summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/frr/bgpd.frr.j232
-rw-r--r--data/templates/frr/daemons.frr.tmpl3
-rw-r--r--data/templates/load-balancing/haproxy.cfg.j213
-rw-r--r--data/templates/ocserv/ocserv_config.j25
4 files changed, 45 insertions, 8 deletions
diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2
index 641dac44a..679ba8b04 100644
--- a/data/templates/frr/bgpd.frr.j2
+++ b/data/templates/frr/bgpd.frr.j2
@@ -470,6 +470,38 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% endfor %}
{% endif %}
!
+{% if bmp is vyos_defined %}
+{% if bmp.mirror_buffer_limit is vyos_defined %}
+ bmp mirror buffer-limit {{ bmp.mirror_buffer_limit }}
+ !
+{% endif %}
+{% if bmp.target is vyos_defined %}
+{% for bmp, bmp_config in bmp.target.items() %}
+ bmp targets {{ bmp }}
+{% if bmp_config.mirror is vyos_defined %}
+ bmp mirror
+{% endif %}
+{% if bmp_config.monitor is vyos_defined %}
+{% if bmp_config.monitor.ipv4_unicast.pre_policy is vyos_defined %}
+ bmp monitor ipv4 unicast pre-policy
+{% endif %}
+{% if bmp_config.monitor.ipv4_unicast.post_policy is vyos_defined %}
+ bmp monitor ipv4 unicast post-policy
+{% endif %}
+{% if bmp_config.monitor.ipv6_unicast.pre_policy is vyos_defined %}
+ bmp monitor ipv6 unicast pre-policy
+{% endif %}
+{% if bmp_config.monitor.ipv6_unicast.post_policy is vyos_defined %}
+ bmp monitor ipv6 unicast post-policy
+{% endif %}
+{% endif %}
+{% if bmp_config.address is vyos_defined %}
+ bmp connect {{ bmp_config.address }} port {{ bmp_config.port }} min-retry {{ bmp_config.min_retry }} max-retry {{ bmp_config.max_retry }}
+{% endif %}
+{% endfor %}
+ exit
+{% endif %}
+{% endif %}
{% if peer_group is vyos_defined %}
{% for peer, config in peer_group.items() %}
{{ bgp_neighbor(peer, config, true) }}
diff --git a/data/templates/frr/daemons.frr.tmpl b/data/templates/frr/daemons.frr.tmpl
index a65f0868a..c637e18bc 100644
--- a/data/templates/frr/daemons.frr.tmpl
+++ b/data/templates/frr/daemons.frr.tmpl
@@ -108,7 +108,6 @@ valgrind_enable=no
frr_profile="traditional"
-#MAX_FDS=1024
+MAX_FDS={{ descriptors }}
#FRR_NO_ROOT="yes"
-
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2
index a75ee9904..defb76fba 100644
--- a/data/templates/load-balancing/haproxy.cfg.j2
+++ b/data/templates/load-balancing/haproxy.cfg.j2
@@ -50,13 +50,19 @@ defaults
{% if service is vyos_defined %}
{% for front, front_config in service.items() %}
frontend {{ front }}
-{% set ssl_front = 'ssl crt /run/haproxy/' ~ front_config.ssl.certificate ~ '.pem' if front_config.ssl.certificate is vyos_defined else '' %}
+{% set ssl_front = [] %}
+{% if front_config.ssl.certificate is vyos_defined and front_config.ssl.certificate is iterable %}
+{% for cert in front_config.ssl.certificate %}
+{% set _ = ssl_front.append('crt /run/haproxy/' ~ cert ~ '.pem') %}
+{% endfor %}
+{% endif %}
+{% set ssl_directive = 'ssl' if ssl_front else '' %}
{% if front_config.listen_address is vyos_defined %}
{% for address in front_config.listen_address %}
- bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_front }}
+ bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_directive }} {{ ssl_front | join(' ') }}
{% endfor %}
{% else %}
- bind :::{{ front_config.port }} v4v6 {{ ssl_front }}
+ bind :::{{ front_config.port }} v4v6 {{ ssl_directive }} {{ ssl_front | join(' ') }}
{% endif %}
{% if front_config.redirect_http_to_https is vyos_defined %}
http-request redirect scheme https unless { ssl_fc }
@@ -161,4 +167,3 @@ backend {{ back }}
{% endfor %}
{% endif %}
-
diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index 80ba357bc..b5e890c32 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -121,12 +121,12 @@ select-group = {{ grp }}
{% endfor %}
{% endif %}
-
+{% if http_security_headers is vyos_defined %}
# HTTP security headers
included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains
included-http-headers = X-Frame-Options: deny
included-http-headers = X-Content-Type-Options: nosniff
-included-http-headers = Content-Security-Policy: default-src ´none´
+included-http-headers = Content-Security-Policy: default-src "none"
included-http-headers = X-Permitted-Cross-Domain-Policies: none
included-http-headers = Referrer-Policy: no-referrer
included-http-headers = Clear-Site-Data: "cache","cookies","storage"
@@ -136,3 +136,4 @@ included-http-headers = Cross-Origin-Resource-Policy: same-origin
included-http-headers = X-XSS-Protection: 0
included-http-headers = Pragma: no-cache
included-http-headers = Cache-control: no-store, no-cache
+{% endif %}
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-12 21:56:36 +0000