summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/templates/bcast-relay/udp-broadcast-relay.tmpl2
-rw-r--r--data/templates/conntrack/nftables-ct.tmpl4
-rw-r--r--data/templates/conntrackd/conntrackd.conf.tmpl18
-rw-r--r--data/templates/conntrackd/conntrackd.op-mode.tmpl2
-rw-r--r--data/templates/dhcp-server/dhcpd.conf.tmpl2
-rw-r--r--data/templates/firewall/nftables-defines.tmpl14
-rw-r--r--data/templates/firewall/upnpd.conf.tmpl24
-rw-r--r--data/templates/https/override.conf.tmpl8
-rw-r--r--data/templates/https/vyos-http-api.service.tmpl4
-rw-r--r--data/templates/ids/fastnetmon_networks_list.tmpl2
-rw-r--r--data/templates/ipsec/charon.tmpl8
-rw-r--r--data/templates/ipsec/charon/dhcp.conf.tmpl8
-rw-r--r--data/templates/ipsec/charon/eap-radius.conf.tmpl8
-rw-r--r--data/templates/ipsec/interfaces_use.conf.tmpl2
-rw-r--r--data/templates/ipsec/ios_profile.tmpl2
-rw-r--r--data/templates/ipsec/ipsec.conf.tmpl6
-rw-r--r--data/templates/ipsec/ipsec.secrets.tmpl2
-rw-r--r--data/templates/ipsec/swanctl.conf.tmpl66
-rw-r--r--data/templates/ipsec/swanctl/l2tp.tmpl4
-rw-r--r--data/templates/ipsec/swanctl/peer.tmpl72
-rw-r--r--data/templates/ipsec/swanctl/profile.tmpl10
-rw-r--r--data/templates/ipsec/swanctl/remote_access.tmpl16
-rw-r--r--data/templates/lcd/LCDd.conf.tmpl4
-rw-r--r--data/templates/lldp/lldpd.tmpl2
-rw-r--r--data/templates/lldp/vyos.conf.tmpl10
-rw-r--r--data/templates/login/authorized_keys.tmpl4
-rw-r--r--data/templates/login/pam_radius_auth.conf.tmpl12
-rw-r--r--data/templates/macsec/wpa_supplicant.conf.tmpl10
-rw-r--r--data/templates/ndppd/ndppd.conf.tmpl6
-rw-r--r--data/templates/nhrp/opennhrp.conf.tmpl24
-rw-r--r--data/templates/ntp/ntpd.conf.tmpl8
-rw-r--r--data/templates/ntp/override.conf.tmpl4
-rw-r--r--data/templates/ocserv/ocserv_config.tmpl6
-rw-r--r--data/templates/ocserv/ocserv_otp_usr.tmpl4
-rw-r--r--data/templates/ocserv/ocserv_passwd.tmpl12
-rw-r--r--data/templates/openvpn/auth.pw.tmpl2
-rw-r--r--data/templates/openvpn/client.conf.tmpl6
-rw-r--r--data/templates/openvpn/server.conf.tmpl102
-rw-r--r--data/templates/openvpn/service-override.conf.tmpl2
-rw-r--r--data/templates/pmacct/override.conf.tmpl4
-rw-r--r--data/templates/pmacct/uacctd.conf.tmpl26
-rw-r--r--data/templates/pppoe/ip-down.script.tmpl4
-rw-r--r--data/templates/squid/squid.conf.tmpl42
-rw-r--r--data/templates/squid/squidGuard.conf.tmpl34
-rw-r--r--data/templates/vyos-hostsd/hosts.tmpl6
-rw-r--r--data/templates/zone_policy/nftables.tmpl26
46 files changed, 318 insertions, 326 deletions
diff --git a/data/templates/bcast-relay/udp-broadcast-relay.tmpl b/data/templates/bcast-relay/udp-broadcast-relay.tmpl
index 7b2b9b1a2..75740e04c 100644
--- a/data/templates/bcast-relay/udp-broadcast-relay.tmpl
+++ b/data/templates/bcast-relay/udp-broadcast-relay.tmpl
@@ -2,4 +2,4 @@
# UDP broadcast relay configuration for instance {{ id }}
{{ '# ' ~ description if description is vyos_defined }}
-DAEMON_ARGS="{{ '-s ' ~ address if address is defined }} {{ instance }} {{ port }} {{ interface | join(' ') }}"
+DAEMON_ARGS="{{ '-s ' ~ address if address is vyos_defined }} {{ instance }} {{ port }} {{ interface | join(' ') }}"
diff --git a/data/templates/conntrack/nftables-ct.tmpl b/data/templates/conntrack/nftables-ct.tmpl
index cebc1a54e..569e73df1 100644
--- a/data/templates/conntrack/nftables-ct.tmpl
+++ b/data/templates/conntrack/nftables-ct.tmpl
@@ -12,7 +12,7 @@ table raw {
chain {{ nft_ct_ignore_name }} {
{% if ignore.rule is vyos_defined %}
{% for rule, rule_config in ignore.rule.items() %}
- # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is defined and rule_config.description is not none }}
+ # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is vyos_defined }}
{% set nft_command = '' %}
{% if rule_config.inbound_interface is vyos_defined %}
{% set nft_command = nft_command ~ ' iifname ' ~ rule_config.inbound_interface %}
@@ -40,7 +40,7 @@ table raw {
chain {{ nft_ct_timeout_name }} {
{% if timeout.custom.rule is vyos_defined %}
{% for rule, rule_config in timeout.custom.rule.items() %}
- # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is defined and rule_config.description is not none }}
+ # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is vyos_defined }}
{% endfor %}
{% endif %}
return
diff --git a/data/templates/conntrackd/conntrackd.conf.tmpl b/data/templates/conntrackd/conntrackd.conf.tmpl
index 45b7bff09..80e7254a0 100644
--- a/data/templates/conntrackd/conntrackd.conf.tmpl
+++ b/data/templates/conntrackd/conntrackd.conf.tmpl
@@ -3,16 +3,16 @@
# Synchronizer settings
Sync {
Mode FTFW {
- DisableExternalCache {{ 'on' if disable_external_cache is defined else 'off' }}
+ DisableExternalCache {{ 'on' if disable_external_cache is vyos_defined else 'off' }}
}
{% for iface, iface_config in interface.items() %}
-{% if iface_config.peer is defined and iface_config.peer is not none %}
+{% if iface_config.peer is vyos_defined %}
UDP {
-{% if listen_address is defined and listen_address is not none %}
+{% if listen_address is vyos_defined %}
IPv4_address {{ listen_address }}
{% endif %}
IPv4_Destination_Address {{ iface_config.peer }}
- Port {{ iface_config.port if iface_config.port is defined else '3780' }}
+ Port {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
Interface {{ iface }}
SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
@@ -22,7 +22,7 @@ Sync {
Multicast {
{% set ip_address = iface | get_ipv4 %}
IPv4_address {{ mcast_group }}
- Group {{ iface_config.port if iface_config.port is defined else '3780' }}
+ Group {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
IPv4_interface {{ ip_address[0] | ip_from_cidr }}
Interface {{ iface }}
SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
@@ -31,7 +31,7 @@ Sync {
}
{% endif %}
{% endfor %}
-{% if expect_sync is defined and expect_sync is not none %}
+{% if expect_sync is vyos_defined %}
Options {
{% if 'all' in expect_sync %}
ExpectationSync on
@@ -83,9 +83,9 @@ General {
NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }}
NetlinkOverrunResync off
NetlinkEventsReliable on
-{% if ignore_address is defined or accept_protocol is defined %}
+{% if ignore_address is vyos_defined or accept_protocol is vyos_defined %}
Filter From Userspace {
-{% if ignore_address is defined and ignore_address is not none %}
+{% if ignore_address is vyos_defined %}
Address Ignore {
{% for address in ignore_address if address | is_ipv4 %}
IPv4_address {{ address }}
@@ -95,7 +95,7 @@ General {
{% endfor %}
}
{% endif %}
-{% if accept_protocol is defined and accept_protocol is not none %}
+{% if accept_protocol is vyos_defined %}
Protocol Accept {
{% for protocol in accept_protocol %}
{% if protocol == 'icmp6' %}
diff --git a/data/templates/conntrackd/conntrackd.op-mode.tmpl b/data/templates/conntrackd/conntrackd.op-mode.tmpl
index 82a4b09ad..c3f6911ce 100644
--- a/data/templates/conntrackd/conntrackd.op-mode.tmpl
+++ b/data/templates/conntrackd/conntrackd.op-mode.tmpl
@@ -1,5 +1,5 @@
Source Destination Protocol
-{% for parsed in data if parsed.flow is defined and parsed.flow.meta is defined %}
+{% for parsed in data if parsed.flow.meta is vyos_defined %}
{% for key in parsed.flow.meta %}
{% if key['@direction'] == 'original' %}
{% set saddr = key.layer3.src | bracketize_ipv6 %}
diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl
index 00f6eba8e..efc144a1e 100644
--- a/data/templates/dhcp-server/dhcpd.conf.tmpl
+++ b/data/templates/dhcp-server/dhcpd.conf.tmpl
@@ -158,7 +158,7 @@ shared-network {{ network }} {
{% if subnet_config.bootfile_server is vyos_defined %}
next-server {{ subnet_config.bootfile_server }};
{% endif %}
-{% if subnet_config.bootfile_size is defined and subnet_config.bootfile_size is not none %}
+{% if subnet_config.bootfile_size is vyos_defined %}
option boot-size {{ subnet_config.bootfile_size }};
{% endif %}
{% if subnet_config.time_offset is vyos_defined %}
diff --git a/data/templates/firewall/nftables-defines.tmpl b/data/templates/firewall/nftables-defines.tmpl
index d9eb7c199..66d31093b 100644
--- a/data/templates/firewall/nftables-defines.tmpl
+++ b/data/templates/firewall/nftables-defines.tmpl
@@ -1,30 +1,30 @@
-{% if group is defined %}
-{% if group.address_group is defined %}
+{% if group is vyos_defined %}
+{% if group.address_group is vyos_defined %}
{% for group_name, group_conf in group.address_group.items() %}
define A_{{ group_name }} = { {{ group_conf.address | join(",") }} }
{% endfor %}
{% endif %}
-{% if group.ipv6_address_group is defined %}
+{% if group.ipv6_address_group is vyos_defined %}
{% for group_name, group_conf in group.ipv6_address_group.items() %}
define A6_{{ group_name }} = { {{ group_conf.address | join(",") }} }
{% endfor %}
{% endif %}
-{% if group.mac_group is defined %}
+{% if group.mac_group is vyos_defined %}
{% for group_name, group_conf in group.mac_group.items() %}
define M_{{ group_name }} = { {{ group_conf.mac_address | join(",") }} }
{% endfor %}
{% endif %}
-{% if group.network_group is defined %}
+{% if group.network_group is vyos_defined %}
{% for group_name, group_conf in group.network_group.items() %}
define N_{{ group_name }} = { {{ group_conf.network | join(",") }} }
{% endfor %}
{% endif %}
-{% if group.ipv6_network_group is defined %}
+{% if group.ipv6_network_group is vyos_defined %}
{% for group_name, group_conf in group.ipv6_network_group.items() %}
define N6_{{ group_name }} = { {{ group_conf.network | join(",") }} }
{% endfor %}
{% endif %}
-{% if group.port_group is defined %}
+{% if group.port_group is vyos_defined %}
{% for group_name, group_conf in group.port_group.items() %}
define P_{{ group_name }} = { {{ group_conf.port | join(",") }} }
{% endfor %}
diff --git a/data/templates/firewall/upnpd.conf.tmpl b/data/templates/firewall/upnpd.conf.tmpl
index 39cb21373..6e73995fa 100644
--- a/data/templates/firewall/upnpd.conf.tmpl
+++ b/data/templates/firewall/upnpd.conf.tmpl
@@ -2,7 +2,7 @@
# WAN network interface
ext_ifname={{ wan_interface }}
-{% if wan_ip is defined %}
+{% if wan_ip is vyos_defined %}
# If the WAN interface has several IP addresses, you
# can specify the one to use below
{% for addr in wan_ip %}
@@ -11,7 +11,7 @@ ext_ip={{ addr }}
{% endif %}
# LAN network interfaces IPs / networks
-{% if listen is defined %}
+{% if listen is vyos_defined %}
# There can be multiple listening IPs for SSDP traffic, in that case
# use multiple 'listening_ip=...' lines, one for each network interface.
# It can be IP address or network interface name (ie. "eth0")
@@ -45,7 +45,7 @@ listening_ip={{ addr }}
# default is /var/run/minissdpd.sock
#minissdpdsocket=/var/run/minissdpd.sock
-{% if nat_pmp is defined %}
+{% if nat_pmp is vyos_defined %}
# Enable NAT-PMP support (default is no)
enable_natpmp=yes
{% endif %}
@@ -53,14 +53,14 @@ enable_natpmp=yes
# Enable UPNP support (default is yes)
enable_upnp=yes
-{% if pcp_lifetime is defined %}
+{% if pcp_lifetime is vyos_defined %}
# PCP
# Configure the minimum and maximum lifetime of a port mapping in seconds
# 120s and 86400s (24h) are suggested values from PCP-base
-{% if pcp_lifetime.max is defined %}
+{% if pcp_lifetime.max is vyos_defined %}
max_lifetime={{ pcp_lifetime.max }}
{% endif %}
-{% if pcp_lifetime.min is defined %}
+{% if pcp_lifetime.min is vyos_defined %}
min_lifetime={{ pcp_lifetime.min }}
{% endif %}
{% endif %}
@@ -69,7 +69,7 @@ min_lifetime={{ pcp_lifetime.min }}
# To enable the next few runtime options, see compile time
# ENABLE_MANUFACTURER_INFO_CONFIGURATION (config.h)
-{% if friendly_name is defined %}
+{% if friendly_name is vyos_defined %}
# Name of this service, default is "`uname -s` router"
friendly_name= {{ friendly_name }}
{% endif %}
@@ -89,7 +89,7 @@ model_description=Vyos open source enterprise router/firewall operating system
# Model URL, default is URL of OS vendor
model_url=https://vyos.io/
-{% if secure_mode is defined %}
+{% if secure_mode is vyos_defined %}
# Secure Mode, UPnP clients can only add mappings to their own IP
secure_mode=yes
{% else %}
@@ -97,7 +97,7 @@ secure_mode=yes
secure_mode=no
{% endif %}
-{% if presentation_url is defined %}
+{% if presentation_url is vyos_defined %}
# Default presentation URL is HTTP address on port 80
# If set to an empty string, no presentationURL element will appear
# in the XML description of the device, which prevents MS Windows
@@ -129,7 +129,7 @@ lease_file=/config/upnp.leases
#serial=12345678
#model_number=1
-{% if rules is defined %}
+{% if rules is vyos_defined %}
# UPnP permission rules
# (allow|deny) (external port range) IP/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
@@ -143,13 +143,13 @@ lease_file=/config/upnp.leases
# also consider implementing network-specific restrictions
# CAUTION: failure to enforce any rules may permit insecure requests to be made!
{% for rule, config in rules.items() %}
-{% if config.disable is defined %}
+{% if config.disable is vyos_defined %}
{{ config.action}} {{ config.external_port_range }} {{ config.ip }} {{ config.internal_port_range }}
{% endif %}
{% endfor %}
{% endif %}
-{% if stun is defined %}
+{% if stun is vyos_defined %}
# WAN interface must have public IP address. Otherwise it is behind NAT
# and port forwarding is impossible. In some cases WAN interface can be
# behind unrestricted NAT 1:1 when all incoming traffic is NAT-ed and
diff --git a/data/templates/https/override.conf.tmpl b/data/templates/https/override.conf.tmpl
index 824b1ba3b..c2c191b06 100644
--- a/data/templates/https/override.conf.tmpl
+++ b/data/templates/https/override.conf.tmpl
@@ -1,15 +1,15 @@
-{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
[Unit]
StartLimitIntervalSec=0
After=vyos-router.service
[Service]
ExecStartPre=
-ExecStartPre={{vrf_command}}/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
+ExecStartPre={{ vrf_command }}/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=
-ExecStart={{vrf_command}}/usr/sbin/nginx -g 'daemon on; master_process on;'
+ExecStart={{ vrf_command }}/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=
-ExecReload={{vrf_command}}/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
+ExecReload={{ vrf_command }}/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
Restart=always
RestartPreventExitStatus=
RestartSec=10
diff --git a/data/templates/https/vyos-http-api.service.tmpl b/data/templates/https/vyos-http-api.service.tmpl
index 15bd80d65..fb424e06c 100644
--- a/data/templates/https/vyos-http-api.service.tmpl
+++ b/data/templates/https/vyos-http-api.service.tmpl
@@ -1,11 +1,11 @@
-{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
[Unit]
Description=VyOS HTTP API service
After=vyos-router.service
Requires=vyos-router.service
[Service]
-ExecStart={{vrf_command}}/usr/libexec/vyos/services/vyos-http-api-server
+ExecStart={{ vrf_command }}/usr/libexec/vyos/services/vyos-http-api-server
Type=idle
SyslogIdentifier=vyos-http-api
diff --git a/data/templates/ids/fastnetmon_networks_list.tmpl b/data/templates/ids/fastnetmon_networks_list.tmpl
index d58990053..ab9add22c 100644
--- a/data/templates/ids/fastnetmon_networks_list.tmpl
+++ b/data/templates/ids/fastnetmon_networks_list.tmpl
@@ -1,4 +1,4 @@
-{% if network is string %}
+{% if network is vyos_defined(var_type=str) %}
{{ network }}
{% else %}
{% for net in network %}
diff --git a/data/templates/ipsec/charon.tmpl b/data/templates/ipsec/charon.tmpl
index b9b020dcd..2eac24eaa 100644
--- a/data/templates/ipsec/charon.tmpl
+++ b/data/templates/ipsec/charon.tmpl
@@ -21,12 +21,12 @@ charon {
# cisco_unity = no
# Cisco FlexVPN
-{% if options is defined %}
- cisco_flexvpn = {{ 'yes' if options.flexvpn is defined else 'no' }}
-{% if options.virtual_ip is defined %}
+{% if options is vyos_defined %}
+ cisco_flexvpn = {{ 'yes' if options.flexvpn is vyos_defined else 'no' }}
+{% if options.virtual_ip is vyos_defined %}
install_virtual_ip = yes
{% endif %}
-{% if options.interface is defined and options.interface is not none %}
+{% if options.interface is vyos_defined %}
install_virtual_ip_on = {{ options.interface }}
{% endif %}
{% endif %}
diff --git a/data/templates/ipsec/charon/dhcp.conf.tmpl b/data/templates/ipsec/charon/dhcp.conf.tmpl
index 92774b275..aaa5613fb 100644
--- a/data/templates/ipsec/charon/dhcp.conf.tmpl
+++ b/data/templates/ipsec/charon/dhcp.conf.tmpl
@@ -1,12 +1,10 @@
dhcp {
load = yes
-{% if remote_access is defined and remote_access.dhcp is defined %}
-{% if remote_access.dhcp.interface is defined %}
+{% if remote_access.dhcp.interface is vyos_defined %}
interface = {{ remote_access.dhcp.interface }}
-{% endif %}
-{% if remote_access.dhcp.server is defined %}
+{% endif %}
+{% if remote_access.dhcp.server is vyos_defined %}
server = {{ remote_access.dhcp.server }}
-{% endif %}
{% endif %}
# Always use the configured server address.
diff --git a/data/templates/ipsec/charon/eap-radius.conf.tmpl b/data/templates/ipsec/charon/eap-radius.conf.tmpl
index 5ec35c988..b58022521 100644
--- a/data/templates/ipsec/charon/eap-radius.conf.tmpl
+++ b/data/templates/ipsec/charon/eap-radius.conf.tmpl
@@ -41,7 +41,7 @@ eap-radius {
load = yes
# NAS-Identifier to include in RADIUS messages.
- nas_identifier = {{ remote_access.radius.nas_identifier if remote_access is defined and remote_access.radius is defined and remote_access.radius.nas_identifier is defined else 'strongSwan' }}
+ nas_identifier = {{ remote_access.radius.nas_identifier if remote_access.radius.nas_identifier is vyos_defined else 'strongSwan' }}
# Port of RADIUS server (authentication).
# port = 1812
@@ -94,13 +94,13 @@ eap-radius {
# Section to specify multiple RADIUS servers.
servers {
-{% if remote_access is defined and remote_access.radius is defined and remote_access.radius.server is defined %}
-{% for server, server_options in remote_access.radius.server.items() if server_options.disable is not defined %}
+{% if remote_access.radius.server is vyos_defined %}
+{% for server, server_options in remote_access.radius.server.items() if server_options.disable is not vyos_defined %}
{{ server | replace('.', '-') }} {
address = {{ server }}
secret = {{ server_options.key }}
auth_port = {{ server_options.port }}
-{% if server_options.disable_accounting is not defined %}
+{% if server_options.disable_accounting is not vyos_defined %}
acct_port = {{ server_options.port | int +1 }}
{% endif %}
sockets = 20
diff --git a/data/templates/ipsec/interfaces_use.conf.tmpl b/data/templates/ipsec/interfaces_use.conf.tmpl
index a77102396..55c3ce4f3 100644
--- a/data/templates/ipsec/interfaces_use.conf.tmpl
+++ b/data/templates/ipsec/interfaces_use.conf.tmpl
@@ -1,4 +1,4 @@
-{% if interface is defined %}
+{% if interface is vyos_defined %}
charon {
interfaces_use = {{ ', '.join(interface) }}
}
diff --git a/data/templates/ipsec/ios_profile.tmpl b/data/templates/ipsec/ios_profile.tmpl
index af6c79d6e..c8e17729a 100644
--- a/data/templates/ipsec/ios_profile.tmpl
+++ b/data/templates/ipsec/ios_profile.tmpl
@@ -41,7 +41,7 @@
<!-- Remote identity, can be a FQDN, a userFQDN, an IP or (theoretically) a certificate's subject DN. Can't be empty.
IMPORTANT: DNs are currently not handled correctly, they are always sent as identities of type FQDN -->
<key>RemoteIdentifier</key>
- <string>{{ authentication.id if authentication.id is defined else 'fooo' }}</string>
+ <string>{{ authentication.id if authentication.id is vyos_defined else 'VyOS' }}</string>
<!-- Local IKE identity, same restrictions as above. If it is empty the client's IP address will be used -->
<key>LocalIdentifier</key>
<string></string>
diff --git a/data/templates/ipsec/ipsec.conf.tmpl b/data/templates/ipsec/ipsec.conf.tmpl
index 1cb531e76..0f7131dff 100644
--- a/data/templates/ipsec/ipsec.conf.tmpl
+++ b/data/templates/ipsec/ipsec.conf.tmpl
@@ -2,7 +2,7 @@
config setup
{% set charondebug = '' %}
-{% if log is defined and log.subsystem is defined and log.subsystem is not none %}
+{% if log.subsystem is vyos_defined %}
{% set subsystem = log.subsystem %}
{% if 'any' in log.subsystem %}
{% set subsystem = ['dmn', 'mgr', 'ike', 'chd','job', 'cfg', 'knl', 'net', 'asn',
@@ -11,8 +11,8 @@ config setup
{% set charondebug = subsystem | join (' ' ~ log.level ~ ', ') ~ ' ' ~ log.level %}
{% endif %}
charondebug = "{{ charondebug }}"
- uniqueids = {{ "no" if disable_uniqreqids is defined else "yes" }}
+ uniqueids = {{ "no" if disable_uniqreqids is vyos_defined else "yes" }}
-{% if include_ipsec_conf is defined %}
+{% if include_ipsec_conf is vyos_defined %}
include {{ include_ipsec_conf }}
{% endif %}
diff --git a/data/templates/ipsec/ipsec.secrets.tmpl b/data/templates/ipsec/ipsec.secrets.tmpl
index 057e291ed..865c1ab17 100644
--- a/data/templates/ipsec/ipsec.secrets.tmpl
+++ b/data/templates/ipsec/ipsec.secrets.tmpl
@@ -1,5 +1,5 @@
# Created by VyOS - manual changes will be overwritten
-{% if include_ipsec_secrets is defined %}
+{% if include_ipsec_secrets is vyos_defined %}
include {{ include_ipsec_secrets }}
{% endif %}
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index 68b108365..6ba93dd1f 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -5,18 +5,18 @@
{% import 'ipsec/swanctl/remote_access.tmpl' as remote_access_tmpl %}
connections {
-{% if profile is defined %}
-{% for name, profile_conf in profile.items() if profile_conf.disable is not defined and profile_conf.bind is defined and profile_conf.bind.tunnel is defined %}
+{% if profile is vyos_defined %}
+{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %}
{{ profile_tmpl.conn(name, profile_conf, ike_group, esp_group) }}
{% endfor %}
{% endif %}
-{% if site_to_site is defined and site_to_site.peer is defined %}
-{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
+{% if site_to_site.peer is vyos_defined %}
+{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %}
{{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }}
{% endfor %}
{% endif %}
-{% if remote_access is defined and remote_access.connection is defined and remote_access.connection is not none %}
-{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not defined %}
+{% if remote_access.connection is vyos_defined %}
+{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not vyos_defined %}
{{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }}
{% endfor %}
{% endif %}
@@ -26,16 +26,16 @@ connections {
}
pools {
-{% if remote_access is defined and remote_access.pool is defined and remote_access.pool is not none %}
+{% if remote_access.pool is vyos_defined %}
{% for pool, pool_config in remote_access.pool.items() %}
{{ pool }} {
-{% if pool_config.prefix is defined and pool_config.prefix is not none %}
+{% if pool_config.prefix is vyos_defined %}
addrs = {{ pool_config.prefix }}
{% endif %}
-{% if pool_config.name_server is defined and pool_config.name_server is not none %}
+{% if pool_config.name_server is vyos_defined %}
dns = {{ pool_config.name_server | join(',') }}
{% endif %}
-{% if pool_config.exclude is defined and pool_config.exclude is not none %}
+{% if pool_config.exclude is vyos_defined %}
split_exclude = {{ pool_config.exclude | join(',') }}
{% endif %}
}
@@ -44,9 +44,9 @@ pools {
}
secrets {
-{% if profile is defined %}
-{% for name, profile_conf in profile.items() if profile_conf.disable is not defined and profile_conf.bind is defined and profile_conf.bind.tunnel is defined %}
-{% if profile_conf.authentication.mode == 'pre-shared-secret' %}
+{% if profile is vyos_defined %}
+{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %}
+{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
{% for interface in profile_conf.bind.tunnel %}
ike-dmvpn-{{ interface }} {
secret = {{ profile_conf.authentication.pre_shared_secret }}
@@ -55,54 +55,54 @@ secrets {
{% endif %}
{% endfor %}
{% endif %}
-{% if site_to_site is defined and site_to_site.peer is defined %}
-{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
+{% if site_to_site.peer is vyos_defined %}
+{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %}
{% set peer_name = peer.replace("@", "") | dot_colon_to_dash %}
-{% if peer_conf.authentication.mode == 'pre-shared-secret' %}
+{% if peer_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
ike_{{ peer_name }} {
-{% if peer_conf.local_address is defined %}
+{% if peer_conf.local_address is vyos_defined %}
id-local = {{ peer_conf.local_address }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }}
{% endif %}
id-remote = {{ peer }}
-{% if peer_conf.authentication.id is defined %}
+{% if peer_conf.authentication.id is vyos_defined %}
id-localid = {{ peer_conf.authentication.id }}
{% endif %}
-{% if peer_conf.authentication.remote_id is defined %}
+{% if peer_conf.authentication.remote_id is vyos_defined %}
id-remoteid = {{ peer_conf.authentication.remote_id }}
{% endif %}
secret = "{{ peer_conf.authentication.pre_shared_secret }}"
}
-{% elif peer_conf.authentication.mode == 'x509' %}
+{% elif peer_conf.authentication.mode is vyos_defined('x509') %}
private_{{ peer_name }} {
file = {{ peer_conf.authentication.x509.certificate }}.pem
-{% if peer_conf.authentication.x509.passphrase is defined %}
+{% if peer_conf.authentication.x509.passphrase is vyos_defined %}
secret = "{{ peer_conf.authentication.x509.passphrase }}"
{% endif %}
}
-{% elif peer_conf.authentication.mode == 'rsa' %}
+{% elif peer_conf.authentication.mode is vyos_defined('rsa') %}
rsa_{{ peer_name }}_local {
file = {{ peer_conf.authentication.rsa.local_key }}.pem
-{% if peer_conf.authentication.rsa.passphrase is defined %}
+{% if peer_conf.authentication.rsa.passphrase is vyos_defined %}
secret = "{{ peer_conf.authentication.rsa.passphrase }}"
{% endif %}
}
{% endif %}
{% endfor %}
{% endif %}
-{% if remote_access is defined and remote_access.connection is defined and remote_access.connection is not none %}
-{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not defined %}
-{% if ra_conf.authentication.server_mode == 'pre-shared-secret' %}
+{% if remote_access.connection is vyos_defined %}
+{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not vyos_defined %}
+{% if ra_conf.authentication.server_mode is vyos_defined('pre-shared-secret') %}
ike_{{ ra }} {
-{% if ra_conf.authentication.id is defined %}
+{% if ra_conf.authentication.id is vyos_defined %}
id = "{{ ra_conf.authentication.id }}"
-{% elif ra_conf.local_address is defined %}
+{% elif ra_conf.local_address is vyos_defined %}
id = "{{ ra_conf.local_address }}"
{% endif %}
secret = "{{ ra_conf.authentication.pre_shared_secret }}"
}
{% endif %}
-{% if ra_conf.authentication.client_mode == 'eap-mschapv2' and ra_conf.authentication.local_users is defined and ra_conf.authentication.local_users.username is defined %}
-{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not defined %}
+{% if ra_conf.authentication.client_mode is vyos_defined('eap-mschapv2') and ra_conf.authentication.local_users.username is vyos_defined %}
+{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not vyos_defined %}
eap-{{ ra }}-{{ user }} {
secret = "{{ user_conf.password }}"
id-{{ ra }}-{{ user }} = "{{ user }}"
@@ -112,16 +112,16 @@ secrets {
{% endfor %}
{% endif %}
{% if l2tp %}
-{% if l2tp.authentication.mode == 'pre-shared-secret' %}
+{% if l2tp.authentication.mode is vyos_defined('pre-shared-secret') %}
ike_l2tp_remote_access {
id = "{{ l2tp_outside_address }}"
secret = "{{ l2tp.authentication.pre_shared_secret }}"
}
-{% elif l2tp.authentication.mode == 'x509' %}
+{% elif l2tp.authentication.mode is vyos_defined('x509') %}
private_l2tp_remote_access {
id = "{{ l2tp_outside_address }}"
file = {{ l2tp.authentication.x509.certificate }}.pem
-{% if l2tp.authentication.x509.passphrase is defined %}
+{% if l2tp.authentication.x509.passphrase is vyos_defined %}
secret = "{{ l2tp.authentication.x509.passphrase }}"
{% endif %}
}
diff --git a/data/templates/ipsec/swanctl/l2tp.tmpl b/data/templates/ipsec/swanctl/l2tp.tmpl
index 4cd1b4af3..c0e81e0aa 100644
--- a/data/templates/ipsec/swanctl/l2tp.tmpl
+++ b/data/templates/ipsec/swanctl/l2tp.tmpl
@@ -1,6 +1,6 @@
{% macro conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) %}
-{% set l2tp_ike = ike_group[l2tp.ike_group] if l2tp.ike_group is defined else None %}
-{% set l2tp_esp = esp_group[l2tp.esp_group] if l2tp.esp_group is defined else None %}
+{% set l2tp_ike = ike_group[l2tp.ike_group] if l2tp.ike_group is vyos_defined else None %}
+{% set l2tp_esp = esp_group[l2tp.esp_group] if l2tp.esp_group is vyos_defined else None %}
l2tp_remote_access {
proposals = {{ l2tp_ike | get_esp_ike_cipher | join(',') if l2tp_ike else l2tp_ike_default }}
local_addrs = {{ l2tp_outside_address }}
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index a622cbf74..b21dce9f0 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -4,20 +4,20 @@
{% set ike = ike_group[peer_conf.ike_group] %}
peer_{{ name }} {
proposals = {{ ike | get_esp_ike_cipher | join(',') }}
- version = {{ ike.key_exchange[4:] if ike is defined and ike.key_exchange is defined else "0" }}
-{% if peer_conf.virtual_address is defined and peer_conf.virtual_address is not none %}
+ version = {{ ike.key_exchange[4:] if ike.key_exchange is vyos_defined else "0" }}
+{% if peer_conf.virtual_address is vyos_defined %}
vips = {{ peer_conf.virtual_address | join(', ') }}
{% endif %}
local_addrs = {{ peer_conf.local_address if peer_conf.local_address != 'any' else '0.0.0.0/0' }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }}
remote_addrs = {{ peer if peer not in ['any', '0.0.0.0'] and peer[0:1] != '@' else '0.0.0.0/0' }}
-{% if peer_conf.authentication is defined and peer_conf.authentication.mode is defined and peer_conf.authentication.mode == 'x509' %}
+{% if peer_conf.authentication.mode is vyos_defined('x509') %}
send_cert = always
{% endif %}
-{% if ike.dead_peer_detection is defined %}
+{% if ike.dead_peer_detection is vyos_defined %}
dpd_timeout = {{ ike.dead_peer_detection.timeout }}
dpd_delay = {{ ike.dead_peer_detection.interval }}
{% endif %}
-{% if ike.key_exchange is defined and ike.key_exchange == "ikev1" and ike.mode is defined and ike.mode == "aggressive" %}
+{% if ike.key_exchange is vyos_defined('ikev1') and ike.mode is vyos_defined('aggressive') %}
aggressive = yes
{% endif %}
rekey_time = {{ ike.lifetime }}s
@@ -25,16 +25,16 @@
{% if peer[0:1] == '@' %}
keyingtries = 0
reauth_time = 0
-{% elif peer_conf.connection_type is not defined or peer_conf.connection_type == 'initiate' %}
+{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %}
keyingtries = 0
-{% elif peer_conf.connection_type is defined and peer_conf.connection_type == 'respond' %}
+{% elif peer_conf.connection_type is vyos_defined('respond') %}
keyingtries = 1
{% endif %}
-{% if peer_conf.force_encapsulation is defined and peer_conf.force_encapsulation == 'enable' %}
+{% if peer_conf.force_encapsulation is vyos_defined('enable') %}
encap = yes
{% endif %}
local {
-{% if peer_conf.authentication is defined and peer_conf.authentication.id is defined and peer_conf.authentication.id is not none %}
+{% if peer_conf.authentication.id is vyos_defined %}
id = "{{ peer_conf.authentication.id }}"
{% endif %}
auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
@@ -45,7 +45,7 @@
{% endif %}
}
remote {
-{% if peer_conf.authentication is defined and peer_conf.authentication.remote_id is defined and peer_conf.authentication.remote_id is not none %}
+{% if peer_conf.authentication.remote_id is vyos_defined %}
id = "{{ peer_conf.authentication.remote_id }}"
{% else %}
id = "{{ peer }}"
@@ -56,14 +56,14 @@
{% endif %}
}
children {
-{% if peer_conf.vti is defined and peer_conf.vti.bind is defined and peer_conf.tunnel is not defined %}
-{% set vti_esp = esp_group[ peer_conf.vti.esp_group ] if peer_conf.vti.esp_group is defined else esp_group[ peer_conf.default_esp_group ] %}
+{% if peer_conf.vti.bind is vyos_defined and peer_conf.tunnel is not vyos_defined %}
+{% set vti_esp = esp_group[ peer_conf.vti.esp_group ] if peer_conf.vti.esp_group is vyos_defined else esp_group[ peer_conf.default_esp_group ] %}
peer_{{ name }}_vti {
esp_proposals = {{ vti_esp | get_esp_ike_cipher(ike) | join(',') }}
-{% if vti_esp.life_bytes is defined and vti_esp.life_bytes is not none %}
+{% if vti_esp.life_bytes is vyos_defined %}
life_bytes = {{ vti_esp.life_bytes }}
{% endif %}
-{% if vti_esp.life_packets is defined and vti_esp.life_packets is not none %}
+{% if vti_esp.life_packets is vyos_defined %}
life_packets = {{ vti_esp.life_packets }}
{% endif %}
life_time = {{ vti_esp.lifetime }}s
@@ -75,74 +75,74 @@
{% set if_id = peer_conf.vti.bind | replace('vti', '') | int +1 %}
if_id_in = {{ if_id }}
if_id_out = {{ if_id }}
- ipcomp = {{ 'yes' if vti_esp.compression is defined and vti_esp.compression == 'enable' else 'no' }}
+ ipcomp = {{ 'yes' if vti_esp.compression is vyos_defined('enable') else 'no' }}
mode = {{ vti_esp.mode }}
{% if peer[0:1] == '@' %}
start_action = none
-{% elif peer_conf.connection_type is not defined or peer_conf.connection_type == 'initiate' %}
+{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %}
start_action = start
-{% elif peer_conf.connection_type == 'respond' %}
+{% elif peer_conf.connection_type is vyos_defined('respond') %}
start_action = trap
-{% elif peer_conf.connection_type == 'none' %}
+{% elif peer_conf.connection_type is vyos_defined('none') %}
start_action = none
{% endif %}
-{% if ike.dead_peer_detection is defined %}
+{% if ike.dead_peer_detection is vyos_defined %}
{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %}
dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }}
{% endif %}
close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }}
}
-{% elif peer_conf.tunnel is defined %}
+{% elif peer_conf.tunnel is vyos_defined %}
{% for tunnel_id, tunnel_conf in peer_conf.tunnel.items() if tunnel_conf.disable is not defined %}
-{% set tunnel_esp_name = tunnel_conf.esp_group if tunnel_conf.esp_group is defined else peer_conf.default_esp_group %}
+{% set tunnel_esp_name = tunnel_conf.esp_group if tunnel_conf.esp_group is vyos_defined else peer_conf.default_esp_group %}
{% set tunnel_esp = esp_group[tunnel_esp_name] %}
-{% set proto = tunnel_conf.protocol if tunnel_conf.protocol is defined else '' %}
-{% set local_port = tunnel_conf.local.port if tunnel_conf.local is defined and tunnel_conf.local.port is defined else '' %}
+{% set proto = tunnel_conf.protocol if tunnel_conf.protocol is vyos_defined else '' %}
+{% set local_port = tunnel_conf.local.port if tunnel_conf.local.port is vyos_defined else '' %}
{% set local_suffix = '[{0}/{1}]'.format(proto, local_port) if proto or local_port else '' %}
-{% set remote_port = tunnel_conf.remote.port if tunnel_conf.remote is defined and tunnel_conf.remote.port is defined else '' %}
+{% set remote_port = tunnel_conf.remote.port if tunnel_conf.remote.port is vyos_defined else '' %}
{% set remote_suffix = '[{0}/{1}]'.format(proto, remote_port) if proto or remote_port else '' %}
peer_{{ name }}_tunnel_{{ tunnel_id }} {
esp_proposals = {{ tunnel_esp | get_esp_ike_cipher(ike) | join(',') }}
-{% if tunnel_esp.life_bytes is defined and tunnel_esp.life_bytes is not none %}
+{% if tunnel_esp.life_bytes is vyos_defined %}
life_bytes = {{ tunnel_esp.life_bytes }}
{% endif %}
-{% if tunnel_esp.life_packets is defined and tunnel_esp.life_packets is not none %}
+{% if tunnel_esp.life_packets is vyos_defined %}
life_packets = {{ tunnel_esp.life_packets }}
{% endif %}
life_time = {{ tunnel_esp.lifetime }}s
{% if tunnel_esp.mode is not defined or tunnel_esp.mode == 'tunnel' %}
-{% if tunnel_conf.local is defined and tunnel_conf.local.prefix is defined %}
+{% if tunnel_conf.local.prefix is vyos_defined %}
{% set local_prefix = tunnel_conf.local.prefix if 'any' not in tunnel_conf.local.prefix else ['0.0.0.0/0', '::/0'] %}
local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }}
{% endif %}
-{% if tunnel_conf.remote is defined and tunnel_conf.remote.prefix is defined %}
+{% if tunnel_conf.remote.prefix is vyos_defined %}
{% set remote_prefix = tunnel_conf.remote.prefix if 'any' not in tunnel_conf.remote.prefix else ['0.0.0.0/0', '::/0'] %}
remote_ts = {{ remote_prefix | join(remote_suffix + ",") }}{{ remote_suffix }}
{% endif %}
-{% if tunnel_conf.priority is defined and tunnel_conf.priority is not none %}
+{% if tunnel_conf.priority is vyos_defined %}
priority = {{ tunnel_conf.priority }}
{% endif %}
{% elif tunnel_esp.mode == 'transport' %}
local_ts = {{ peer_conf.local_address }}{{ local_suffix }}
remote_ts = {{ peer }}{{ remote_suffix }}
{% endif %}
- ipcomp = {{ 'yes' if tunnel_esp.compression is defined and tunnel_esp.compression == 'enable' else 'no' }}
+ ipcomp = {{ 'yes' if tunnel_esp.compression is vyos_defined('enable') else 'no' }}
mode = {{ tunnel_esp.mode }}
{% if peer[0:1] == '@' %}
start_action = none
-{% elif peer_conf.connection_type is not defined or peer_conf.connection_type == 'initiate' %}
+{% elif peer_conf.connection_type is not vyos_defined or peer_conf.connection_type is vyos_defined('initiate') %}
start_action = start
-{% elif peer_conf.connection_type == 'respond' %}
+{% elif peer_conf.connection_type is vyos_defined('respond') %}
start_action = trap
-{% elif peer_conf.connection_type == 'none' %}
+{% elif peer_conf.connection_type is vyos_defined('none') %}
start_action = none
{% endif %}
-{% if ike.dead_peer_detection is defined %}
+{% if ike.dead_peer_detection is vyos_defined %}
{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %}
dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }}
{% endif %}
close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }}
-{% if peer_conf.vti is defined and peer_conf.vti.bind is defined %}
+{% if peer_conf.vti.bind is vyos_defined %}
updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}"
{# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #}
{# Thus we simply shift the key by one to also support a vti0 interface #}
@@ -151,7 +151,7 @@
if_id_out = {{ if_id }}
{% endif %}
}
-{% if tunnel_conf.passthrough is defined and tunnel_conf.passthrough %}
+{% if tunnel_conf.passthrough is vyos_defined %}
peer_{{ name }}_tunnel_{{ tunnel_id }}_passthough {
local_ts = {{ tunnel_conf.passthrough | join(",") }}
remote_ts = {{ tunnel_conf.passthrough | join(",") }}
diff --git a/data/templates/ipsec/swanctl/profile.tmpl b/data/templates/ipsec/swanctl/profile.tmpl
index a5cae31c0..0f1c2fda2 100644
--- a/data/templates/ipsec/swanctl/profile.tmpl
+++ b/data/templates/ipsec/swanctl/profile.tmpl
@@ -2,14 +2,14 @@
{# peer needs to reference the global IKE configuration for certain values #}
{% set ike = ike_group[profile_conf.ike_group] %}
{% set esp = esp_group[profile_conf.esp_group] %}
-{% if profile_conf.bind is defined and profile_conf.bind.tunnel is defined %}
+{% if profile_conf.bind.tunnel is vyos_defined %}
{% for interface in profile_conf.bind.tunnel %}
dmvpn-{{ name }}-{{ interface }} {
proposals = {{ ike_group[profile_conf.ike_group] | get_esp_ike_cipher | join(',') }}
- version = {{ ike.key_exchange[4:] if ike is defined and ike.key_exchange is defined else "0" }}
+ version = {{ ike.key_exchange[4:] if ike.key_exchange is vyos_defined else "0" }}
rekey_time = {{ ike.lifetime }}s
keyingtries = 0
-{% if profile_conf.authentication is defined and profile_conf.authentication.mode is defined and profile_conf.authentication.mode == 'pre-shared-secret' %}
+{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
local {
auth = psk
}
@@ -25,10 +25,10 @@
local_ts = dynamic[gre]
remote_ts = dynamic[gre]
mode = {{ esp.mode }}
-{% if ike.dead_peer_detection is defined and ike.dead_peer_detection.action is defined %}
+{% if ike.dead_peer_detection.action is vyos_defined %}
dpd_action = {{ ike.dead_peer_detection.action }}
{% endif %}
-{% if esp.compression is defined and esp.compression == 'enable' %}
+{% if esp.compression is vyos_defined('enable') %}
ipcomp = yes
{% endif %}
}
diff --git a/data/templates/ipsec/swanctl/remote_access.tmpl b/data/templates/ipsec/swanctl/remote_access.tmpl
index 6354c60b1..059984139 100644
--- a/data/templates/ipsec/swanctl/remote_access.tmpl
+++ b/data/templates/ipsec/swanctl/remote_access.tmpl
@@ -4,21 +4,21 @@
{% set esp = esp_group[rw_conf.esp_group] %}
ra-{{ name }} {
remote_addrs = %any
- local_addrs = {{ rw_conf.local_address if rw_conf.local_address is defined else '%any' }}
+ local_addrs = {{ rw_conf.local_address if rw_conf.local_address is vyos_defined else '%any' }}
proposals = {{ ike_group[rw_conf.ike_group] | get_esp_ike_cipher | join(',') }}
- version = {{ ike.key_exchange[4:] if ike is defined and ike.key_exchange is defined else "0" }}
+ version = {{ ike.key_exchange[4:] if ike.key_exchange is vyos_defined else "0" }}
send_certreq = no
rekey_time = {{ ike.lifetime }}s
keyingtries = 0
-{% if rw_conf.unique is defined and rw_conf.unique is not none %}
+{% if rw_conf.unique is vyos_defined %}
unique = {{ rw_conf.unique }}
{% endif %}
-{% if rw_conf.pool is defined and rw_conf.pool is not none %}
+{% if rw_conf.pool is vyos_defined %}
pools = {{ rw_conf.pool | join(',') }}
{% endif %}
local {
-{% if rw_conf.authentication.id is defined and rw_conf.authentication.use_x509_id is not defined %}
- id = "{{ rw_conf.authentication.id }}"
+{% if rw_conf.authentication.id is vyos_defined and rw_conf.authentication.use_x509_id is not vyos_defined %}
+ id = '{{ rw_conf.authentication.id }}'
{% endif %}
{% if rw_conf.authentication.server_mode == 'x509' %}
auth = pubkey
@@ -40,8 +40,8 @@
rand_time = 540s
dpd_action = clear
inactivity = {{ rw_conf.timeout }}
-{% set local_prefix = rw_conf.local.prefix if rw_conf.local is defined and rw_conf.local.prefix is defined else ['0.0.0.0/0', '::/0'] %}
-{% set local_port = rw_conf.local.port if rw_conf.local is defined and rw_conf.local.port is defined else '' %}
+{% set local_prefix = rw_conf.local.prefix if rw_conf.local.prefix is vyos_defined else ['0.0.0.0/0', '::/0'] %}
+{% set local_port = rw_conf.local.port if rw_conf.local.port is vyos_defined else '' %}
{% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %}
local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }}
}
diff --git a/data/templates/lcd/LCDd.conf.tmpl b/data/templates/lcd/LCDd.conf.tmpl
index 2c7ad920f..2c8c6602d 100644
--- a/data/templates/lcd/LCDd.conf.tmpl
+++ b/data/templates/lcd/LCDd.conf.tmpl
@@ -48,7 +48,7 @@ DriverPath=/usr/lib/x86_64-linux-gnu/lcdproc/
# sed1520, serialPOS, serialVFD, shuttleVFD, sli, stv5730, svga, t6963,
# text, tyan, ula200, vlsys_m428, xosd, yard2LCD
-{% if model is defined %}
+{% if model is vyos_defined %}
{% if model.startswith('cfa-') %}
Driver=CFontzPacket
{% elif model == 'sdec' %}
@@ -115,7 +115,7 @@ Heartbeat=off
# set title scrolling speed [default: 10; legal: 0-10]
TitleSpeed=10
-{% if model is defined and model is not none %}
+{% if model is vyos_defined %}
{% if model.startswith('cfa-') %}
## CrystalFontz packet driver (for CFA533, CFA631, CFA633 & CFA635) ##
[CFontzPacket]
diff --git a/data/templates/lldp/lldpd.tmpl b/data/templates/lldp/lldpd.tmpl
index 819e70c84..9ab1e4367 100644
--- a/data/templates/lldp/lldpd.tmpl
+++ b/data/templates/lldp/lldpd.tmpl
@@ -1,2 +1,2 @@
### Autogenerated by lldp.py ###
-DAEMON_ARGS="-M 4{% if snmp is defined and snmp.enable is defined %} -x{% endif %}{% if legacy_protocols is defined and legacy_protocols.cdp is defined %} -c{% endif %}{% if legacy_protocols is defined and legacy_protocols.edp is defined %} -e{% endif %}{% if legacy_protocols is defined and legacy_protocols.fdp is defined %} -f{% endif %}{% if legacy_protocols is defined and legacy_protocols.sonmp is defined %} -s{% endif %}"
+DAEMON_ARGS="-M 4{% if snmp.enable is vyos_defined %} -x{% endif %}{% if legacy_protocols.cdp is vyos_defined %} -c{% endif %}{% if legacy_protocols.edp is vyos_defined %} -e{% endif %}{% if legacy_protocols.fdp is vyos_defined %} -f{% endif %}{% if legacy_protocols.sonmp is vyos_defined %} -s{% endif %}"
diff --git a/data/templates/lldp/vyos.conf.tmpl b/data/templates/lldp/vyos.conf.tmpl
index 14395a223..c34a851aa 100644
--- a/data/templates/lldp/vyos.conf.tmpl
+++ b/data/templates/lldp/vyos.conf.tmpl
@@ -2,24 +2,24 @@
configure system platform VyOS
configure system description "VyOS {{ version }}"
-{% if interface is defined and interface is not none %}
+{% if interface is vyos_defined %}
{% set tmp = [] %}
{% for iface, iface_options in interface.items() if not iface_options.disable %}
{% if iface == 'all' %}
{% set iface = '*' %}
{% endif %}
{% set _ = tmp.append(iface) %}
-{% if iface_options.location is defined and iface_options.location is not none %}
-{% if iface_options.location.elin is defined and iface_options.location.elin is not none %}
+{% if iface_options.location is vyos_defined %}
+{% if iface_options.location.elin is vyos_defined %}
configure ports {{ iface }} med location elin "{{ iface_options.location.elin }}"
{% endif %}
-{% if iface_options.location is defined and iface_options.location.coordinate_based is defined and iface_options.location.coordinate_based is not none %}
+{% if iface_options.location.coordinate_based is vyos_defined %}
configure ports {{ iface }} med location coordinate latitude "{{ iface_options.location.coordinate_based.latitude }}" longitude "{{ iface_options.location.coordinate_based.longitude }}" altitude "{{ iface_options.location.coordinate_based.altitude }}m" datum "{{ iface_options.location.coordinate_based.datum }}"
{% endif %}
{% endif %}
{% endfor %}
configure system interface pattern "{{ tmp | join(",") }}"
{% endif %}
-{% if management_address is defined and management_address is not none %}
+{% if management_address is vyos_defined %}
configure system ip management pattern {{ management_address | join(",") }}
{% endif %}
diff --git a/data/templates/login/authorized_keys.tmpl b/data/templates/login/authorized_keys.tmpl
index 639a80e1d..9402c8719 100644
--- a/data/templates/login/authorized_keys.tmpl
+++ b/data/templates/login/authorized_keys.tmpl
@@ -1,9 +1,9 @@
### Automatically generated by system-login.py ###
-{% if authentication is defined and authentication.public_keys is defined and authentication.public_keys is not none %}
+{% if authentication.public_keys is vyos_defined %}
{% for key, key_options in authentication.public_keys.items() %}
{# The whitespace after options is wisely chosen #}
-{{ key_options.options + ' ' if key_options.options is defined }}{{ key_options.type }} {{ key_options.key }} {{ key }}
+{{ key_options.options ~ ' ' if key_options.options is vyos_defined }}{{ key_options.type }} {{ key_options.key }} {{ key }}
{% endfor %}
{% endif %}
diff --git a/data/templates/login/pam_radius_auth.conf.tmpl b/data/templates/login/pam_radius_auth.conf.tmpl
index fad8e7dcb..4e34ade41 100644
--- a/data/templates/login/pam_radius_auth.conf.tmpl
+++ b/data/templates/login/pam_radius_auth.conf.tmpl
@@ -1,10 +1,10 @@
# Automatically generated by system-login.py
# RADIUS configuration file
-{% if radius is defined and radius is not none %}
+{% if radius is vyos_defined %}
{# RADIUS IPv6 source address must be specified in [] notation #}
{% set source_address = namespace() %}
-{% if radius.source_address is defined and radius.source_address is not none %}
+{% if radius.source_address is vyos_defined %}
{% for address in radius.source_address %}
{% if address | is_ipv4 %}
{% set source_address.ipv4 = address %}
@@ -13,15 +13,15 @@
{% endif %}
{% endfor %}
{% endif %}
-{% if radius.server is defined and radius.server is not none %}
+{% if radius.server is vyos_defined %}
# server[:port] shared_secret timeout source_ip
{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #}
{% for server, options in radius.server.items() | sort(attribute='1.priority') if not options.disabled %}
{# RADIUS IPv6 servers must be specified in [] notation #}
{% if server | is_ipv4 %}
-{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is defined }}
+{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is vyos_defined }}
{% else %}
-[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is defined }}
+[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }}
{% endif %}
{% endfor %}
{% endif %}
@@ -29,7 +29,7 @@
priv-lvl 15
mapped_priv_user radius_priv_user
-{% if radius.vrf is defined and radius.vrf is not none %}
+{% if radius.vrf is vyos_defined %}
vrf-name {{ radius.vrf }}
{% endif %}
{% endif %}
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl
index 5b353def8..0ac7cb860 100644
--- a/data/templates/macsec/wpa_supplicant.conf.tmpl
+++ b/data/templates/macsec/wpa_supplicant.conf.tmpl
@@ -45,10 +45,9 @@ network={
# - the key server has decided to enable MACsec
# 0: Encrypt traffic (default)
# 1: Integrity only
- macsec_integ_only={{ '0' if security is defined and security.encrypt is defined else '1' }}
+ macsec_integ_only={{ '0' if security.encrypt is vyos_defined else '1' }}
-{% if security is defined %}
-{% if security.encrypt is defined %}
+{% if security.encrypt is vyos_defined %}
# mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode
# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
# In this mode, instances of wpa_supplicant can act as MACsec peers. The peer
@@ -63,9 +62,9 @@ network={
# mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being
# default priority
mka_priority={{ security.mka.priority }}
-{% endif %}
+{% endif %}
-{% if security.replay_window is defined %}
+{% if security.replay_window is vyos_defined %}
# macsec_replay_protect: IEEE 802.1X/MACsec replay protection
# This setting applies only when MACsec is in use, i.e.,
# - macsec_policy is enabled
@@ -83,7 +82,6 @@ network={
# 0: No replay window, strict check (default)
# 1..2^32-1: number of packets that could be misordered
macsec_replay_window={{ security.replay_window }}
-{% endif %}
{% endif %}
}
diff --git a/data/templates/ndppd/ndppd.conf.tmpl b/data/templates/ndppd/ndppd.conf.tmpl
index 502dab5b8..c41392cc7 100644
--- a/data/templates/ndppd/ndppd.conf.tmpl
+++ b/data/templates/ndppd/ndppd.conf.tmpl
@@ -15,13 +15,13 @@
########################################################
{% set global = namespace(ndppd_interfaces = [],ndppd_prefixs = []) %}
-{% if source is defined and source.rule is defined and source.rule is not none %}
+{% if source.rule is vyos_defined %}
{% for rule, config in source.rule.items() if config.disable is not defined %}
-{% if config.outbound_interface is defined %}
+{% if config.outbound_interface is vyos_defined %}
{% if config.outbound_interface not in global.ndppd_interfaces %}
{% set global.ndppd_interfaces = global.ndppd_interfaces + [config.outbound_interface] %}
{% endif %}
-{% if config.translation is defined and config.translation.address is defined and config.translation.address | is_ip_network %}
+{% if config.translation.address is vyos_defined and config.translation.address | is_ip_network %}
{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface,'rule':config.translation.address}] %}
{% endif %}
{% endif %}
diff --git a/data/templates/nhrp/opennhrp.conf.tmpl b/data/templates/nhrp/opennhrp.conf.tmpl
index e9e9f692a..721d41e49 100644
--- a/data/templates/nhrp/opennhrp.conf.tmpl
+++ b/data/templates/nhrp/opennhrp.conf.tmpl
@@ -1,29 +1,29 @@
# Created by VyOS - manual changes will be overwritten
-{% if tunnel is defined and tunnel is not none %}
+{% if tunnel is vyos_defined %}
{% for name, tunnel_conf in tunnel.items() %}
-{% set type = 'spoke' if tunnel_conf.map is defined or tunnel_conf.dynamic_map is defined else 'hub' %}
-{% set profile_name = profile_map[name] if profile_map is defined and name in profile_map else '' %}
+{% set type = 'spoke' if tunnel_conf.map is vyos_defined or tunnel_conf.dynamic_map is vyos_defined else 'hub' %}
+{% set profile_name = profile_map[name] if profile_map is vyos_defined and name in profile_map else '' %}
interface {{ name }} #{{ type }} {{ profile_name }}
-{% if tunnel_conf.map is defined and tunnel_conf.map is not none %}
+{% if tunnel_conf.map is vyos_defined %}
{% for map, map_conf in tunnel_conf.map.items() %}
-{% set cisco = ' cisco' if map_conf.cisco is defined else '' %}
-{% set register = ' register' if map_conf.register is defined else '' %}
+{% set cisco = ' cisco' if map_conf.cisco is vyos_defined else '' %}
+{% set register = ' register' if map_conf.register is vyos_defined else '' %}
map {{ map }} {{ map_conf.nbma_address }}{{ register }}{{ cisco }}
{% endfor %}
{% endif %}
-{% if tunnel_conf.dynamic_map is defined and tunnel_conf.dynamic_map is not none %}
+{% if tunnel_conf.dynamic_map is vyos_defined %}
{% for map, map_conf in tunnel_conf.dynamic_map.items() %}
dynamic-map {{ map }} {{ map_conf.nbma_domain_name }}
{% endfor %}
{% endif %}
-{% if tunnel_conf.cisco_authentication is defined and tunnel_conf.cisco_authentication is not none %}
+{% if tunnel_conf.cisco_authentication is vyos_defined %}
cisco-authentication {{ tunnel_conf.cisco_authentication }}
{% endif %}
-{% if tunnel_conf.holding_time is defined and tunnel_conf.holding_time is not none %}
+{% if tunnel_conf.holding_time is vyos_defined %}
holding-time {{ tunnel_conf.holding_time }}
{% endif %}
-{% if tunnel_conf.multicast is defined and tunnel_conf.multicast is not none %}
+{% if tunnel_conf.multicast is vyos_defined %}
multicast {{ tunnel_conf.multicast }}
{% endif %}
{% for key in ['non_caching', 'redirect', 'shortcut', 'shortcut_destination'] %}
@@ -31,9 +31,9 @@ interface {{ name }} #{{ type }} {{ profile_name }}
{{ key | replace("_", "-") }}
{% endif %}
{% endfor %}
-{% if tunnel_conf.shortcut_target is defined and tunnel_conf.shortcut_target is not none %}
+{% if tunnel_conf.shortcut_target is vyos_defined %}
{% for target, shortcut_conf in tunnel_conf.shortcut_target.items() %}
- shortcut-target {{ target }}{{ ' holding-time ' + shortcut_conf.holding_time if shortcut_conf.holding_time is defined }}
+ shortcut-target {{ target }}{{ ' holding-time ' + shortcut_conf.holding_time if shortcut_conf.holding_time is vyos_defined }}
{% endfor %}
{% endif %}
diff --git a/data/templates/ntp/ntpd.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl
index e7afcc16b..3123fdf19 100644
--- a/data/templates/ntp/ntpd.conf.tmpl
+++ b/data/templates/ntp/ntpd.conf.tmpl
@@ -15,17 +15,17 @@ restrict -6 ::1
#
# Configurable section
#
-{% if server is defined and server is not none %}
+{% if server is vyos_defined %}
{% for server, config in server.items() %}
{% set association = 'server' %}
-{% if config.pool is defined %}
+{% if config.pool is vyos_defined %}
{% set association = 'pool' %}
{% endif %}
-{{ association }} {{ server | replace('_', '-') }} iburst {{ 'noselect' if config.noselect is defined }} {{ 'preempt' if config.preempt is defined }} {{ 'prefer' if config.prefer is defined }}
+{{ association }} {{ server | replace('_', '-') }} iburst {{ 'noselect' if config.noselect is vyos_defined }} {{ 'preempt' if config.preempt is vyos_defined }} {{ 'prefer' if config.prefer is vyos_defined }}
{% endfor %}
{% endif %}
-{% if allow_clients is defined and allow_clients.address is defined %}
+{% if allow_clients.address is vyos_defined %}
# Allowed clients configuration
restrict default ignore
{% for address in allow_clients.address %}
diff --git a/data/templates/ntp/override.conf.tmpl b/data/templates/ntp/override.conf.tmpl
index 28eb61b21..dbfdc4545 100644
--- a/data/templates/ntp/override.conf.tmpl
+++ b/data/templates/ntp/override.conf.tmpl
@@ -1,4 +1,4 @@
-{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
[Unit]
StartLimitIntervalSec=0
ConditionPathExists={{config_file}}
@@ -6,7 +6,7 @@ After=vyos-router.service
[Service]
ExecStart=
-ExecStart={{vrf_command}}/usr/sbin/ntpd -g -p {{config_file | replace('.conf', '.pid') }} -c {{config_file}} -u ntp:ntp
+ExecStart={{vrf_command}}/usr/sbin/ntpd -g -p {{ config_file | replace('.conf', '.pid') }} -c {{ config_file }} -u ntp:ntp
PIDFile=
PIDFile={{config_file | replace('.conf', '.pid') }}
Restart=always
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl
index 19045c4b4..05b85a610 100644
--- a/data/templates/ocserv/ocserv_config.tmpl
+++ b/data/templates/ocserv/ocserv_config.tmpl
@@ -20,15 +20,15 @@ auth = "plain[/run/ocserv/ocpasswd]"
auth = "plain[/run/ocserv/ocpasswd]"
{% endif %}
-{% if ssl.certificate is defined %}
+{% if ssl.certificate is vyos_defined %}
server-cert = /run/ocserv/cert.pem
server-key = /run/ocserv/cert.key
-{% if ssl.passphrase is defined %}
+{% if ssl.passphrase is vyos_defined %}
key-pin = {{ ssl.passphrase }}
{% endif %}
{% endif %}
-{% if ssl.ca_certificate is defined %}
+{% if ssl.ca_certificate is vyos_defined %}
ca-cert = /run/ocserv/ca.pem
{% endif %}
diff --git a/data/templates/ocserv/ocserv_otp_usr.tmpl b/data/templates/ocserv/ocserv_otp_usr.tmpl
index fea9af5d5..18de5fec6 100644
--- a/data/templates/ocserv/ocserv_otp_usr.tmpl
+++ b/data/templates/ocserv/ocserv_otp_usr.tmpl
@@ -1,7 +1,7 @@
#<token_type> <username> <pin> <secret_hex_key> <counter> <lastpass> <time>
-{% if username is defined %}
+{% if username is vyos_defined %}
{% for user, user_config in username.items() %}
-{% if user_config.disable is not defined and user_config.otp is defined and user_config.otp is not none %}
+{% if user_config.disable is not vyos_defined and user_config.otp is vyos_defined %}
{{ user_config.otp.token_tmpl }} {{ user }} {{ user_config.otp.pin | default("-", true) }} {{ user_config.otp.key }}
{% endif %}
{% endfor %}
diff --git a/data/templates/ocserv/ocserv_passwd.tmpl b/data/templates/ocserv/ocserv_passwd.tmpl
index ffadb4860..30c79d66a 100644
--- a/data/templates/ocserv/ocserv_passwd.tmpl
+++ b/data/templates/ocserv/ocserv_passwd.tmpl
@@ -1,6 +1,8 @@
#<username>:<group>:<hash>
-{% for user in username if username is defined %}
-{% if not "disable" in username[user] %}
-{{ user }}:*:{{ username[user].hash }}
-{% endif %}
-{% endfor %} \ No newline at end of file
+{% if username is vyos_defined %}
+{% for user, user_config in username.items() %}
+{% if user_config.disable is not vyos_defined %}
+{{ user }}:*:{{ user_config.hash }}
+{% endif %}
+{% endfor %}
+{% endif %} \ No newline at end of file
diff --git a/data/templates/openvpn/auth.pw.tmpl b/data/templates/openvpn/auth.pw.tmpl
index 9b20c9742..218121062 100644
--- a/data/templates/openvpn/auth.pw.tmpl
+++ b/data/templates/openvpn/auth.pw.tmpl
@@ -1,5 +1,5 @@
{# Autogenerated by interfaces-openvpn.py #}
-{% if authentication is defined and authentication is not none %}
+{% if authentication is vyos_defined %}
{{ authentication.username }}
{{ authentication.password }}
{% endif %}
diff --git a/data/templates/openvpn/client.conf.tmpl b/data/templates/openvpn/client.conf.tmpl
index e6e15b6ad..98c8b0273 100644
--- a/data/templates/openvpn/client.conf.tmpl
+++ b/data/templates/openvpn/client.conf.tmpl
@@ -3,12 +3,12 @@
{% if ip %}
ifconfig-push {{ ip[0] }} {{ server_subnet[0] | netmask_from_cidr }}
{% endif %}
-{% if push_route is defined and push_route is not none %}
+{% if push_route is vyos_defined %}
{% for route in push_route %}
push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}"
{% endfor %}
{% endif %}
-{% if subnet is defined and subnet is not none %}
+{% if subnet is vyos_defined %}
{% for network in subnet %}
iroute {{ network | address_from_cidr }} {{ network | netmask_from_cidr }}
{% endfor %}
@@ -26,6 +26,6 @@ push "route-ipv6 {{ route6 }}"
iroute-ipv6 {{ net6 }}
{% endfor %}
{% endif %}
-{% if disable is defined %}
+{% if disable is vyos_defined %}
disable
{% endif %}
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index fb7ad9e16..f26680fa3 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -3,7 +3,7 @@
# See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
# for individual keyword definition
#
-# {{ description if description is defined and description is not none }}
+# {{ description if description is vyos_defined }}
#
verb 3
@@ -17,35 +17,35 @@ proto tcp-server
{% else %}
proto udp
{% endif %}
-{% if local_host is defined and local_host is not none %}
+{% if local_host is vyos_defined %}
local {{ local_host }}
{% endif %}
-{% if mode is defined and mode == 'server' and protocol == 'udp' and local_host is not defined %}
+{% if mode is vyos_defined('server') and protocol is vyos_defined('udp') and local_host is not vyos_defined %}
multihome
{% endif %}
-{% if local_port is defined and local_port is not none %}
+{% if local_port is vyos_defined %}
lport {{ local_port }}
{% endif %}
-{% if remote_port is defined and remote_port is not none %}
+{% if remote_port is vyos_defined %}
rport {{ remote_port }}
{% endif %}
-{% if remote_host is defined and remote_host is not none %}
+{% if remote_host is vyos_defined %}
{% for remote in remote_host %}
remote {{ remote }}
{% endfor %}
{% endif %}
-{% if shared_secret_key is defined and shared_secret_key is not none %}
+{% if shared_secret_key is vyos_defined %}
secret /run/openvpn/{{ ifname }}_shared.key
{% endif %}
-{% if persistent_tunnel is defined %}
+{% if persistent_tunnel is vyos_defined %}
persist-tun
{% endif %}
-{% if replace_default_route is defined and replace_default_route.local is defined %}
+{% if replace_default_route.local is vyos_defined %}
push "redirect-gateway local def1"
-{% elif replace_default_route is defined %}
+{% elif replace_default_route is vyos_defined %}
push "redirect-gateway def1"
{% endif %}
-{% if use_lzo_compression is defined %}
+{% if use_lzo_compression is vyos_defined %}
compress lzo
{% endif %}
@@ -62,21 +62,21 @@ nobind
#
mode server
tls-server
-{% if server is defined and server is not none %}
-{% if server.subnet is defined and server.subnet is not none %}
-{% if server.topology is defined and server.topology == 'point-to-point' %}
+{% if server is vyos_defined %}
+{% if server.subnet is vyos_defined %}
+{% if server.topology is vyos_defined('point-to-point') %}
topology p2p
-{% elif server.topology is defined and server.topology is not none %}
+{% elif server.topology is vyos_defined %}
topology {{ server.topology }}
{% endif %}
{% for subnet in server.subnet %}
{% if subnet | is_ipv4 %}
server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool
{# First ip address is used as gateway. It's allows to use metrics #}
-{% if server.push_route is defined and server.push_route is not none %}
+{% if server.push_route is vyos_defined %}
{% for route, route_config in server.push_route.items() %}
{% if route | is_ipv4 %}
-push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}{% if route_config.metric is defined %} {{ subnet | first_host_address }} {{ route_config.metric }}{% endif %}"
+push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}{% if route_config.metric is vyos_defined %} {{ subnet | first_host_address }} {{ route_config.metric }}{% endif %}"
{% elif route | is_ipv6 %}
push "route-ipv6 {{ route }}"
{% endif %}
@@ -84,7 +84,7 @@ push "route-ipv6 {{ route }}"
{% endif %}
{# OpenVPN assigns the first IP address to its local interface so the pool used #}
{# in net30 topology - where each client receives a /30 must start from the second subnet #}
-{% if server.topology is defined and server.topology == 'net30' %}
+{% if server.topology is vyos_defined('net30') %}
ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }}
{% else %}
{# OpenVPN assigns the first IP address to its local interface so the pool must #}
@@ -97,24 +97,24 @@ server-ipv6 {{ subnet }}
{% endfor %}
{% endif %}
-{% if server.client_ip_pool is defined and server.client_ip_pool is not none and server.client_ip_pool.disable is not defined %}
-ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is defined and server.client_ip_pool.subnet_mask is not none }}
+{% if server.client_ip_pool is vyos_defined and server.client_ip_pool.disable is not vyos_defined %}
+ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is vyos_defined }}
{% endif %}
-{% if server.max_connections is defined and server.max_connections is not none %}
+{% if server.max_connections is vyos_defined %}
max-clients {{ server.max_connections }}
{% endif %}
-{% if server.client is defined and server.client is not none %}
+{% if server.client is vyos_defined %}
client-config-dir /run/openvpn/ccd/{{ ifname }}
{% endif %}
{% endif %}
keepalive {{ keep_alive.interval }} {{ keep_alive.interval|int * keep_alive.failure_count|int }}
management /run/openvpn/openvpn-mgmt-intf unix
-{% if server is defined and server is not none %}
-{% if server.reject_unconfigured_clients is defined %}
+{% if server is vyos_defined %}
+{% if server.reject_unconfigured_clients is vyos_defined %}
ccd-exclusive
{% endif %}
-{% if server.name_server is defined and server.name_server is not none %}
+{% if server.name_server is vyos_defined %}
{% for nameserver in server.name_server %}
{% if nameserver | is_ipv4 %}
push "dhcp-option DNS {{ nameserver }}"
@@ -123,14 +123,12 @@ push "dhcp-option DNS6 {{ nameserver }}"
{% endif %}
{% endfor %}
{% endif %}
-{% if server.domain_name is defined and server.domain_name is not none %}
+{% if server.domain_name is vyos_defined %}
push "dhcp-option DOMAIN {{ server.domain_name }}"
{% endif %}
-{% if server.mfa is defined and server.mfa is not none %}
-{% if server.mfa.totp is defined and server.mfa.totp is not none %}
-{% set totp_config = server.mfa.totp %}
+{% if server.mfa.totp is vyos_defined %}
+{% set totp_config = server.mfa.totp %}
plugin "{{ plugin_dir}}/openvpn-otp.so" "otp_secrets=/config/auth/openvpn/{{ ifname }}-otp-secrets {{ 'otp_slop=' ~ totp_config.slop }} {{ 'totp_t0=' ~ totp_config.drift }} {{ 'totp_step=' ~ totp_config.step }} {{ 'totp_digits=' ~ totp_config.digits }} password_is_cr={{ '1' if totp_config.challenge == 'enable' else '0' }}"
-{% endif %}
{% endif %}
{% endif %}
{% else %}
@@ -141,9 +139,9 @@ ping {{ keep_alive.interval }}
ping-restart {{ keep_alive.failure_count }}
{% if device_type == 'tap' %}
-{% if local_address is defined and local_address is not none %}
+{% if local_address is vyos_defined %}
{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %}
-{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %}
+{% if laddr_conf.subnet_mask is vyos_defined %}
ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }}
{% endif %}
{% endfor %}
@@ -162,67 +160,65 @@ ifconfig-ipv6 {{ laddr }} {{ raddr }}
{% endif %}
{% endif %}
-{% if tls is defined and tls is not none %}
+{% if tls is vyos_defined %}
# TLS options
-{% if tls.ca_certificate is defined and tls.ca_certificate is not none %}
+{% if tls.ca_certificate is vyos_defined %}
ca /run/openvpn/{{ ifname }}_ca.pem
{% endif %}
-{% if tls.certificate is defined and tls.certificate is not none %}
+{% if tls.certificate is vyos_defined %}
cert /run/openvpn/{{ ifname }}_cert.pem
{% endif %}
-{% if tls.private_key is defined %}
+{% if tls.private_key is vyos_defined %}
key /run/openvpn/{{ ifname }}_cert.key
{% endif %}
-{% if tls.crypt_key is defined and tls.crypt_key is not none %}
+{% if tls.crypt_key is vyos_defined %}
tls-crypt /run/openvpn/{{ ifname }}_crypt.key
{% endif %}
-{% if tls.crl is defined %}
+{% if tls.crl is vyos_defined %}
crl-verify /run/openvpn/{{ ifname }}_crl.pem
{% endif %}
-{% if tls.tls_version_min is defined and tls.tls_version_min is not none %}
+{% if tls.tls_version_min is vyos_defined %}
tls-version-min {{ tls.tls_version_min }}
{% endif %}
-{% if tls.dh_params is defined and tls.dh_params is not none %}
+{% if tls.dh_params is vyos_defined %}
dh /run/openvpn/{{ ifname }}_dh.pem
-{% elif mode == 'server' and tls.private_key is defined %}
+{% elif mode is vyos_defined('server') and tls.private_key is vyos_defined %}
dh none
{% endif %}
-{% if tls.auth_key is defined and tls.auth_key is not none %}
+{% if tls.auth_key is vyos_defined %}
{% if mode == 'client' %}
tls-auth /run/openvpn/{{ ifname }}_auth.key 1
{% elif mode == 'server' %}
tls-auth /run/openvpn/{{ ifname }}_auth.key 0
{% endif %}
{% endif %}
-{% if tls.role is defined and tls.role is not none %}
-{% if tls.role == 'active' %}
+{% if tls.role is vyos_defined('active') %}
tls-client
-{% elif tls.role == 'passive' %}
+{% elif tls.role is vyos_defined('passive') %}
tls-server
-{% endif %}
{% endif %}
{% endif %}
# Encryption options
-{% if encryption is defined and encryption is not none %}
-{% if encryption.cipher is defined and encryption.cipher is not none %}
+{% if encryption is vyos_defined %}
+{% if encryption.cipher is vyos_defined %}
cipher {{ encryption.cipher | openvpn_cipher }}
-{% if encryption.cipher == 'bf128' %}
+{% if encryption.cipher is vyos_defined('bf128') %}
keysize 128
-{% elif encryption.cipher == 'bf256' %}
+{% elif encryption.cipher is vyos_defined('bf256') %}
keysize 256
{% endif %}
{% endif %}
-{% if encryption.ncp_ciphers is defined and encryption.ncp_ciphers is not none %}
+{% if encryption.ncp_ciphers is vyos_defined %}
data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }}
{% endif %}
{% endif %}
-{% if hash is defined and hash is not none %}
+{% if hash is vyos_defined %}
auth {{ hash }}
{% endif %}
-{% if authentication is defined and authentication is not none %}
+{% if authentication is vyos_defined %}
auth-user-pass {{ auth_user_pass_file }}
auth-retry nointeract
{% endif %}
diff --git a/data/templates/openvpn/service-override.conf.tmpl b/data/templates/openvpn/service-override.conf.tmpl
index 069bdbd08..cba652223 100644
--- a/data/templates/openvpn/service-override.conf.tmpl
+++ b/data/templates/openvpn/service-override.conf.tmpl
@@ -1,7 +1,7 @@
[Service]
ExecStart=
ExecStart=/usr/sbin/openvpn --daemon openvpn-%i --config %i.conf --status %i.status 30 --writepid %i.pid
-{%- if openvpn_option is defined and openvpn_option is not none %}
+{%- if openvpn_option is vyos_defined %}
{% for option in openvpn_option %}
{# Remove the '--' prefix from variable if it is presented #}
{% if option.startswith('--') %}
diff --git a/data/templates/pmacct/override.conf.tmpl b/data/templates/pmacct/override.conf.tmpl
index 216927666..213569ddc 100644
--- a/data/templates/pmacct/override.conf.tmpl
+++ b/data/templates/pmacct/override.conf.tmpl
@@ -1,4 +1,4 @@
-{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
[Unit]
After=
After=vyos-router.service
@@ -8,7 +8,7 @@ ConditionPathExists=/run/pmacct/uacctd.conf
[Service]
EnvironmentFile=
ExecStart=
-ExecStart={{vrf_command}}/usr/sbin/uacctd -f /run/pmacct/uacctd.conf
+ExecStart={{ vrf_command }}/usr/sbin/uacctd -f /run/pmacct/uacctd.conf
WorkingDirectory=
WorkingDirectory=/run/pmacct
PIDFile=
diff --git a/data/templates/pmacct/uacctd.conf.tmpl b/data/templates/pmacct/uacctd.conf.tmpl
index b58f7c796..7e4f80e95 100644
--- a/data/templates/pmacct/uacctd.conf.tmpl
+++ b/data/templates/pmacct/uacctd.conf.tmpl
@@ -5,12 +5,12 @@ pidfile: /run/pmacct/uacctd.pid
uacctd_group: 2
uacctd_nl_size: 2097152
snaplen: {{ packet_length }}
-aggregate: in_iface{{ ',out_iface' if enable_egress is defined }},src_mac,dst_mac,vlan,src_host,dst_host,src_port,dst_port,proto,tos,flows
+aggregate: in_iface{{ ',out_iface' if enable_egress is vyos_defined }},src_mac,dst_mac,vlan,src_host,dst_host,src_port,dst_port,proto,tos,flows
{% set pipe_size = buffer_size | int *1024 *1024 %}
plugin_pipe_size: {{ pipe_size }}
{# We need an integer division (//) without any remainder or fraction #}
plugin_buffer_size: {{ pipe_size // 1000 }}
-{% if syslog_facility is defined and syslog_facility is not none %}
+{% if syslog_facility is vyos_defined %}
syslog: {{ syslog_facility }}
{% endif %}
{% if disable_imt is not defined %}
@@ -19,12 +19,12 @@ imt_mem_pools_number: 169
{% endif %}
{% set plugin = [] %}
-{% if netflow is defined and netflow.server is defined and netflow.server is not none %}
+{% if netflow.server is vyos_defined %}
{% for server in netflow.server %}
{% set _ = plugin.append('nfprobe[nf_' ~ server ~ ']') %}
{% endfor %}
{% endif %}
-{% if sflow is defined and sflow.server is defined and sflow.server is not none %}
+{% if sflow.server is vyos_defined %}
{% for server in sflow.server %}
{% set _ = plugin.append('sfprobe[sf_' ~ server ~ ']') %}
{% endfor %}
@@ -34,39 +34,39 @@ imt_mem_pools_number: 169
{% endif %}
plugins: {{ plugin | join(',') }}
-{% if netflow is defined and netflow.server is defined and netflow.server is not none %}
+{% if netflow.server is vyos_defined %}
# NetFlow servers
{% for server, server_config in netflow.server.items() %}
nfprobe_receiver[nf_{{ server }}]: {{ server }}:{{ server_config.port }}
nfprobe_version[nf_{{ server }}]: {{ netflow.version }}
-{% if netflow.engine_id is defined and netflow.engine_id is not none %}
+{% if netflow.engine_id is vyos_defined %}
nfprobe_engine[nf_{{ server }}]: {{ netflow.engine_id }}
{% endif %}
-{% if netflow.max_flows is defined and netflow.max_flows is not none %}
+{% if netflow.max_flows is vyos_defined %}
nfprobe_maxflows[nf_{{ server }}]: {{ netflow.max_flows }}
{% endif %}
-{% if netflow.sampling_rate is defined and netflow.sampling_rate is not none %}
+{% if netflow.sampling_rate is vyos_defined %}
sampling_rate[nf_{{ server }}]: {{ netflow.sampling_rate }}
{% endif %}
-{% if netflow.source_address is defined and netflow.source_address is not none %}
+{% if netflow.source_address is vyos_defined %}
nfprobe_source_ip[nf_{{ server }}]: {{ netflow.source_address }}
{% endif %}
-{% if netflow.timeout is defined and netflow.timeout is not none %}
+{% if netflow.timeout is vyos_defined %}
nfprobe_timeouts[nf_{{ server }}]: expint={{ netflow.timeout.expiry_interval }}:general={{ netflow.timeout.flow_generic }}:icmp={{ netflow.timeout.icmp }}:maxlife={{ netflow.timeout.max_active_life }}:tcp.fin={{ netflow.timeout.tcp_fin }}:tcp={{ netflow.timeout.tcp_generic }}:tcp.rst={{ netflow.timeout.tcp_rst }}:udp={{ netflow.timeout.udp }}
{% endif %}
{% endfor %}
{% endif %}
-{% if sflow is defined and sflow.server is defined and sflow.server is not none %}
+{% if sflow.server is vyos_defined %}
# sFlow servers
{% for server, server_config in sflow.server.items() %}
sfprobe_receiver[sf_{{ server }}]: {{ server }}:{{ server_config.port }}
sfprobe_agentip[sf_{{ server }}]: {{ sflow.agent_address }}
-{% if sflow.sampling_rate is defined and sflow.sampling_rate is not none %}
+{% if sflow.sampling_rate is vyos_defined %}
sampling_rate[sf_{{ server }}]: {{ sflow.sampling_rate }}
{% endif %}
-{% if sflow.source_address is defined and sflow.source_address is not none %}
+{% if sflow.source_address is vyos_defined %}
sfprobe_source_ip[sf_{{ server }}]: {{ sflow.source_address }}
{% endif %}
diff --git a/data/templates/pppoe/ip-down.script.tmpl b/data/templates/pppoe/ip-down.script.tmpl
index bac4155d6..0be7b03c8 100644
--- a/data/templates/pppoe/ip-down.script.tmpl
+++ b/data/templates/pppoe/ip-down.script.tmpl
@@ -26,13 +26,13 @@ fi
{% if default_route != 'none' %}
# Always delete default route when interface goes down if we installed it
vtysh -c "conf t" ${VRF_NAME} -c "no ip route 0.0.0.0/0 {{ ifname }} ${VRF_NAME}"
-{% if ipv6 is defined and ipv6.address is defined and ipv6.address.autoconf is defined %}
+{% if ipv6.address.autoconf is vyos_defined %}
vtysh -c "conf t" ${VRF_NAME} -c "no ipv6 route ::/0 {{ ifname }} ${VRF_NAME}"
{% endif %}
{% endif %}
{% endif %}
-{% if dhcpv6_options is defined and dhcpv6_options.pd is defined %}
+{% if dhcpv6_options.pd is vyos_defined %}
# Stop wide dhcpv6 client
systemctl stop dhcp6c@{{ ifname }}.service
{% endif %}
diff --git a/data/templates/squid/squid.conf.tmpl b/data/templates/squid/squid.conf.tmpl
index 26aff90bf..e8627b022 100644
--- a/data/templates/squid/squid.conf.tmpl
+++ b/data/templates/squid/squid.conf.tmpl
@@ -15,20 +15,20 @@ acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
-{% if authentication is defined and authentication is not none %}
-{% if authentication.children is defined and authentication.children is not none %}
+{% if authentication is vyos_defined %}
+{% if authentication.children is vyos_defined %}
auth_param basic children {{ authentication.children }}
{% endif %}
-{% if authentication.credentials_ttl is defined and authentication.credentials_ttl is not none %}
+{% if authentication.credentials_ttl is vyos_defined %}
auth_param basic credentialsttl {{ authentication.credentials_ttl }} minute
{% endif %}
-{% if authentication.realm is defined and authentication.realm is not none %}
+{% if authentication.realm is vyos_defined %}
auth_param basic realm "{{ authentication.realm }}"
{% endif %}
{# LDAP based Authentication #}
-{% if authentication.method is defined and authentication.method is not none %}
-{% if authentication.ldap is defined and authentication.ldap is not none and authentication.method == 'ldap' %}
-auth_param basic program /usr/lib/squid/basic_ldap_auth -v {{ authentication.ldap.version }} -b "{{ authentication.ldap.base_dn }}" {{ '-D "' + authentication.ldap.bind_dn + '"' if authentication.ldap.bind_dn is defined }} {{ '-w "' + authentication.ldap.password + '"' if authentication.ldap.password is defined }} {{ '-f "' + authentication.ldap.filter_expression + '"' if authentication.ldap.filter_expression is defined }} {{ '-u "' + authentication.ldap.username_attribute + '"' if authentication.ldap.username_attribute is defined }} -p {{ authentication.ldap.port }} {{ '-ZZ' if authentication.ldap.use_ssl is defined }} -R -h "{{ authentication.ldap.server }}"
+{% if authentication.method is vyos_defined %}
+{% if authentication.ldap is vyos_defined and authentication.method is vyos_defined('ldap') %}
+auth_param basic program /usr/lib/squid/basic_ldap_auth -v {{ authentication.ldap.version }} -b "{{ authentication.ldap.base_dn }}" {{ '-D "' ~ authentication.ldap.bind_dn ~ '"' if authentication.ldap.bind_dn is vyos_defined }} {{ '-w "' ~ authentication.ldap.password ~ '"' if authentication.ldap.password is vyos_defined }} {{ '-f "' ~ authentication.ldap.filter_expression ~ '"' if authentication.ldap.filter_expression is vyos_defined }} {{ '-u "' ~ authentication.ldap.username_attribute ~ '"' if authentication.ldap.username_attribute is vyos_defined }} -p {{ authentication.ldap.port }} {{ '-ZZ' if authentication.ldap.use_ssl is vyos_defined }} -R -h "{{ authentication.ldap.server }}"
{% endif %}
acl auth proxy_auth REQUIRED
http_access allow auth
@@ -43,24 +43,24 @@ http_access allow localhost
http_access allow net
http_access deny all
-{% if reply_block_mime is defined and reply_block_mime is not none %}
+{% if reply_block_mime is vyos_defined %}
{% for mime_type in reply_block_mime %}
acl BLOCK_MIME rep_mime_type {{ mime_type }}
{% endfor %}
http_reply_access deny BLOCK_MIME
{% endif %}
-{% if cache_size is defined and cache_size is not none %}
+{% if cache_size is vyos_defined %}
{% if cache_size | int > 0 %}
cache_dir ufs /var/spool/squid {{ cache_size }} 16 256
{% else %}
# disabling disk cache
{% endif %}
{% endif %}
-{% if mem_cache_size is defined and mem_cache_size is not none %}
+{% if mem_cache_size is vyos_defined %}
cache_mem {{ mem_cache_size }} MB
{% endif %}
-{% if disable_access_log is defined %}
+{% if disable_access_log is vyos_defined %}
access_log none
{% else %}
access_log /var/log/squid/access.log squid
@@ -69,26 +69,26 @@ access_log /var/log/squid/access.log squid
{# by default we'll disable the store log #}
cache_store_log none
-{% if append_domain is defined and append_domain is not none %}
+{% if append_domain is vyos_defined %}
append_domain {{ append_domain }}
{% endif %}
-{% if maximum_object_size is defined and maximum_object_size is not none %}
+{% if maximum_object_size is vyos_defined %}
maximum_object_size {{ maximum_object_size }} KB
{% endif %}
-{% if minimum_object_size is defined and minimum_object_size is not none %}
+{% if minimum_object_size is vyos_defined %}
minimum_object_size {{ minimum_object_size }} KB
{% endif %}
-{% if reply_body_max_size is defined and reply_body_max_size is not none %}
+{% if reply_body_max_size is vyos_defined %}
reply_body_max_size {{ reply_body_max_size }} KB
{% endif %}
-{% if outgoing_address is defined and outgoing_address is not none %}
+{% if outgoing_address is vyos_defined %}
tcp_outgoing_address {{ outgoing_address }}
{% endif %}
-{% if listen_address is defined and listen_address is not none %}
+{% if listen_address is vyos_defined %}
{% for address, config in listen_address.items() %}
-http_port {{ address | bracketize_ipv6 }}:{{ config.port if config.port is defined else default_port }} {{ 'intercept' if config.disable_transparent is not defined }}
+http_port {{ address | bracketize_ipv6 }}:{{ config.port if config.port is vyos_defined else default_port }} {{ 'intercept' if config.disable_transparent is not vyos_defined }}
{% endfor %}
{% endif %}
http_port 127.0.0.1:{{ default_port }}
@@ -97,15 +97,13 @@ http_port 127.0.0.1:{{ default_port }}
forwarded_for off
{# SquidGuard #}
-{% if url_filtering is defined and url_filtering.disable is not defined %}
-{% if url_filtering.squidguard is defined and url_filtering.squidguard is not none %}
+{% if url_filtering.disable is not vyos_defined and url_filtering.squidguard is vyos_defined %}
url_rewrite_program /usr/bin/squidGuard -c {{ squidguard_conf }}
url_rewrite_children 8
url_rewrite_bypass on
-{% endif %}
{% endif %}
-{% if cache_peer is defined and cache_peer is not none %}
+{% if cache_peer is vyos_defined %}
{% for peer, config in cache_peer.items() %}
cache_peer {{ config.address }} {{ config.type }} {{ config.http_port }} {{ config.icp_port }} {{ config.options }}
{% endfor %}
diff --git a/data/templates/squid/squidGuard.conf.tmpl b/data/templates/squid/squidGuard.conf.tmpl
index c59dc901e..5e877f01f 100644
--- a/data/templates/squid/squidGuard.conf.tmpl
+++ b/data/templates/squid/squidGuard.conf.tmpl
@@ -8,14 +8,14 @@ dest {{ category }}-default {
{% if expressions | is_file %}
expressionlist {{ category }}/expressions
{% endif %}
-{% if log is defined %}
+{% if log is vyos_defined %}
log blacklist.log
{% endif %}
}
{% endmacro %}
-{% if url_filtering is defined and url_filtering.disable is not defined %}
-{% if url_filtering.squidguard is defined and url_filtering.squidguard is not none %}
+{% if url_filtering is vyos_defined and url_filtering.disable is not vyos_defined %}
+{% if url_filtering.squidguard is vyos_defined %}
{% set sg_config = url_filtering.squidguard %}
{% set acl = namespace(value='local-ok-default') %}
{% set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %}
@@ -32,52 +32,52 @@ rewrite safesearch {
log rewrite.log
}
-{% if sg_config.local_ok is defined and sg_config.local_ok is not none %}
+{% if sg_config.local_ok is vyos_defined %}
{% set acl.value = acl.value + ' local-ok-default' %}
dest local-ok-default {
domainlist local-ok-default/domains
}
{% endif %}
-{% if sg_config.local_ok_url is defined and sg_config.local_ok_url is not none %}
+{% if sg_config.local_ok_url is vyos_defined %}
{% set acl.value = acl.value + ' local-ok-url-default' %}
dest local-ok-url-default {
urllist local-ok-url-default/urls
}
{% endif %}
-{% if sg_config.local_block is defined and sg_config.local_block is not none %}
+{% if sg_config.local_block is vyos_defined %}
{% set acl.value = acl.value + ' !local-block-default' %}
dest local-block-default {
domainlist local-block-default/domains
}
{% endif %}
-{% if sg_config.local_block_url is defined and sg_config.local_block_url is not none %}
+{% if sg_config.local_block_url is vyos_defined %}
{% set acl.value = acl.value + ' !local-block-url-default' %}
dest local-block-url-default {
urllist local-block-url-default/urls
}
{% endif %}
-{% if sg_config.local_block_keyword is defined and sg_config.local_block_keyword is not none %}
+{% if sg_config.local_block_keyword is vyos_defined %}
{% set acl.value = acl.value + ' !local-block-keyword-default' %}
dest local-block-keyword-default {
expressionlist local-block-keyword-default/expressions
}
{% endif %}
-{% if sg_config.block_category is defined and sg_config.block_category is not none %}
+{% if sg_config.block_category is vyos_defined %}
{% for category in sg_config.block_category %}
{{ sg_rule(category, sg_config.log, squidguard_db_dir) }}
{% set acl.value = acl.value + ' !' + category + '-default' %}
{% endfor %}
{% endif %}
-{% if sg_config.allow_category is defined and sg_config.allow_category is not none %}
+{% if sg_config.allow_category is vyos_defined %}
{% for category in sg_config.allow_category %}
{{ sg_rule(category, False, squidguard_db_dir) }}
{% set acl.value = acl.value + ' ' + category + '-default' %}
{% endfor %}
{% endif %}
-{% if sg_config.source_group is defined and sg_config.source_group is not none %}
+{% if sg_config.source_group is vyos_defined %}
{% for sgroup, sg_config in sg_config.source_group.items() %}
-{% if sg_config.address is defined and sg_config.address is not none %}
+{% if sg_config.address is vyos_defined %}
src {{ sgroup }} {
{% for address in sg_config.address %}
ip {{ address }}
@@ -87,7 +87,7 @@ src {{ sgroup }} {
{% endif %}
{% endfor %}
{% endif %}
-{% if sg_config.rule is defined and sg_config.rule is not none %}
+{% if sg_config.rule is vyos_defined %}
{% for rule, rule_config in sg_config.rule.items() %}
{% for b_category in rule_config.block_category%}
dest {{ b_category }} {
@@ -99,7 +99,7 @@ dest {{ b_category }} {
{% endfor %}
{% endif %}
acl {
-{% if sg_config.rule is defined and sg_config.rule is not none %}
+{% if sg_config.rule is vyos_defined %}
{% for rule, rule_config in sg_config.rule.items() %}
{{ rule_config.source_group }} {
{% for b_category in rule_config.block_category%}
@@ -110,12 +110,12 @@ acl {
{% endif %}
default {
-{% if sg_config.enable_safe_search is defined %}
+{% if sg_config.enable_safe_search is vyos_defined %}
rewrite safesearch
{% endif %}
- pass {{ acl.value }} {{ 'none' if sg_config.default_action is defined and sg_config.default_action == 'block' else 'allow' }}
+ pass {{ acl.value }} {{ 'none' if sg_config.default_action is vyos_defined('block') else 'allow' }}
redirect 302:http://{{ sg_config.redirect_url }}
-{% if sg_config.log is defined and sg_config.log is not none %}
+{% if sg_config.log is vyos_defined %}
log blacklist.log
{% endif %}
}
diff --git a/data/templates/vyos-hostsd/hosts.tmpl b/data/templates/vyos-hostsd/hosts.tmpl
index 03662d562..bc75d384e 100644
--- a/data/templates/vyos-hostsd/hosts.tmpl
+++ b/data/templates/vyos-hostsd/hosts.tmpl
@@ -12,13 +12,13 @@ ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
-{% if hosts is defined and hosts is not none %}
+{% if hosts is vyos_defined %}
# From 'system static-host-mapping' and DHCP server
{% for tag, taghosts in hosts.items() %}
# {{ tag }}
-{% for host, hostprops in taghosts.items() if hostprops.address is defined %}
+{% for host, hostprops in taghosts.items() if hostprops.address is vyos_defined %}
{% for addr in hostprops.address %}
-{{ "%-15s" | format(addr) }} {{ host }} {{ hostprops.aliases|join(' ') if hostprops.aliases is defined }}
+{{ "%-15s" | format(addr) }} {{ host }} {{ hostprops.aliases|join(' ') if hostprops.aliases is vyos_defined }}
{% endfor %}
{% endfor %}
{% endfor %}
diff --git a/data/templates/zone_policy/nftables.tmpl b/data/templates/zone_policy/nftables.tmpl
index 4a6bd2772..9e532b79e 100644
--- a/data/templates/zone_policy/nftables.tmpl
+++ b/data/templates/zone_policy/nftables.tmpl
@@ -1,18 +1,18 @@
#!/usr/sbin/nft -f
-{% if cleanup_commands is defined %}
+{% if cleanup_commands is vyos_defined %}
{% for command in cleanup_commands %}
{{ command }}
{% endfor %}
{% endif %}
-{% if zone is defined %}
+{% if zone is vyos_defined %}
table ip filter {
{% for zone_name, zone_conf in zone.items() if zone_conf.ipv4 %}
-{% if zone_conf.local_zone is defined %}
+{% if zone_conf.local_zone is vyos_defined %}
chain VZONE_{{ zone_name }}_IN {
iifname lo counter return
-{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is defined %}
+{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is vyos_defined %}
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
@@ -20,7 +20,7 @@ table ip filter {
}
chain VZONE_{{ zone_name }}_OUT {
oifname lo counter return
-{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.name is defined %}
+{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.name is vyos_defined %}
oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
oifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
@@ -29,10 +29,10 @@ table ip filter {
{% else %}
chain VZONE_{{ zone_name }} {
iifname { {{ zone_conf.interface | join(",") }} } counter {{ zone_conf | nft_intra_zone_action(ipv6=False) }}
-{% if zone_conf.intra_zone_filtering is defined %}
+{% if zone_conf.intra_zone_filtering is vyos_defined %}
iifname { {{ zone_conf.interface | join(",") }} } counter return
{% endif %}
-{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is defined %}
+{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is vyos_defined %}
{% if zone[from_zone].local_zone is not defined %}
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
@@ -46,10 +46,10 @@ table ip filter {
table ip6 filter {
{% for zone_name, zone_conf in zone.items() if zone_conf.ipv6 %}
-{% if zone_conf.local_zone is defined %}
+{% if zone_conf.local_zone is vyos_defined %}
chain VZONE6_{{ zone_name }}_IN {
iifname lo counter return
-{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is defined %}
+{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is vyos_defined %}
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
@@ -57,7 +57,7 @@ table ip6 filter {
}
chain VZONE6_{{ zone_name }}_OUT {
oifname lo counter return
-{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.ipv6_name is defined %}
+{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.ipv6_name is vyos_defined %}
oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
oifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
@@ -66,10 +66,10 @@ table ip6 filter {
{% else %}
chain VZONE6_{{ zone_name }} {
iifname { {{ zone_conf.interface | join(",") }} } counter {{ zone_conf | nft_intra_zone_action(ipv6=True) }}
-{% if zone_conf.intra_zone_filtering is defined %}
+{% if zone_conf.intra_zone_filtering is vyos_defined %}
iifname { {{ zone_conf.interface | join(",") }} } counter return
{% endif %}
-{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is defined %}
+{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is vyos_defined %}
{% if zone[from_zone].local_zone is not defined %}
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
@@ -101,7 +101,7 @@ insert rule ip6 filter VYOS_FW6_FORWARD oifname { {{ zone_conf.interface | join(
{% endfor %}
{# Ensure that state-policy rule is first in the chain #}
-{% if firewall.state_policy is defined %}
+{% if firewall.state_policy is vyos_defined %}
{% for chain in ['VYOS_FW_FORWARD', 'VYOS_FW_OUTPUT', 'VYOS_FW_LOCAL'] %}
insert rule ip filter {{ chain }} jump VYOS_STATE_POLICY
{% endfor %}