}
+acl {
+{% if sg_config.rule is vyos_defined %}
+{% for rule, rule_config in sg_config.rule.items() %}
+ {{ rule_config.source_group }} {
+{% for b_category in rule_config.block_category %}
+ pass local-ok-1 !in-addr !{{ b_category }} all
+{% endfor %}
+ }
+{% endfor %}
+{% endif %}
+
+ default {
+{% if sg_config.enable_safe_search is vyos_defined %}
+ rewrite safesearch
+{% endif %}
+ pass {{ acl.value }} {{ 'none' if sg_config.default_action is vyos_defined('block') else 'allow' }}
+ redirect 302:http://{{ sg_config.redirect_url }}
+{% if sg_config.log is vyos_defined %}
+ log blacklist.log
+{% endif %}
+ }
+}
+{% endif %}
+{% endif %}
diff --git a/data/templates/squid/squidGuard.conf.tmpl b/data/templates/squid/squidGuard.conf.tmpl
deleted file mode 100644
index 5e877f01f..000000000
--- a/data/templates/squid/squidGuard.conf.tmpl
+++ /dev/null
@@ -1,124 +0,0 @@
-### generated by service_webproxy.py ###
-
-{% macro sg_rule(category, log, db_dir) %}
-{% set expressions = db_dir + '/' + category + '/expressions' %}
-dest {{ category }}-default {
- domainlist {{ category }}/domains
- urllist {{ category }}/urls
-{% if expressions | is_file %}
- expressionlist {{ category }}/expressions
-{% endif %}
-{% if log is vyos_defined %}
- log blacklist.log
-{% endif %}
-}
-{% endmacro %}
-
-{% if url_filtering is vyos_defined and url_filtering.disable is not vyos_defined %}
-{% if url_filtering.squidguard is vyos_defined %}
-{% set sg_config = url_filtering.squidguard %}
-{% set acl = namespace(value='local-ok-default') %}
-{% set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %}
-dbhome {{ squidguard_db_dir }}
-logdir /var/log/squid
-
-rewrite safesearch {
- s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i
- s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
- s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
- s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i
- s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i
- s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i
- log rewrite.log
-}
-
-{% if sg_config.local_ok is vyos_defined %}
-{% set acl.value = acl.value + ' local-ok-default' %}
-dest local-ok-default {
- domainlist local-ok-default/domains
-}
-{% endif %}
-{% if sg_config.local_ok_url is vyos_defined %}
-{% set acl.value = acl.value + ' local-ok-url-default' %}
-dest local-ok-url-default {
- urllist local-ok-url-default/urls
-}
-{% endif %}
-{% if sg_config.local_block is vyos_defined %}
-{% set acl.value = acl.value + ' !local-block-default' %}
-dest local-block-default {
- domainlist local-block-default/domains
-}
-{% endif %}
-{% if sg_config.local_block_url is vyos_defined %}
-{% set acl.value = acl.value + ' !local-block-url-default' %}
-dest local-block-url-default {
- urllist local-block-url-default/urls
-}
-{% endif %}
-{% if sg_config.local_block_keyword is vyos_defined %}
-{% set acl.value = acl.value + ' !local-block-keyword-default' %}
-dest local-block-keyword-default {
- expressionlist local-block-keyword-default/expressions
-}
-{% endif %}
-
-{% if sg_config.block_category is vyos_defined %}
-{% for category in sg_config.block_category %}
-{{ sg_rule(category, sg_config.log, squidguard_db_dir) }}
-{% set acl.value = acl.value + ' !' + category + '-default' %}
-{% endfor %}
-{% endif %}
-{% if sg_config.allow_category is vyos_defined %}
-{% for category in sg_config.allow_category %}
-{{ sg_rule(category, False, squidguard_db_dir) }}
-{% set acl.value = acl.value + ' ' + category + '-default' %}
-{% endfor %}
-{% endif %}
-{% if sg_config.source_group is vyos_defined %}
-{% for sgroup, sg_config in sg_config.source_group.items() %}
-{% if sg_config.address is vyos_defined %}
-src {{ sgroup }} {
-{% for address in sg_config.address %}
- ip {{ address }}
-{% endfor %}
-}
-
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if sg_config.rule is vyos_defined %}
-{% for rule, rule_config in sg_config.rule.items() %}
-{% for b_category in rule_config.block_category%}
-dest {{ b_category }} {
- domainlist {{ b_category }}/domains
- urllist {{ b_category }}/urls
-}
-{% endfor %}
-
-{% endfor %}
-{% endif %}
-acl {
-{% if sg_config.rule is vyos_defined %}
-{% for rule, rule_config in sg_config.rule.items() %}
- {{ rule_config.source_group }} {
-{% for b_category in rule_config.block_category%}
- pass local-ok-1 !in-addr !{{ b_category }} all
-{% endfor %}
- }
-{% endfor %}
-{% endif %}
-
- default {
-{% if sg_config.enable_safe_search is vyos_defined %}
- rewrite safesearch
-{% endif %}
- pass {{ acl.value }} {{ 'none' if sg_config.default_action is vyos_defined('block') else 'allow' }}
- redirect 302:http://{{ sg_config.redirect_url }}
-{% if sg_config.log is vyos_defined %}
- log blacklist.log
-{% endif %}
- }
-}
-{% endif %}
-{% endif %}
diff --git a/src/conf_mode/service_webproxy.py b/src/conf_mode/service_webproxy.py
index a16cc4aeb..32af31bde 100755
--- a/src/conf_mode/service_webproxy.py
+++ b/src/conf_mode/service_webproxy.py
@@ -61,7 +61,7 @@ def generate_sg_localdb(category, list_type, role, proxy):
user=user_group, group=user_group)
# temporary config file, deleted after generation
- render(sg_tmp_file, 'squid/sg_acl.conf.tmpl', tmp,
+ render(sg_tmp_file, 'squid/sg_acl.conf.j2', tmp,
user=user_group, group=user_group)
call(f'su - {user_group} -c "squidGuard -d -c {sg_tmp_file} -C {db_file}"')
@@ -166,8 +166,8 @@ def generate(proxy):
if not proxy:
return None
- render(squid_config_file, 'squid/squid.conf.tmpl', proxy)
- render(squidguard_config_file, 'squid/squidGuard.conf.tmpl', proxy)
+ render(squid_config_file, 'squid/squid.conf.j2', proxy)
+ render(squidguard_config_file, 'squid/squidGuard.conf.j2', proxy)
cat_dict = {
'local-block' : 'domains',