diff options
26 files changed, 178 insertions, 195 deletions
diff --git a/data/templates/accel-ppp/chap-secrets.config_dict.tmpl b/data/templates/accel-ppp/chap-secrets.config_dict.tmpl index da64b64d5..d4e8bb2aa 100644 --- a/data/templates/accel-ppp/chap-secrets.config_dict.tmpl +++ b/data/templates/accel-ppp/chap-secrets.config_dict.tmpl @@ -1,12 +1,10 @@ # username server password acceptable local IP addresses shaper -{% if authentication is defined and authentication.local_users is defined and authentication.local_users.username is defined %} -{% for user, user_config in authentication.local_users.username.items() %} -{% if user_config.disabled is not defined %} -{% if user_config.rate_limit is defined %} +{% if authentication.local_users.username is vyos_defined %} +{% for user, user_config in authentication.local_users.username.items() if user_config.disabled is not vyos_defined %} +{% if user_config.rate_limit is vyos_defined %} {{ "%-12s" | format(user) }} * {{ "%-16s" | format(user_config.password) }} {{ "%-16s" | format(user_config.static_ip) }} {{ user_config.rate_limit.download }}/{{ user_config.rate_limit.upload }} -{% else %} +{% else %} {{ "%-12s" | format(user) }} * {{ "%-16s" | format(user_config.password) }} {{ "%-16s" | format(user_config.static_ip) }} -{% endif %} {% endif %} {% endfor %} {% endif %} diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2 index 49af3a228..1b28dbe46 100644 --- a/data/templates/accel-ppp/config_chap_secrets_radius.j2 +++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2 @@ -1,33 +1,33 @@ -{% if authentication.mode is defined and authentication.mode == 'local' %} +{% if authentication.mode is vyos_defined('local') %} [chap-secrets] chap-secrets={{ chap_secrets_file }} -{% elif authentication.mode is defined and authentication.mode == 'radius' %} +{% elif authentication.mode is vyos_defined('radius') %} [radius] verbose=1 -{% for server, options in authentication.radius.server.items() if not options.disable is defined %} +{% for server, options in authentication.radius.server.items() if not options.disable is vyos_defined %} server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }} {% endfor %} -{% if authentication.radius.acct_interim_jitter is defined and authentication.radius.acct_interim_jitter is not none %} +{% if authentication.radius.acct_interim_jitter is vyos_defined %} acct-interim-jitter={{ authentication.radius.acct_interim_jitter }} {% endif %} acct-timeout={{ authentication.radius.acct_timeout }} timeout={{ authentication.radius.timeout }} max-try={{ authentication.radius.max_try }} -{% if authentication.radius.nas_identifier is defined and authentication.radius.nas_identifier is not none %} +{% if authentication.radius.nas_identifier is vyos_defined %} nas-identifier={{ authentication.radius.nas_identifier }} {% endif %} -{% if authentication.radius.nas_ip_address is defined and authentication.radius.nas_ip_address is not none %} +{% if authentication.radius.nas_ip_address is vyos_defined %} nas-ip-address={{ authentication.radius.nas_ip_address }} {% endif %} -{% if authentication.radius.source_address is defined and authentication.radius.source_address is not none %} +{% if authentication.radius.source_address is vyos_defined %} bind={{ authentication.radius.source_address }} {% endif %} -{% if authentication.radius.dynamic_author.server is defined and authentication.radius.dynamic_author.server is not none %} +{% if authentication.radius.dynamic_author.server is vyos_defined %} dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }} {% endif %} {% endif %} {# Both chap-secrets and radius block required the gw-ip-address #} -{% if gateway_address is defined and gateway_address is not none %} +{% if gateway_address is vyos_defined %} gw-ip-address={{ gateway_address }} {% endif %} diff --git a/data/templates/accel-ppp/config_ip_pool.j2 b/data/templates/accel-ppp/config_ip_pool.j2 index 3b0f68084..ec1c77112 100644 --- a/data/templates/accel-ppp/config_ip_pool.j2 +++ b/data/templates/accel-ppp/config_ip_pool.j2 @@ -1,12 +1,12 @@ -{% if client_ip_pool is defined and client_ip_pool is not none %} +{% if client_ip_pool is vyos_defined %} [ip-pool] -{% if gateway_address is defined and gateway_address is not none %} +{% if gateway_address is vyos_defined %} gw-ip-address={{ gateway_address }} {% endif %} -{% if client_ip_pool.start is defined and client_ip_pool.stop is defined and client_ip_pool.start is not none and client_ip_pool.stop is not none %} +{% if client_ip_pool.start is vyos_defined and client_ip_pool.stop is vyos_defined %} {{ client_ip_pool.start }}-{{ client_ip_pool.stop.split('.')[3] }} {% endif %} -{% if client_ip_pool.subnet is defined and client_ip_pool.subnet is not none %} +{% if client_ip_pool.subnet is vyos_defined %} {% for subnet in client_ip_pool.subnet %} {{ subnet }} {% endfor %} diff --git a/data/templates/accel-ppp/config_ipv6_pool.j2 b/data/templates/accel-ppp/config_ipv6_pool.j2 index f45bf9442..99a930fb2 100644 --- a/data/templates/accel-ppp/config_ipv6_pool.j2 +++ b/data/templates/accel-ppp/config_ipv6_pool.j2 @@ -1,19 +1,19 @@ -{% if client_ipv6_pool is defined and client_ipv6_pool is not none %} +{% if client_ipv6_pool is vyos_defined %} [ipv6-nd] AdvAutonomousFlag=1 -{% if client_ipv6_pool.prefix is defined and client_ipv6_pool.prefix is not none %} +{% if client_ipv6_pool.prefix is vyos_defined %} [ipv6-pool] {% for prefix, options in client_ipv6_pool.prefix.items() %} {{ prefix }},{{ options.mask }} {% endfor %} -{% if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %} +{% if client_ipv6_pool.delegate is vyos_defined %} {% for prefix, options in client_ipv6_pool.delegate.items() %} delegate={{ prefix }},{{ options.delegation_prefix }} {% endfor %} {% endif %} {% endif %} -{% if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %} +{% if client_ipv6_pool.delegate is vyos_defined %} [ipv6-dhcp] verbose=1 {% endif %} diff --git a/data/templates/accel-ppp/config_modules_auth_mode.j2 b/data/templates/accel-ppp/config_modules_auth_mode.j2 index e3d578b38..3fb8a011f 100644 --- a/data/templates/accel-ppp/config_modules_auth_mode.j2 +++ b/data/templates/accel-ppp/config_modules_auth_mode.j2 @@ -1,5 +1,5 @@ -{% if authentication is defined and authentication.mode is defined and authentication.mode == 'local' %} +{% if authentication.mode is vyos_defined('local') %} chap-secrets -{% elif authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %} +{% elif authentication.mode is vyos_defined('radius') %} radius {% endif %} diff --git a/data/templates/accel-ppp/config_modules_ipv6.j2 b/data/templates/accel-ppp/config_modules_ipv6.j2 index 02740ce7c..6174779a5 100644 --- a/data/templates/accel-ppp/config_modules_ipv6.j2 +++ b/data/templates/accel-ppp/config_modules_ipv6.j2 @@ -1,4 +1,4 @@ -{% if ppp_options.ipv6 is defined and ppp_options.ipv6 != 'deny' %} +{% if ppp_options.ipv6 is vyos_defined and ppp_options.ipv6 is not vyos_defined('deny') %} ipv6pool ipv6_nd ipv6_dhcp diff --git a/data/templates/accel-ppp/config_name_server.j2 b/data/templates/accel-ppp/config_name_server.j2 index 2bf064f92..4b4b5fb68 100644 --- a/data/templates/accel-ppp/config_name_server.j2 +++ b/data/templates/accel-ppp/config_name_server.j2 @@ -1,11 +1,11 @@ -{% if name_server_ipv4 is defined and name_server_ipv4 is not none %} +{% if name_server_ipv4 is vyos_defined %} [dns] {% for ns in name_server_ipv4 %} dns{{ loop.index }}={{ ns }} {% endfor %} {% endif %} -{% if name_server_ipv6 is defined and name_server_ipv6 is not none %} +{% if name_server_ipv6 is vyos_defined %} [ipv6-dns] {% for ns in name_server_ipv6 %} {{ ns }} diff --git a/data/templates/accel-ppp/config_shaper_radius.j2 b/data/templates/accel-ppp/config_shaper_radius.j2 index 8de5f5df3..cf8b4871b 100644 --- a/data/templates/accel-ppp/config_shaper_radius.j2 +++ b/data/templates/accel-ppp/config_shaper_radius.j2 @@ -1,9 +1,9 @@ -{% if authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %} -{% if authentication is defined and authentication.radius is defined and authentication.radius.rate_limit is defined and authentication.radius.rate_limit.enable is defined %} +{% if authentication.mode is vyos_defined('radius') %} +{% if authentication.radius.rate_limit.enable is vyos_defined %} [shaper] verbose=1 attr={{ authentication.radius.rate_limit.attribute }} -{% if authentication.radius.rate_limit.vendor is defined and authentication.radius.rate_limit.vendor is not none %} +{% if authentication.radius.rate_limit.vendor is vyos_defined %} vendor={{ authentication.radius.rate_limit.vendor }} {% endif %} {% endif %} diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl index 0a8e0079b..81b98cc81 100644 --- a/data/templates/accel-ppp/pppoe.config.tmpl +++ b/data/templates/accel-ppp/pppoe.config.tmpl @@ -11,13 +11,13 @@ ippool {# Common authentication protocols (pap, chap ...) #} {% include 'accel-ppp/config_modules_auth_protocols.j2' %} -{% if snmp is defined %} +{% if snmp is vyos_defined %} net-snmp {% endif %} -{% if limits is defined %} +{% if limits is vyos_defined %} connlimit {% endif %} -{% if extended_scripts is defined %} +{% if extended_scripts is vyos_defined %} sigchld pppd_compat {% endif %} @@ -30,7 +30,7 @@ syslog=accel-pppoe,daemon copy=1 level=5 -{% if snmp is defined and snmp.master_agent is defined %} +{% if snmp.master_agent is vyos_defined %} [snmp] master=1 {% endif %} @@ -47,7 +47,7 @@ disable {# Common DNS name-server definition #} {% include 'accel-ppp/config_name_server.j2' %} -{% if wins_server is defined and wins_server is not none %} +{% if wins_server is vyos_defined %} [wins] {% for server in wins_server %} wins{{ loop.index }}={{ server }} @@ -57,7 +57,7 @@ wins{{ loop.index }}={{ server }} {# Common chap-secrets and RADIUS server/option definitions #} {% include 'accel-ppp/config_chap_secrets_radius.j2' %} -{% if session_control is defined and session_control != 'disable' %} +{% if session_control is vyos_defined and session_control is not vyos_defined('disable') %} [common] single-session={{ session_control }} {% endif %} @@ -65,37 +65,37 @@ single-session={{ session_control }} [ppp] verbose=1 check-ip=1 -ccp={{ "1" if ppp_options.ccp is defined else "0" }} -unit-preallocate={{ "1" if authentication.radius.preallocate_vif is defined else "0" }} -{% if ppp_options.min_mtu is defined and ppp_options.min_mtu is not none %} +ccp={{ "1" if ppp_options.ccp is vyos_defined else "0" }} +unit-preallocate={{ "1" if authentication.radius.preallocate_vif is vyos_defined else "0" }} +{% if ppp_options.min_mtu is vyos_defined %} min-mtu={{ ppp_options.min_mtu }} {% else %} min-mtu={{ mtu }} {% endif %} -{% if ppp_options.mru is defined and ppp_options.mru is not none %} +{% if ppp_options.mru is vyos_defined %} mru={{ ppp_options.mru }} {% endif %} mppe={{ ppp_options.mppe }} lcp-echo-interval={{ ppp_options.lcp_echo_interval }} lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }} lcp-echo-failure={{ ppp_options.lcp_echo_failure }} -{% if ppp_options.ipv4 is defined and ppp_options.ipv4 is not none %} +{% if ppp_options.ipv4 is vyos_defined %} ipv4={{ ppp_options.ipv4 }} {% endif %} {# IPv6 #} -{% if ppp_options.ipv6 is defined and ppp_options.ipv6 is not none %} +{% if ppp_options.ipv6 is vyos_defined %} ipv6={{ ppp_options.ipv6 }} -{% if ppp_options.ipv6_intf_id is defined and ppp_options.ipv6_intf_id is not none %} +{% if ppp_options.ipv6_intf_id is vyos_defined %} ipv6-intf-id={{ ppp_options.ipv6_intf_id }} {% endif %} -{% if ppp_options.ipv6_peer_intf_id is defined and ppp_options.ipv6_peer_intf_id is not none %} +{% if ppp_options.ipv6_peer_intf_id is vyos_defined %} ipv6-peer-intf-id={{ ppp_options.ipv6_peer_intf_id }} {% endif %} -ipv6-accept-peer-intf-id={{ "1" if ppp_options.ipv6_accept_peer_intf_id is defined else "0" }} +ipv6-accept-peer-intf-id={{ "1" if ppp_options.ipv6_accept_peer_intf_id is vyos_defined else "0" }} {% endif %} {# MTU #} mtu={{ mtu }} -{% if ppp_options.interface_cache is defined and ppp_options.interface_cache is not none %} +{% if ppp_options.interface_cache is vyos_defined %} unit-cache={{ ppp_options.interface_cache }} {% endif %} @@ -103,18 +103,18 @@ unit-cache={{ ppp_options.interface_cache }} verbose=1 ac-name={{ access_concentrator }} -{% if interface is defined and interface is not none %} +{% if interface is vyos_defined %} {% for iface, iface_config in interface.items() %} -{% if iface_config.vlan_id is not defined and iface_config.vlan_range is not defined %} +{% if iface_config.vlan_id is not vyos_defined and iface_config.vlan_range is not vyos_defined %} interface={{ iface }} {% endif %} -{% if iface_config.vlan_range is defined %} +{% if iface_config.vlan_range is vyos_defined %} {% for regex in iface_config.regex %} interface=re:^{{ iface | replace('.', '\\.') }}\.({{ regex }})$ {% endfor %} vlan-mon={{ iface }},{{ iface_config.vlan_range | join(',') }} {% endif %} -{% if iface_config.vlan_id is defined %} +{% if iface_config.vlan_id is vyos_defined %} {% for vlan in iface_config.vlan_id %} vlan-mon={{ iface }},{{ vlan }} interface=re:^{{ iface | replace('.', '\\.') }}\.{{ vlan }}$ @@ -138,19 +138,19 @@ service-name={{ service_name | join(',') }} {% endfor %} pado-delay={{ pado_delay_param.value }} {% endif %} -{% if authentication.radius.called_sid_format is defined and authentication.radius.called_sid_format is not none %} +{% if authentication.radius.called_sid_format is vyos_defined %} called-sid={{ authentication.radius.called_sid_format }} {% endif %} -{% if limits is defined %} +{% if limits is vyos_defined %} [connlimit] -{% if limits.connection_limit is defined and limits.connection_limit is not none %} +{% if limits.connection_limit is vyos_defined %} limit={{ limits.connection_limit }} {% endif %} -{% if limits.burst is defined and limits.burst %} +{% if limits.burst is vyos_defined %} burst={{ limits.burst }} {% endif %} -{% if limits.timeout is defined and limits.timeout is not none %} +{% if limits.timeout is vyos_defined %} timeout={{ limits.timeout }} {% endif %} {% endif %} @@ -158,7 +158,7 @@ timeout={{ limits.timeout }} {# Common RADIUS shaper configuration #} {% include 'accel-ppp/config_shaper_radius.j2' %} -{% if extended_scripts is defined %} +{% if extended_scripts is vyos_defined %} [pppd-compat] verbose=1 radattr-prefix=/run/accel-pppd/radattr diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl index 8fd7d230d..5c6f19306 100644 --- a/data/templates/accel-ppp/sstp.config.tmpl +++ b/data/templates/accel-ppp/sstp.config.tmpl @@ -50,7 +50,7 @@ verbose=1 check-ip=1 {# MTU #} mtu={{ mtu }} -ipv6={{ 'allow' if ppp_options.ipv6 == "deny" and client_ipv6_pool is defined else ppp_options.ipv6 }} +ipv6={{ 'allow' if ppp_options.ipv6 is vyos_defined("deny") and client_ipv6_pool is vyos_defined else ppp_options.ipv6 }} ipv4={{ ppp_options.ipv4 }} mppe={{ ppp_options.mppe }} diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl index 73ab88aae..a51505270 100644 --- a/data/templates/https/nginx.default.tmpl +++ b/data/templates/https/nginx.default.tmpl @@ -4,52 +4,56 @@ {% for server in server_block_list %} server { + # SSL configuration # -{% if server.address is vyos_defined('*') %} +{% if server.address == '*' %} listen {{ server.port }} ssl; listen [::]:{{ server.port }} ssl; -{% else %} +{% else %} listen {{ server.address | bracketize_ipv6 }}:{{ server.port }} ssl; -{% endif %} +{% endif %} -{% for name in server.name %} +{% for name in server.name %} server_name {{ name }}; -{% endfor %} +{% endfor %} -{% if server.certbot is vyos_defined %} +{% if server.certbot %} ssl_certificate {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/fullchain.pem; ssl_certificate_key {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/privkey.pem; include {{ server.certbot_dir }}/options-ssl-nginx.conf; ssl_dhparam {{ server.certbot_dir }}/ssl-dhparams.pem; -{% elif server.vyos_cert is vyos_defined %} +{% elif server.vyos_cert %} ssl_certificate {{ server.vyos_cert.crt }}; ssl_certificate_key {{ server.vyos_cert.key }}; -{% else %} +{% else %} # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # include snippets/snakeoil.conf; -{% endif %} +{% endif %} ssl_protocols TLSv1.2 TLSv1.3; # proxy settings for HTTP API, if enabled; 503, if not location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) { -{% if server.api is vyos_defined %} -{% if server.api.socket is vyos_defined %} +{% if server.api %} +{% if server.api.socket %} proxy_pass http://unix:/run/api.sock; -{% else %} +{% else %} proxy_pass http://localhost:{{ server.api.port }}; -{% endif %} +{% endif %} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 600; proxy_buffering off; -{% else %} +{% else %} return 503; -{% endif %} +{% endif %} } + error_page 497 =301 https://$host:{{ server.port }}$request_uri; + } + {% endfor %} diff --git a/data/templates/https/override.conf.tmpl b/data/templates/https/override.conf.tmpl index 1760a5ff3..824b1ba3b 100644 --- a/data/templates/https/override.conf.tmpl +++ b/data/templates/https/override.conf.tmpl @@ -1,4 +1,4 @@ -{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} +{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} [Unit] StartLimitIntervalSec=0 After=vyos-router.service diff --git a/data/templates/https/vyos-http-api.service.tmpl b/data/templates/https/vyos-http-api.service.tmpl index fb424e06c..15bd80d65 100644 --- a/data/templates/https/vyos-http-api.service.tmpl +++ b/data/templates/https/vyos-http-api.service.tmpl @@ -1,11 +1,11 @@ -{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} +{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} [Unit] Description=VyOS HTTP API service After=vyos-router.service Requires=vyos-router.service [Service] -ExecStart={{ vrf_command }}/usr/libexec/vyos/services/vyos-http-api-server +ExecStart={{vrf_command}}/usr/libexec/vyos/services/vyos-http-api-server Type=idle SyslogIdentifier=vyos-http-api diff --git a/data/templates/pppoe/peer.tmpl b/data/templates/pppoe/peer.tmpl index 928ed1238..d6d63debf 100644 --- a/data/templates/pppoe/peer.tmpl +++ b/data/templates/pppoe/peer.tmpl @@ -1,5 +1,5 @@ ### Autogenerated by interfaces-pppoe.py ### -{{ '# ' ~ description if description is defined else '' }} +{{ '# ' ~ description if description is vyos_defined else '' }} # Require peer to provide the local IP address if it is not # specified explicitly in the config file. @@ -35,10 +35,10 @@ noproxyarp maxfail 0 plugin rp-pppoe.so {{ source_interface }} -{% if access_concentrator is defined and access_concentrator is not none %} +{% if access_concentrator is vyos_defined %} rp_pppoe_ac '{{ access_concentrator }}' {% endif %} -{% if service_name is defined and service_name is not none %} +{% if service_name is vyos_defined %} rp_pppoe_service '{{ service_name }}' {% endif %} @@ -49,34 +49,34 @@ debug mtu {{ mtu }} mru {{ mtu }} -{% if authentication is defined %} -{{ 'user "' + authentication.user + '"' if authentication.user is defined }} -{{ 'password "' + authentication.password + '"' if authentication.password is defined }} +{% if authentication is vyos_defined %} +{{ 'user "' + authentication.user + '"' if authentication.user is vyos_defined }} +{{ 'password "' + authentication.password + '"' if authentication.password is vyos_defined }} {% endif %} -{{ "usepeerdns" if no_peer_dns is not defined }} +{{ "usepeerdns" if no_peer_dns is not vyos_defined }} -{% if ipv6 is defined %} -+ipv6 {{ 'ipv6cp-use-ipaddr' if ipv6.address is defined and ipv6.address.autoconf is defined }} +{% if ipv6 is vyos_defined %} ++ipv6 {{ 'ipv6cp-use-ipaddr' if ipv6.address.autoconf is vyos_defined }} {% else %} noipv6 {% endif %} -{% if connect_on_demand is defined %} +{% if connect_on_demand is vyos_defined %} demand # See T2249. PPP default route options should only be set when in on-demand # mode. As soon as we are not in on-demand mode the default-route handling is # passed to the ip-up.d/ip-down.s scripts which is required for VRF support. {% if 'auto' in default_route %} defaultroute -{{ 'defaultroute6' if ipv6 is defined }} +{{ 'defaultroute6' if ipv6 is vyos_defined }} {% elif 'force' in default_route %} defaultroute replacedefaultroute -{{ 'defaultroute6' if ipv6 is defined }} +{{ 'defaultroute6' if ipv6 is vyos_defined }} {% endif %} {% else %} nodefaultroute noreplacedefaultroute -{{ 'nodefaultroute6' if ipv6 is defined }} +{{ 'nodefaultroute6' if ipv6 is vyos_defined }} {% endif %} diff --git a/data/templates/router-advert/radvd.conf.tmpl b/data/templates/router-advert/radvd.conf.tmpl index 88d066491..b40ba1ee0 100644 --- a/data/templates/router-advert/radvd.conf.tmpl +++ b/data/templates/router-advert/radvd.conf.tmpl @@ -1,63 +1,63 @@ ### Autogenerated by service_router-advert.py ### -{% if interface is defined and interface is not none %} +{% if interface is vyos_defined %} {% for iface, iface_config in interface.items() %} interface {{ iface }} { IgnoreIfMissing on; -{% if iface_config.default_preference is defined and iface_config.default_preference is not none %} +{% if iface_config.default_preference is vyos_defined %} AdvDefaultPreference {{ iface_config.default_preference }}; {% endif %} -{% if iface_config.managed_flag is defined and iface_config.managed_flag is not none %} - AdvManagedFlag {{ 'on' if iface_config.managed_flag is defined else 'off' }}; +{% if iface_config.managed_flag is vyos_defined %} + AdvManagedFlag {{ 'on' if iface_config.managed_flag is vyos_defined else 'off' }}; {% endif %} -{% if iface_config.interval.max is defined and iface_config.interval.max is not none %} +{% if iface_config.interval.max is vyos_defined %} MaxRtrAdvInterval {{ iface_config.interval.max }}; {% endif %} -{% if iface_config.interval.min is defined and iface_config.interval.min is not none %} +{% if iface_config.interval.min is vyos_defined %} MinRtrAdvInterval {{ iface_config.interval.min }}; {% endif %} -{% if iface_config.reachable_time is defined and iface_config.reachable_time is not none %} +{% if iface_config.reachable_time is vyos_defined %} AdvReachableTime {{ iface_config.reachable_time }}; {% endif %} - AdvIntervalOpt {{ 'off' if iface_config.no_send_advert is defined else 'on' }}; - AdvSendAdvert {{ 'off' if iface_config.no_send_advert is defined else 'on' }}; -{% if iface_config.default_lifetime is defined %} + AdvIntervalOpt {{ 'off' if iface_config.no_send_advert is vyos_defined else 'on' }}; + AdvSendAdvert {{ 'off' if iface_config.no_send_advert is vyos_defined else 'on' }}; +{% if iface_config.default_lifetime is vyos_defined %} AdvDefaultLifetime {{ iface_config.default_lifetime }}; {% endif %} -{% if iface_config.link_mtu is defined %} +{% if iface_config.link_mtu is vyos_defined %} AdvLinkMTU {{ iface_config.link_mtu }}; {% endif %} - AdvOtherConfigFlag {{ 'on' if iface_config.other_config_flag is defined else 'off' }}; + AdvOtherConfigFlag {{ 'on' if iface_config.other_config_flag is vyos_defined else 'off' }}; AdvRetransTimer {{ iface_config.retrans_timer }}; AdvCurHopLimit {{ iface_config.hop_limit }}; -{% if iface_config.route is defined %} +{% if iface_config.route is vyos_defined %} {% for route, route_options in iface_config.route.items() %} route {{ route }} { -{% if route_options.valid_lifetime is defined %} +{% if route_options.valid_lifetime is vyos_defined %} AdvRouteLifetime {{ route_options.valid_lifetime }}; {% endif %} -{% if route_options.route_preference is defined %} +{% if route_options.route_preference is vyos_defined %} AdvRoutePreference {{ route_options.route_preference }}; {% endif %} - RemoveRoute {{ 'off' if route_options.no_remove_route is defined else 'on' }}; + RemoveRoute {{ 'off' if route_options.no_remove_route is vyos_defined else 'on' }}; }; {% endfor %} {% endif %} -{% if iface_config.prefix is defined and iface_config.prefix is not none %} +{% if iface_config.prefix is vyos_defined %} {% for prefix, prefix_options in iface_config.prefix.items() %} prefix {{ prefix }} { - AdvAutonomous {{ 'off' if prefix_options.no_autonomous_flag is defined else 'on' }}; + AdvAutonomous {{ 'off' if prefix_options.no_autonomous_flag is vyos_defined else 'on' }}; AdvValidLifetime {{ prefix_options.valid_lifetime }}; - AdvOnLink {{ 'off' if prefix_options.no_on_link_flag is defined else 'on' }}; + AdvOnLink {{ 'off' if prefix_options.no_on_link_flag is vyos_defined else 'on' }}; AdvPreferredLifetime {{ prefix_options.preferred_lifetime }}; }; {% endfor %} {% endif %} -{% if iface_config.name_server is defined %} +{% if iface_config.name_server is vyos_defined %} RDNSS {{ iface_config.name_server | join(" ") }} { }; {% endif %} -{% if iface_config.dnssl is defined %} +{% if iface_config.dnssl is vyos_defined %} DNSSL {{ iface_config.dnssl | join(" ") }} { }; {% endif %} diff --git a/data/templates/snmp/etc.snmp.conf.tmpl b/data/templates/snmp/etc.snmp.conf.tmpl index f7d9a3c17..8012cf6bb 100644 --- a/data/templates/snmp/etc.snmp.conf.tmpl +++ b/data/templates/snmp/etc.snmp.conf.tmpl @@ -1,4 +1,4 @@ ### Autogenerated by snmp.py ### -{% if trap_source is defined and trap_source is not none %} +{% if trap_source is vyos_defined %} clientaddr {{ trap_source }} {% endif %} diff --git a/data/templates/snmp/etc.snmpd.conf.tmpl b/data/templates/snmp/etc.snmpd.conf.tmpl index befea0122..510b35097 100644 --- a/data/templates/snmp/etc.snmpd.conf.tmpl +++ b/data/templates/snmp/etc.snmpd.conf.tmpl @@ -33,14 +33,14 @@ interface_replace_old yes # Default system description is VyOS version sysDescr VyOS {{ version }} -{% if description is defined and description is not none %} +{% if description is vyos_defined %} # Description SysDescr {{ description }} {% endif %} # Listen {% set options = [] %} -{% if listen_address is defined and listen_address is not none %} +{% if listen_address is vyos_defined %} {% for address, address_options in listen_address.items() %} {% if address | is_ipv6 %} {% set protocol = protocol ~ '6' %} @@ -49,16 +49,14 @@ SysDescr {{ description }} {% endfor %} {% else %} {% set _ = options.append(protocol ~ ':161') %} -{% if ipv6_disabled is not defined %} -{% set _ = options.append(protocol ~ '6:161') %} -{% endif %} +{% set _ = options.append(protocol ~ '6:161') %} {% endif %} -agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is defined and options is not none }} +agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }} # SNMP communities -{% if community is defined and community is not none %} +{% if community is vyos_defined %} {% for comm, comm_config in community.items() %} -{% if comm_config.client is defined and comm_config.client is not none %} +{% if comm_config.client is vyos_defined %} {% for client in comm_config.client %} {% if client | is_ipv4 %} {{ comm_config.authorization }}community {{ comm }} {{ client }} @@ -67,7 +65,7 @@ agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is de {% endif %} {% endfor %} {% endif %} -{% if comm_config.network is defined and comm_config.network is not none %} +{% if comm_config.network is vyos_defined %} {% for network in comm_config.network %} {% if network | is_ipv4 %} {{ comm_config.authorization }}community {{ comm }} {{ network }} @@ -76,44 +74,44 @@ agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is de {% endif %} {% endfor %} {% endif %} -{% if comm_config.client is not defined and comm_config.network is not defined %} +{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} {{ comm_config.authorization }}community {{ comm }} {% endif %} {% endfor %} {% endif %} -{% if contact is defined and contact is not none %} +{% if contact is vyos_defined %} # system contact information SysContact {{ contact }} {% endif %} -{% if location is defined and location is not none %} +{% if location is vyos_defined %} # system location information SysLocation {{ location }} {% endif %} -{% if smux_peer is defined and smux_peer is not none %} +{% if smux_peer is vyos_defined %} # additional smux peers {% for peer in smux_peer %} smuxpeer {{ peer }} {% endfor %} {% endif %} -{% if trap_target is defined and trap_target is not none %} +{% if trap_target is vyos_defined %} # if there is a problem - tell someone! {% for trap, trap_config in trap_target.items() %} trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }} {% endfor %} {% endif %} -{% if v3 is defined and v3 is not none %} +{% if v3 is vyos_defined %} # # SNMPv3 stuff goes here # -{% if v3.view is defined and v3.view is not none %} +{% if v3.view is vyos_defined %} # views {% for view, view_config in v3.view.items() %} -{% if view_config.oid is defined and view_config.oid is not none %} +{% if view_config.oid is vyos_defined %} {% for oid in view_config.oid %} view {{ view }} included .{{ oid }} {% endfor %} @@ -122,7 +120,7 @@ view {{ view }} included .{{ oid }} {% endif %} # access -{% if v3.group is defined and v3.group is not none %} +{% if v3.group is vyos_defined %} # context sec.model sec.level match read write notif {% for group, group_config in v3.group.items() %} access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {% if group_config.mode == 'ro' %}none{% else %}{{ group_config.view }}{% endif %} none @@ -130,30 +128,30 @@ access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view {% endif %} # trap-target -{% if v3.trap_target is defined and v3.trap_target is not none %} +{% if v3.trap_target is vyos_defined %} {% for trap, trap_config in v3.trap_target.items() %} {% set options = '' %} {% if trap_config.type == 'inform' %} {% set options = options ~ ' -Ci' %} {% endif %} -{% if v3.engineid is defined and v3.engineid is not none %} +{% if v3.engineid is vyos_defined %} {% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %} {% endif %} -{% if trap_config.user is defined and trap_config.user is not none %} +{% if trap_config.user is vyos_defined %} {% set options = options ~ ' -u ' ~ trap_config.user %} {% endif %} -{% if trap_config.auth is defined and trap_config.auth.plaintext_password is defined or trap_config.auth.encrypted_password is defined %} +{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %} {% set options = options ~ ' -a ' ~ trap_config.auth.type %} -{% if trap_config.auth.plaintext_password is defined and trap_config.auth.plaintext_password is not none %} +{% if trap_config.auth.plaintext_password is vyos_defined %} {% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %} -{% elif trap_config.auth.encrypted_password is defined and trap_config.auth.encrypted_password is not none %} +{% elif trap_config.auth.encrypted_password is vyos_defined %} {% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %} {% endif %} -{% if trap_config.privacy is defined and trap_config.privacy.plaintext_password is defined or trap_config.privacy.encrypted_password is defined %} +{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %} {% set options = options ~ ' -x ' ~ trap_config.privacy.type %} -{% if trap_config.privacy.plaintext_password is defined and trap_config.privacy.plaintext_password is not none %} +{% if trap_config.privacy.plaintext_password is vyos_defined %} {% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %} -{% elif trap_config.privacy.encrypted_password is defined and trap_config.privacy.encrypted_password is not none %} +{% elif trap_config.privacy.encrypted_password is vyos_defined %} {% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %} {% endif %} {% set options = options ~ ' -l authPriv' %} @@ -168,7 +166,7 @@ trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config {% endif %} # group -{% if v3.user is defined and v3.user is not none %} +{% if v3.user is vyos_defined %} {% for user, user_config in v3.user.items() %} group {{ user_config.group }} usm {{ user }} {% endfor %} @@ -176,7 +174,7 @@ group {{ user_config.group }} usm {{ user }} {# SNMPv3 end #} {% endif %} -{% if script_extensions is defined and script_extensions.extension_name is defined and script_extensions.extension_name is not none %} +{% if script_extensions.extension_name is vyos_defined %} # extension scripts {% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %} extend {{ script }} {{ script_config.script }} diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.tmpl index 3b00aab83..5d787de86 100644 --- a/data/templates/snmp/override.conf.tmpl +++ b/data/templates/snmp/override.conf.tmpl @@ -1,5 +1,5 @@ -{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} -{% set oid_route_table = ' ' if oid_enable is defined and oid_enable == 'route-table' else '-I -ipCidrRouteTable,inetCidrRouteTable' %} +{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} +{% set oid_route_table = ' ' if oid_enable is vyos_defined('route-table') else '-I -ipCidrRouteTable,inetCidrRouteTable' %} [Unit] StartLimitIntervalSec=0 After=vyos-router.service @@ -8,7 +8,7 @@ After=vyos-router.service Environment= Environment="MIBDIRS=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/vyos/mibs" ExecStart= -ExecStart={{vrf_command}}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp {{oid_route_table}} -f -p /run/snmpd.pid +ExecStart={{ vrf_command }}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp {{ oid_route_table }} -f -p /run/snmpd.pid Restart=always RestartSec=10 diff --git a/data/templates/snmp/usr.snmpd.conf.tmpl b/data/templates/snmp/usr.snmpd.conf.tmpl index 1c688a61e..a46b3997f 100644 --- a/data/templates/snmp/usr.snmpd.conf.tmpl +++ b/data/templates/snmp/usr.snmpd.conf.tmpl @@ -1,5 +1,5 @@ ### Autogenerated by snmp.py ### -{% if v3 is defined and v3.user is defined and v3.user is not none %} +{% if v3.user is vyos_defined %} {% for user, user_config in v3.user.items() %} {{ user_config.mode }}user {{ user }} {% endfor %} diff --git a/data/templates/snmp/var.snmpd.conf.tmpl b/data/templates/snmp/var.snmpd.conf.tmpl index 5871a8234..16d39db89 100644 --- a/data/templates/snmp/var.snmpd.conf.tmpl +++ b/data/templates/snmp/var.snmpd.conf.tmpl @@ -1,7 +1,7 @@ ### Autogenerated by snmp.py ### # user -{% if v3 is defined and v3 is not none %} -{% if v3.user is defined and v3.user is not none %} +{% if v3 is vyos_defined %} +{% if v3.user is vyos_defined %} {% for user, user_config in v3.user.items() %} usmUser 1 3 0x{{ v3.engineid }} "{{ user }}" "{{ user }}" NULL {{ user_config.auth.type | snmp_auth_oid }} 0x{{ user_config.auth.encrypted_password }} {{ user_config.privacy.type | snmp_auth_oid }} 0x{{ user_config.privacy.encrypted_password }} 0x {% endfor %} @@ -10,7 +10,7 @@ usmUser 1 3 0x{{ v3.engineid }} "{{ user }}" "{{ user }}" NULL {{ user_config.au # VyOS default user createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES -{% if v3.engineid is defined and v3.engineid is not none %} +{% if v3.engineid is vyos_defined %} oldEngineID 0x{{ v3.engineid }} {% endif %} {% endif %} diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl index 5f8f35e89..e4d6f51cb 100644 --- a/data/templates/ssh/override.conf.tmpl +++ b/data/templates/ssh/override.conf.tmpl @@ -1,12 +1,12 @@ -{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} +{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} [Unit] StartLimitIntervalSec=0 After=vyos-router.service -ConditionPathExists={{config_file}} +ConditionPathExists={{ config_file }} [Service] ExecStart= -ExecStart={{vrf_command}}/usr/sbin/sshd -f {{config_file}} -D $SSHD_OPTS +ExecStart={{ vrf_command }}/usr/sbin/sshd -f {{ config_file }} -D $SSHD_OPTS Restart=always RestartPreventExitStatus= RestartSec=10 diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl index 670cf85a1..d39b47669 100644 --- a/data/templates/ssh/sshd_config.tmpl +++ b/data/templates/ssh/sshd_config.tmpl @@ -37,7 +37,7 @@ DebianBanner no # Look up remote host name and check that the resolved host name for the remote IP # address maps back to the very same IP address. -UseDNS {{ "no" if disable_host_validation is defined else "yes" }} +UseDNS {{ "no" if disable_host_validation is vyos_defined else "yes" }} # Specifies the port number that sshd(8) listens on {% for value in port %} @@ -48,61 +48,50 @@ Port {{ value }} LogLevel {{ loglevel | upper }} # Specifies whether password authentication is allowed -PasswordAuthentication {{ "no" if disable_password_authentication is defined else "yes" }} +PasswordAuthentication {{ "no" if disable_password_authentication is vyos_defined else "yes" }} -{% if listen_address is defined and listen_address is not none %} +{% if listen_address is vyos_defined %} # Specifies the local addresses sshd should listen on {% for address in listen_address %} ListenAddress {{ address }} {% endfor %} {% endif %} -{% if ciphers is defined and ciphers is not none %} +{% if ciphers is vyos_defined %} # Specifies the ciphers allowed for protocol version 2 -{% set value = ciphers if ciphers is string else ciphers | join(',') %} -Ciphers {{ value }} +Ciphers {{ ciphers | join(',') }} {% endif %} -{% if mac is defined and mac is not none %} +{% if mac is vyos_defined %} # Specifies the available MAC (message authentication code) algorithms -{% set value = mac if mac is string else mac | join(',') %} -MACs {{ value }} +MACs {{ mac | join(',') }} {% endif %} -{% if key_exchange is defined and key_exchange is not none %} +{% if key_exchange is vyos_defined %} # Specifies the available Key Exchange algorithms -{% set value = key_exchange if key_exchange is string else key_exchange | join(',') %} -KexAlgorithms {{ value }} +KexAlgorithms {{ key_exchange | join(',') }} {% endif %} -{% if access_control is defined and access_control is not none %} -{% if access_control.allow is defined and access_control.allow is not none %} -{% if access_control.allow.user is defined %} +{% if access_control is vyos_defined %} +{% if access_control.allow.user is vyos_defined %} # If specified, login is allowed only for user names that match -{% set value = access_control.allow.user if access_control.allow.user is string else access_control.allow.user | join(' ') %} -AllowUsers {{ value }} -{% endif %} -{% if access_control.allow.group is defined %} +AllowUsers {{ access_control.allow.user | join(' ') }} +{% endif %} +{% if access_control.allow.group is vyos_defined %} # If specified, login is allowed only for users whose primary group or supplementary group list matches -{% set value = access_control.allow.group if access_control.allow.group is string else access_control.allow.group | join(' ') %} -AllowGroups {{ value }} -{% endif %} +AllowGroups {{ access_control.allow.group | join(' ') }} {% endif %} -{% if access_control.deny is defined and access_control.deny is not none %} -{% if access_control.deny.user is defined %} +{% if access_control.deny.user is vyos_defined %} # Login is disallowed for user names that match -{% set value = access_control.deny.user if access_control.deny.user is string else access_control.deny.user | join(' ') %} -DenyUsers {{ value }} -{% endif %} -{% if access_control.deny.group is defined %} +DenyUsers {{ access_control.deny.user | join(' ') }} +{% endif %} +{% if access_control.deny.group is vyos_defined %} # Login is disallowed for users whose primary group or supplementary group list matches -{% set value = access_control.deny.group if access_control.deny.group is string else access_control.deny.group | join(' ') %} -DenyGroups {{ value }} -{% endif %} +DenyGroups {{ access_control.deny.group | join(' ') }} {% endif %} {% endif %} -{% if client_keepalive_interval is defined and client_keepalive_interval is not none %} +{% if client_keepalive_interval is vyos_defined %} # Sets a timeout interval in seconds after which if no data has been received from the client, # sshd(8) will send a message through the encrypted channel to request a response from the client ClientAliveInterval {{ client_keepalive_interval }} diff --git a/data/templates/system/curlrc.tmpl b/data/templates/system/curlrc.tmpl index 3e5ce801c..be4efe8ba 100644 --- a/data/templates/system/curlrc.tmpl +++ b/data/templates/system/curlrc.tmpl @@ -1,8 +1,6 @@ -{% if http_client is defined %} -{% if http_client.source_interface is defined %} +{% if http_client.source_interface is vyos_defined %} --interface "{{ http_client.source_interface }}" -{% endif %} -{% if http_client.source_address is defined %} +{% endif %} +{% if http_client.source_address is vyos_defined %} --interface "{{ http_client.source_address }}" -{% endif %} {% endif %} diff --git a/data/templates/system/ssh_config.tmpl b/data/templates/system/ssh_config.tmpl index abc03f069..1449f95b1 100644 --- a/data/templates/system/ssh_config.tmpl +++ b/data/templates/system/ssh_config.tmpl @@ -1,3 +1,3 @@ -{% if ssh_client is defined and ssh_client.source_address is defined and ssh_client.source_address is not none %} +{% if ssh_client.source_address is vyos_defined %} BindAddress {{ ssh_client.source_address }} {% endif %} diff --git a/data/templates/system/sysctl.conf.tmpl b/data/templates/system/sysctl.conf.tmpl index 72af82ee5..3aa857647 100644 --- a/data/templates/system/sysctl.conf.tmpl +++ b/data/templates/system/sysctl.conf.tmpl @@ -1,6 +1,6 @@ # autogenerated by system_sysctl.py
-{% if parameter is defined and parameter is not none %}
+{% if parameter is vyos_defined %}
{% for k, v in parameter.items() %}
{{ k }} = {{ v.value }}
{% endfor %}
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 8ce48780b..4fc6a4517 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -57,9 +57,6 @@ def get_config(config=None): if conf.exists(['service', 'lldp', 'snmp', 'enable']): snmp.update({'lldp_snmp' : ''}) - if conf.exists(['system', 'ipv6', 'disable']): - snmp.update({'ipv6_disabled' : ''}) - if 'deleted' in snmp: return snmp @@ -100,9 +97,8 @@ def get_config(config=None): snmp['listen_address'] = dict_merge(tmp, snmp['listen_address']) if '::1' not in snmp['listen_address']: - if 'ipv6_disabled' not in snmp: - tmp = {'::1': {'port': '161'}} - snmp['listen_address'] = dict_merge(tmp, snmp['listen_address']) + tmp = {'::1': {'port': '161'}} + snmp['listen_address'] = dict_merge(tmp, snmp['listen_address']) if 'community' in snmp: default_values = defaults(base + ['community']) |