summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/accel-ppp/chap-secrets.config_dict.tmpl10
-rw-r--r--data/templates/accel-ppp/config_chap_secrets_radius.j218
-rw-r--r--data/templates/accel-ppp/config_ip_pool.j28
-rw-r--r--data/templates/accel-ppp/config_ipv6_pool.j28
-rw-r--r--data/templates/accel-ppp/config_modules_auth_mode.j24
-rw-r--r--data/templates/accel-ppp/config_modules_ipv6.j22
-rw-r--r--data/templates/accel-ppp/config_name_server.j24
-rw-r--r--data/templates/accel-ppp/config_shaper_radius.j26
-rw-r--r--data/templates/accel-ppp/pppoe.config.tmpl52
-rw-r--r--data/templates/accel-ppp/sstp.config.tmpl2
-rw-r--r--data/templates/https/nginx.default.tmpl34
-rw-r--r--data/templates/https/override.conf.tmpl2
-rw-r--r--data/templates/https/vyos-http-api.service.tmpl4
-rw-r--r--data/templates/pppoe/peer.tmpl26
-rw-r--r--data/templates/router-advert/radvd.conf.tmpl42
-rw-r--r--data/templates/snmp/etc.snmp.conf.tmpl2
-rw-r--r--data/templates/snmp/etc.snmpd.conf.tmpl56
-rw-r--r--data/templates/snmp/override.conf.tmpl6
-rw-r--r--data/templates/snmp/usr.snmpd.conf.tmpl2
-rw-r--r--data/templates/snmp/var.snmpd.conf.tmpl6
-rw-r--r--data/templates/ssh/override.conf.tmpl6
-rw-r--r--data/templates/ssh/sshd_config.tmpl53
-rw-r--r--data/templates/system/curlrc.tmpl8
-rw-r--r--data/templates/system/ssh_config.tmpl2
-rw-r--r--data/templates/system/sysctl.conf.tmpl2
25 files changed, 176 insertions, 189 deletions
diff --git a/data/templates/accel-ppp/chap-secrets.config_dict.tmpl b/data/templates/accel-ppp/chap-secrets.config_dict.tmpl
index da64b64d5..d4e8bb2aa 100644
--- a/data/templates/accel-ppp/chap-secrets.config_dict.tmpl
+++ b/data/templates/accel-ppp/chap-secrets.config_dict.tmpl
@@ -1,12 +1,10 @@
# username server password acceptable local IP addresses shaper
-{% if authentication is defined and authentication.local_users is defined and authentication.local_users.username is defined %}
-{% for user, user_config in authentication.local_users.username.items() %}
-{% if user_config.disabled is not defined %}
-{% if user_config.rate_limit is defined %}
+{% if authentication.local_users.username is vyos_defined %}
+{% for user, user_config in authentication.local_users.username.items() if user_config.disabled is not vyos_defined %}
+{% if user_config.rate_limit is vyos_defined %}
{{ "%-12s" | format(user) }} * {{ "%-16s" | format(user_config.password) }} {{ "%-16s" | format(user_config.static_ip) }} {{ user_config.rate_limit.download }}/{{ user_config.rate_limit.upload }}
-{% else %}
+{% else %}
{{ "%-12s" | format(user) }} * {{ "%-16s" | format(user_config.password) }} {{ "%-16s" | format(user_config.static_ip) }}
-{% endif %}
{% endif %}
{% endfor %}
{% endif %}
diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2
index 49af3a228..1b28dbe46 100644
--- a/data/templates/accel-ppp/config_chap_secrets_radius.j2
+++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2
@@ -1,33 +1,33 @@
-{% if authentication.mode is defined and authentication.mode == 'local' %}
+{% if authentication.mode is vyos_defined('local') %}
[chap-secrets]
chap-secrets={{ chap_secrets_file }}
-{% elif authentication.mode is defined and authentication.mode == 'radius' %}
+{% elif authentication.mode is vyos_defined('radius') %}
[radius]
verbose=1
-{% for server, options in authentication.radius.server.items() if not options.disable is defined %}
+{% for server, options in authentication.radius.server.items() if not options.disable is vyos_defined %}
server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }}
{% endfor %}
-{% if authentication.radius.acct_interim_jitter is defined and authentication.radius.acct_interim_jitter is not none %}
+{% if authentication.radius.acct_interim_jitter is vyos_defined %}
acct-interim-jitter={{ authentication.radius.acct_interim_jitter }}
{% endif %}
acct-timeout={{ authentication.radius.acct_timeout }}
timeout={{ authentication.radius.timeout }}
max-try={{ authentication.radius.max_try }}
-{% if authentication.radius.nas_identifier is defined and authentication.radius.nas_identifier is not none %}
+{% if authentication.radius.nas_identifier is vyos_defined %}
nas-identifier={{ authentication.radius.nas_identifier }}
{% endif %}
-{% if authentication.radius.nas_ip_address is defined and authentication.radius.nas_ip_address is not none %}
+{% if authentication.radius.nas_ip_address is vyos_defined %}
nas-ip-address={{ authentication.radius.nas_ip_address }}
{% endif %}
-{% if authentication.radius.source_address is defined and authentication.radius.source_address is not none %}
+{% if authentication.radius.source_address is vyos_defined %}
bind={{ authentication.radius.source_address }}
{% endif %}
-{% if authentication.radius.dynamic_author.server is defined and authentication.radius.dynamic_author.server is not none %}
+{% if authentication.radius.dynamic_author.server is vyos_defined %}
dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }}
{% endif %}
{% endif %}
{# Both chap-secrets and radius block required the gw-ip-address #}
-{% if gateway_address is defined and gateway_address is not none %}
+{% if gateway_address is vyos_defined %}
gw-ip-address={{ gateway_address }}
{% endif %}
diff --git a/data/templates/accel-ppp/config_ip_pool.j2 b/data/templates/accel-ppp/config_ip_pool.j2
index 3b0f68084..ec1c77112 100644
--- a/data/templates/accel-ppp/config_ip_pool.j2
+++ b/data/templates/accel-ppp/config_ip_pool.j2
@@ -1,12 +1,12 @@
-{% if client_ip_pool is defined and client_ip_pool is not none %}
+{% if client_ip_pool is vyos_defined %}
[ip-pool]
-{% if gateway_address is defined and gateway_address is not none %}
+{% if gateway_address is vyos_defined %}
gw-ip-address={{ gateway_address }}
{% endif %}
-{% if client_ip_pool.start is defined and client_ip_pool.stop is defined and client_ip_pool.start is not none and client_ip_pool.stop is not none %}
+{% if client_ip_pool.start is vyos_defined and client_ip_pool.stop is vyos_defined %}
{{ client_ip_pool.start }}-{{ client_ip_pool.stop.split('.')[3] }}
{% endif %}
-{% if client_ip_pool.subnet is defined and client_ip_pool.subnet is not none %}
+{% if client_ip_pool.subnet is vyos_defined %}
{% for subnet in client_ip_pool.subnet %}
{{ subnet }}
{% endfor %}
diff --git a/data/templates/accel-ppp/config_ipv6_pool.j2 b/data/templates/accel-ppp/config_ipv6_pool.j2
index f45bf9442..99a930fb2 100644
--- a/data/templates/accel-ppp/config_ipv6_pool.j2
+++ b/data/templates/accel-ppp/config_ipv6_pool.j2
@@ -1,19 +1,19 @@
-{% if client_ipv6_pool is defined and client_ipv6_pool is not none %}
+{% if client_ipv6_pool is vyos_defined %}
[ipv6-nd]
AdvAutonomousFlag=1
-{% if client_ipv6_pool.prefix is defined and client_ipv6_pool.prefix is not none %}
+{% if client_ipv6_pool.prefix is vyos_defined %}
[ipv6-pool]
{% for prefix, options in client_ipv6_pool.prefix.items() %}
{{ prefix }},{{ options.mask }}
{% endfor %}
-{% if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %}
+{% if client_ipv6_pool.delegate is vyos_defined %}
{% for prefix, options in client_ipv6_pool.delegate.items() %}
delegate={{ prefix }},{{ options.delegation_prefix }}
{% endfor %}
{% endif %}
{% endif %}
-{% if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %}
+{% if client_ipv6_pool.delegate is vyos_defined %}
[ipv6-dhcp]
verbose=1
{% endif %}
diff --git a/data/templates/accel-ppp/config_modules_auth_mode.j2 b/data/templates/accel-ppp/config_modules_auth_mode.j2
index e3d578b38..3fb8a011f 100644
--- a/data/templates/accel-ppp/config_modules_auth_mode.j2
+++ b/data/templates/accel-ppp/config_modules_auth_mode.j2
@@ -1,5 +1,5 @@
-{% if authentication is defined and authentication.mode is defined and authentication.mode == 'local' %}
+{% if authentication.mode is vyos_defined('local') %}
chap-secrets
-{% elif authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %}
+{% elif authentication.mode is vyos_defined('radius') %}
radius
{% endif %}
diff --git a/data/templates/accel-ppp/config_modules_ipv6.j2 b/data/templates/accel-ppp/config_modules_ipv6.j2
index 02740ce7c..6174779a5 100644
--- a/data/templates/accel-ppp/config_modules_ipv6.j2
+++ b/data/templates/accel-ppp/config_modules_ipv6.j2
@@ -1,4 +1,4 @@
-{% if ppp_options.ipv6 is defined and ppp_options.ipv6 != 'deny' %}
+{% if ppp_options.ipv6 is vyos_defined and ppp_options.ipv6 is not vyos_defined('deny') %}
ipv6pool
ipv6_nd
ipv6_dhcp
diff --git a/data/templates/accel-ppp/config_name_server.j2 b/data/templates/accel-ppp/config_name_server.j2
index 2bf064f92..4b4b5fb68 100644
--- a/data/templates/accel-ppp/config_name_server.j2
+++ b/data/templates/accel-ppp/config_name_server.j2
@@ -1,11 +1,11 @@
-{% if name_server_ipv4 is defined and name_server_ipv4 is not none %}
+{% if name_server_ipv4 is vyos_defined %}
[dns]
{% for ns in name_server_ipv4 %}
dns{{ loop.index }}={{ ns }}
{% endfor %}
{% endif %}
-{% if name_server_ipv6 is defined and name_server_ipv6 is not none %}
+{% if name_server_ipv6 is vyos_defined %}
[ipv6-dns]
{% for ns in name_server_ipv6 %}
{{ ns }}
diff --git a/data/templates/accel-ppp/config_shaper_radius.j2 b/data/templates/accel-ppp/config_shaper_radius.j2
index 8de5f5df3..cf8b4871b 100644
--- a/data/templates/accel-ppp/config_shaper_radius.j2
+++ b/data/templates/accel-ppp/config_shaper_radius.j2
@@ -1,9 +1,9 @@
-{% if authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %}
-{% if authentication is defined and authentication.radius is defined and authentication.radius.rate_limit is defined and authentication.radius.rate_limit.enable is defined %}
+{% if authentication.mode is vyos_defined('radius') %}
+{% if authentication.radius.rate_limit.enable is vyos_defined %}
[shaper]
verbose=1
attr={{ authentication.radius.rate_limit.attribute }}
-{% if authentication.radius.rate_limit.vendor is defined and authentication.radius.rate_limit.vendor is not none %}
+{% if authentication.radius.rate_limit.vendor is vyos_defined %}
vendor={{ authentication.radius.rate_limit.vendor }}
{% endif %}
{% endif %}
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl
index 0a8e0079b..81b98cc81 100644
--- a/data/templates/accel-ppp/pppoe.config.tmpl
+++ b/data/templates/accel-ppp/pppoe.config.tmpl
@@ -11,13 +11,13 @@ ippool
{# Common authentication protocols (pap, chap ...) #}
{% include 'accel-ppp/config_modules_auth_protocols.j2' %}
-{% if snmp is defined %}
+{% if snmp is vyos_defined %}
net-snmp
{% endif %}
-{% if limits is defined %}
+{% if limits is vyos_defined %}
connlimit
{% endif %}
-{% if extended_scripts is defined %}
+{% if extended_scripts is vyos_defined %}
sigchld
pppd_compat
{% endif %}
@@ -30,7 +30,7 @@ syslog=accel-pppoe,daemon
copy=1
level=5
-{% if snmp is defined and snmp.master_agent is defined %}
+{% if snmp.master_agent is vyos_defined %}
[snmp]
master=1
{% endif %}
@@ -47,7 +47,7 @@ disable
{# Common DNS name-server definition #}
{% include 'accel-ppp/config_name_server.j2' %}
-{% if wins_server is defined and wins_server is not none %}
+{% if wins_server is vyos_defined %}
[wins]
{% for server in wins_server %}
wins{{ loop.index }}={{ server }}
@@ -57,7 +57,7 @@ wins{{ loop.index }}={{ server }}
{# Common chap-secrets and RADIUS server/option definitions #}
{% include 'accel-ppp/config_chap_secrets_radius.j2' %}
-{% if session_control is defined and session_control != 'disable' %}
+{% if session_control is vyos_defined and session_control is not vyos_defined('disable') %}
[common]
single-session={{ session_control }}
{% endif %}
@@ -65,37 +65,37 @@ single-session={{ session_control }}
[ppp]
verbose=1
check-ip=1
-ccp={{ "1" if ppp_options.ccp is defined else "0" }}
-unit-preallocate={{ "1" if authentication.radius.preallocate_vif is defined else "0" }}
-{% if ppp_options.min_mtu is defined and ppp_options.min_mtu is not none %}
+ccp={{ "1" if ppp_options.ccp is vyos_defined else "0" }}
+unit-preallocate={{ "1" if authentication.radius.preallocate_vif is vyos_defined else "0" }}
+{% if ppp_options.min_mtu is vyos_defined %}
min-mtu={{ ppp_options.min_mtu }}
{% else %}
min-mtu={{ mtu }}
{% endif %}
-{% if ppp_options.mru is defined and ppp_options.mru is not none %}
+{% if ppp_options.mru is vyos_defined %}
mru={{ ppp_options.mru }}
{% endif %}
mppe={{ ppp_options.mppe }}
lcp-echo-interval={{ ppp_options.lcp_echo_interval }}
lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }}
lcp-echo-failure={{ ppp_options.lcp_echo_failure }}
-{% if ppp_options.ipv4 is defined and ppp_options.ipv4 is not none %}
+{% if ppp_options.ipv4 is vyos_defined %}
ipv4={{ ppp_options.ipv4 }}
{% endif %}
{# IPv6 #}
-{% if ppp_options.ipv6 is defined and ppp_options.ipv6 is not none %}
+{% if ppp_options.ipv6 is vyos_defined %}
ipv6={{ ppp_options.ipv6 }}
-{% if ppp_options.ipv6_intf_id is defined and ppp_options.ipv6_intf_id is not none %}
+{% if ppp_options.ipv6_intf_id is vyos_defined %}
ipv6-intf-id={{ ppp_options.ipv6_intf_id }}
{% endif %}
-{% if ppp_options.ipv6_peer_intf_id is defined and ppp_options.ipv6_peer_intf_id is not none %}
+{% if ppp_options.ipv6_peer_intf_id is vyos_defined %}
ipv6-peer-intf-id={{ ppp_options.ipv6_peer_intf_id }}
{% endif %}
-ipv6-accept-peer-intf-id={{ "1" if ppp_options.ipv6_accept_peer_intf_id is defined else "0" }}
+ipv6-accept-peer-intf-id={{ "1" if ppp_options.ipv6_accept_peer_intf_id is vyos_defined else "0" }}
{% endif %}
{# MTU #}
mtu={{ mtu }}
-{% if ppp_options.interface_cache is defined and ppp_options.interface_cache is not none %}
+{% if ppp_options.interface_cache is vyos_defined %}
unit-cache={{ ppp_options.interface_cache }}
{% endif %}
@@ -103,18 +103,18 @@ unit-cache={{ ppp_options.interface_cache }}
verbose=1
ac-name={{ access_concentrator }}
-{% if interface is defined and interface is not none %}
+{% if interface is vyos_defined %}
{% for iface, iface_config in interface.items() %}
-{% if iface_config.vlan_id is not defined and iface_config.vlan_range is not defined %}
+{% if iface_config.vlan_id is not vyos_defined and iface_config.vlan_range is not vyos_defined %}
interface={{ iface }}
{% endif %}
-{% if iface_config.vlan_range is defined %}
+{% if iface_config.vlan_range is vyos_defined %}
{% for regex in iface_config.regex %}
interface=re:^{{ iface | replace('.', '\\.') }}\.({{ regex }})$
{% endfor %}
vlan-mon={{ iface }},{{ iface_config.vlan_range | join(',') }}
{% endif %}
-{% if iface_config.vlan_id is defined %}
+{% if iface_config.vlan_id is vyos_defined %}
{% for vlan in iface_config.vlan_id %}
vlan-mon={{ iface }},{{ vlan }}
interface=re:^{{ iface | replace('.', '\\.') }}\.{{ vlan }}$
@@ -138,19 +138,19 @@ service-name={{ service_name | join(',') }}
{% endfor %}
pado-delay={{ pado_delay_param.value }}
{% endif %}
-{% if authentication.radius.called_sid_format is defined and authentication.radius.called_sid_format is not none %}
+{% if authentication.radius.called_sid_format is vyos_defined %}
called-sid={{ authentication.radius.called_sid_format }}
{% endif %}
-{% if limits is defined %}
+{% if limits is vyos_defined %}
[connlimit]
-{% if limits.connection_limit is defined and limits.connection_limit is not none %}
+{% if limits.connection_limit is vyos_defined %}
limit={{ limits.connection_limit }}
{% endif %}
-{% if limits.burst is defined and limits.burst %}
+{% if limits.burst is vyos_defined %}
burst={{ limits.burst }}
{% endif %}
-{% if limits.timeout is defined and limits.timeout is not none %}
+{% if limits.timeout is vyos_defined %}
timeout={{ limits.timeout }}
{% endif %}
{% endif %}
@@ -158,7 +158,7 @@ timeout={{ limits.timeout }}
{# Common RADIUS shaper configuration #}
{% include 'accel-ppp/config_shaper_radius.j2' %}
-{% if extended_scripts is defined %}
+{% if extended_scripts is vyos_defined %}
[pppd-compat]
verbose=1
radattr-prefix=/run/accel-pppd/radattr
diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl
index 8fd7d230d..5c6f19306 100644
--- a/data/templates/accel-ppp/sstp.config.tmpl
+++ b/data/templates/accel-ppp/sstp.config.tmpl
@@ -50,7 +50,7 @@ verbose=1
check-ip=1
{# MTU #}
mtu={{ mtu }}
-ipv6={{ 'allow' if ppp_options.ipv6 == "deny" and client_ipv6_pool is defined else ppp_options.ipv6 }}
+ipv6={{ 'allow' if ppp_options.ipv6 is vyos_defined("deny") and client_ipv6_pool is vyos_defined else ppp_options.ipv6 }}
ipv4={{ ppp_options.ipv4 }}
mppe={{ ppp_options.mppe }}
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl
index 73ab88aae..a51505270 100644
--- a/data/templates/https/nginx.default.tmpl
+++ b/data/templates/https/nginx.default.tmpl
@@ -4,52 +4,56 @@
{% for server in server_block_list %}
server {
+
# SSL configuration
#
-{% if server.address is vyos_defined('*') %}
+{% if server.address == '*' %}
listen {{ server.port }} ssl;
listen [::]:{{ server.port }} ssl;
-{% else %}
+{% else %}
listen {{ server.address | bracketize_ipv6 }}:{{ server.port }} ssl;
-{% endif %}
+{% endif %}
-{% for name in server.name %}
+{% for name in server.name %}
server_name {{ name }};
-{% endfor %}
+{% endfor %}
-{% if server.certbot is vyos_defined %}
+{% if server.certbot %}
ssl_certificate {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/fullchain.pem;
ssl_certificate_key {{ server.certbot_dir }}/live/{{ server.certbot_domain_dir }}/privkey.pem;
include {{ server.certbot_dir }}/options-ssl-nginx.conf;
ssl_dhparam {{ server.certbot_dir }}/ssl-dhparams.pem;
-{% elif server.vyos_cert is vyos_defined %}
+{% elif server.vyos_cert %}
ssl_certificate {{ server.vyos_cert.crt }};
ssl_certificate_key {{ server.vyos_cert.key }};
-{% else %}
+{% else %}
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
include snippets/snakeoil.conf;
-{% endif %}
+{% endif %}
ssl_protocols TLSv1.2 TLSv1.3;
# proxy settings for HTTP API, if enabled; 503, if not
location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) {
-{% if server.api is vyos_defined %}
-{% if server.api.socket is vyos_defined %}
+{% if server.api %}
+{% if server.api.socket %}
proxy_pass http://unix:/run/api.sock;
-{% else %}
+{% else %}
proxy_pass http://localhost:{{ server.api.port }};
-{% endif %}
+{% endif %}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600;
proxy_buffering off;
-{% else %}
+{% else %}
return 503;
-{% endif %}
+{% endif %}
}
+
error_page 497 =301 https://$host:{{ server.port }}$request_uri;
+
}
+
{% endfor %}
diff --git a/data/templates/https/override.conf.tmpl b/data/templates/https/override.conf.tmpl
index 1760a5ff3..824b1ba3b 100644
--- a/data/templates/https/override.conf.tmpl
+++ b/data/templates/https/override.conf.tmpl
@@ -1,4 +1,4 @@
-{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
[Unit]
StartLimitIntervalSec=0
After=vyos-router.service
diff --git a/data/templates/https/vyos-http-api.service.tmpl b/data/templates/https/vyos-http-api.service.tmpl
index fb424e06c..15bd80d65 100644
--- a/data/templates/https/vyos-http-api.service.tmpl
+++ b/data/templates/https/vyos-http-api.service.tmpl
@@ -1,11 +1,11 @@
-{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
+{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
[Unit]
Description=VyOS HTTP API service
After=vyos-router.service
Requires=vyos-router.service
[Service]
-ExecStart={{ vrf_command }}/usr/libexec/vyos/services/vyos-http-api-server
+ExecStart={{vrf_command}}/usr/libexec/vyos/services/vyos-http-api-server
Type=idle
SyslogIdentifier=vyos-http-api
diff --git a/data/templates/pppoe/peer.tmpl b/data/templates/pppoe/peer.tmpl
index 928ed1238..d6d63debf 100644
--- a/data/templates/pppoe/peer.tmpl
+++ b/data/templates/pppoe/peer.tmpl
@@ -1,5 +1,5 @@
### Autogenerated by interfaces-pppoe.py ###
-{{ '# ' ~ description if description is defined else '' }}
+{{ '# ' ~ description if description is vyos_defined else '' }}
# Require peer to provide the local IP address if it is not
# specified explicitly in the config file.
@@ -35,10 +35,10 @@ noproxyarp
maxfail 0
plugin rp-pppoe.so {{ source_interface }}
-{% if access_concentrator is defined and access_concentrator is not none %}
+{% if access_concentrator is vyos_defined %}
rp_pppoe_ac '{{ access_concentrator }}'
{% endif %}
-{% if service_name is defined and service_name is not none %}
+{% if service_name is vyos_defined %}
rp_pppoe_service '{{ service_name }}'
{% endif %}
@@ -49,34 +49,34 @@ debug
mtu {{ mtu }}
mru {{ mtu }}
-{% if authentication is defined %}
-{{ 'user "' + authentication.user + '"' if authentication.user is defined }}
-{{ 'password "' + authentication.password + '"' if authentication.password is defined }}
+{% if authentication is vyos_defined %}
+{{ 'user "' + authentication.user + '"' if authentication.user is vyos_defined }}
+{{ 'password "' + authentication.password + '"' if authentication.password is vyos_defined }}
{% endif %}
-{{ "usepeerdns" if no_peer_dns is not defined }}
+{{ "usepeerdns" if no_peer_dns is not vyos_defined }}
-{% if ipv6 is defined %}
-+ipv6 {{ 'ipv6cp-use-ipaddr' if ipv6.address is defined and ipv6.address.autoconf is defined }}
+{% if ipv6 is vyos_defined %}
++ipv6 {{ 'ipv6cp-use-ipaddr' if ipv6.address.autoconf is vyos_defined }}
{% else %}
noipv6
{% endif %}
-{% if connect_on_demand is defined %}
+{% if connect_on_demand is vyos_defined %}
demand
# See T2249. PPP default route options should only be set when in on-demand
# mode. As soon as we are not in on-demand mode the default-route handling is
# passed to the ip-up.d/ip-down.s scripts which is required for VRF support.
{% if 'auto' in default_route %}
defaultroute
-{{ 'defaultroute6' if ipv6 is defined }}
+{{ 'defaultroute6' if ipv6 is vyos_defined }}
{% elif 'force' in default_route %}
defaultroute
replacedefaultroute
-{{ 'defaultroute6' if ipv6 is defined }}
+{{ 'defaultroute6' if ipv6 is vyos_defined }}
{% endif %}
{% else %}
nodefaultroute
noreplacedefaultroute
-{{ 'nodefaultroute6' if ipv6 is defined }}
+{{ 'nodefaultroute6' if ipv6 is vyos_defined }}
{% endif %}
diff --git a/data/templates/router-advert/radvd.conf.tmpl b/data/templates/router-advert/radvd.conf.tmpl
index 88d066491..b40ba1ee0 100644
--- a/data/templates/router-advert/radvd.conf.tmpl
+++ b/data/templates/router-advert/radvd.conf.tmpl
@@ -1,63 +1,63 @@
### Autogenerated by service_router-advert.py ###
-{% if interface is defined and interface is not none %}
+{% if interface is vyos_defined %}
{% for iface, iface_config in interface.items() %}
interface {{ iface }} {
IgnoreIfMissing on;
-{% if iface_config.default_preference is defined and iface_config.default_preference is not none %}
+{% if iface_config.default_preference is vyos_defined %}
AdvDefaultPreference {{ iface_config.default_preference }};
{% endif %}
-{% if iface_config.managed_flag is defined and iface_config.managed_flag is not none %}
- AdvManagedFlag {{ 'on' if iface_config.managed_flag is defined else 'off' }};
+{% if iface_config.managed_flag is vyos_defined %}
+ AdvManagedFlag {{ 'on' if iface_config.managed_flag is vyos_defined else 'off' }};
{% endif %}
-{% if iface_config.interval.max is defined and iface_config.interval.max is not none %}
+{% if iface_config.interval.max is vyos_defined %}
MaxRtrAdvInterval {{ iface_config.interval.max }};
{% endif %}
-{% if iface_config.interval.min is defined and iface_config.interval.min is not none %}
+{% if iface_config.interval.min is vyos_defined %}
MinRtrAdvInterval {{ iface_config.interval.min }};
{% endif %}
-{% if iface_config.reachable_time is defined and iface_config.reachable_time is not none %}
+{% if iface_config.reachable_time is vyos_defined %}
AdvReachableTime {{ iface_config.reachable_time }};
{% endif %}
- AdvIntervalOpt {{ 'off' if iface_config.no_send_advert is defined else 'on' }};
- AdvSendAdvert {{ 'off' if iface_config.no_send_advert is defined else 'on' }};
-{% if iface_config.default_lifetime is defined %}
+ AdvIntervalOpt {{ 'off' if iface_config.no_send_advert is vyos_defined else 'on' }};
+ AdvSendAdvert {{ 'off' if iface_config.no_send_advert is vyos_defined else 'on' }};
+{% if iface_config.default_lifetime is vyos_defined %}
AdvDefaultLifetime {{ iface_config.default_lifetime }};
{% endif %}
-{% if iface_config.link_mtu is defined %}
+{% if iface_config.link_mtu is vyos_defined %}
AdvLinkMTU {{ iface_config.link_mtu }};
{% endif %}
- AdvOtherConfigFlag {{ 'on' if iface_config.other_config_flag is defined else 'off' }};
+ AdvOtherConfigFlag {{ 'on' if iface_config.other_config_flag is vyos_defined else 'off' }};
AdvRetransTimer {{ iface_config.retrans_timer }};
AdvCurHopLimit {{ iface_config.hop_limit }};
-{% if iface_config.route is defined %}
+{% if iface_config.route is vyos_defined %}
{% for route, route_options in iface_config.route.items() %}
route {{ route }} {
-{% if route_options.valid_lifetime is defined %}
+{% if route_options.valid_lifetime is vyos_defined %}
AdvRouteLifetime {{ route_options.valid_lifetime }};
{% endif %}
-{% if route_options.route_preference is defined %}
+{% if route_options.route_preference is vyos_defined %}
AdvRoutePreference {{ route_options.route_preference }};
{% endif %}
- RemoveRoute {{ 'off' if route_options.no_remove_route is defined else 'on' }};
+ RemoveRoute {{ 'off' if route_options.no_remove_route is vyos_defined else 'on' }};
};
{% endfor %}
{% endif %}
-{% if iface_config.prefix is defined and iface_config.prefix is not none %}
+{% if iface_config.prefix is vyos_defined %}
{% for prefix, prefix_options in iface_config.prefix.items() %}
prefix {{ prefix }} {
- AdvAutonomous {{ 'off' if prefix_options.no_autonomous_flag is defined else 'on' }};
+ AdvAutonomous {{ 'off' if prefix_options.no_autonomous_flag is vyos_defined else 'on' }};
AdvValidLifetime {{ prefix_options.valid_lifetime }};
- AdvOnLink {{ 'off' if prefix_options.no_on_link_flag is defined else 'on' }};
+ AdvOnLink {{ 'off' if prefix_options.no_on_link_flag is vyos_defined else 'on' }};
AdvPreferredLifetime {{ prefix_options.preferred_lifetime }};
};
{% endfor %}
{% endif %}
-{% if iface_config.name_server is defined %}
+{% if iface_config.name_server is vyos_defined %}
RDNSS {{ iface_config.name_server | join(" ") }} {
};
{% endif %}
-{% if iface_config.dnssl is defined %}
+{% if iface_config.dnssl is vyos_defined %}
DNSSL {{ iface_config.dnssl | join(" ") }} {
};
{% endif %}
diff --git a/data/templates/snmp/etc.snmp.conf.tmpl b/data/templates/snmp/etc.snmp.conf.tmpl
index f7d9a3c17..8012cf6bb 100644
--- a/data/templates/snmp/etc.snmp.conf.tmpl
+++ b/data/templates/snmp/etc.snmp.conf.tmpl
@@ -1,4 +1,4 @@
### Autogenerated by snmp.py ###
-{% if trap_source is defined and trap_source is not none %}
+{% if trap_source is vyos_defined %}
clientaddr {{ trap_source }}
{% endif %}
diff --git a/data/templates/snmp/etc.snmpd.conf.tmpl b/data/templates/snmp/etc.snmpd.conf.tmpl
index befea0122..510b35097 100644
--- a/data/templates/snmp/etc.snmpd.conf.tmpl
+++ b/data/templates/snmp/etc.snmpd.conf.tmpl
@@ -33,14 +33,14 @@ interface_replace_old yes
# Default system description is VyOS version
sysDescr VyOS {{ version }}
-{% if description is defined and description is not none %}
+{% if description is vyos_defined %}
# Description
SysDescr {{ description }}
{% endif %}
# Listen
{% set options = [] %}
-{% if listen_address is defined and listen_address is not none %}
+{% if listen_address is vyos_defined %}
{% for address, address_options in listen_address.items() %}
{% if address | is_ipv6 %}
{% set protocol = protocol ~ '6' %}
@@ -49,16 +49,14 @@ SysDescr {{ description }}
{% endfor %}
{% else %}
{% set _ = options.append(protocol ~ ':161') %}
-{% if ipv6_disabled is not defined %}
-{% set _ = options.append(protocol ~ '6:161') %}
-{% endif %}
+{% set _ = options.append(protocol ~ '6:161') %}
{% endif %}
-agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is defined and options is not none }}
+agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }}
# SNMP communities
-{% if community is defined and community is not none %}
+{% if community is vyos_defined %}
{% for comm, comm_config in community.items() %}
-{% if comm_config.client is defined and comm_config.client is not none %}
+{% if comm_config.client is vyos_defined %}
{% for client in comm_config.client %}
{% if client | is_ipv4 %}
{{ comm_config.authorization }}community {{ comm }} {{ client }}
@@ -67,7 +65,7 @@ agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is de
{% endif %}
{% endfor %}
{% endif %}
-{% if comm_config.network is defined and comm_config.network is not none %}
+{% if comm_config.network is vyos_defined %}
{% for network in comm_config.network %}
{% if network | is_ipv4 %}
{{ comm_config.authorization }}community {{ comm }} {{ network }}
@@ -76,44 +74,44 @@ agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is de
{% endif %}
{% endfor %}
{% endif %}
-{% if comm_config.client is not defined and comm_config.network is not defined %}
+{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %}
{{ comm_config.authorization }}community {{ comm }}
{% endif %}
{% endfor %}
{% endif %}
-{% if contact is defined and contact is not none %}
+{% if contact is vyos_defined %}
# system contact information
SysContact {{ contact }}
{% endif %}
-{% if location is defined and location is not none %}
+{% if location is vyos_defined %}
# system location information
SysLocation {{ location }}
{% endif %}
-{% if smux_peer is defined and smux_peer is not none %}
+{% if smux_peer is vyos_defined %}
# additional smux peers
{% for peer in smux_peer %}
smuxpeer {{ peer }}
{% endfor %}
{% endif %}
-{% if trap_target is defined and trap_target is not none %}
+{% if trap_target is vyos_defined %}
# if there is a problem - tell someone!
{% for trap, trap_config in trap_target.items() %}
trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }}
{% endfor %}
{% endif %}
-{% if v3 is defined and v3 is not none %}
+{% if v3 is vyos_defined %}
#
# SNMPv3 stuff goes here
#
-{% if v3.view is defined and v3.view is not none %}
+{% if v3.view is vyos_defined %}
# views
{% for view, view_config in v3.view.items() %}
-{% if view_config.oid is defined and view_config.oid is not none %}
+{% if view_config.oid is vyos_defined %}
{% for oid in view_config.oid %}
view {{ view }} included .{{ oid }}
{% endfor %}
@@ -122,7 +120,7 @@ view {{ view }} included .{{ oid }}
{% endif %}
# access
-{% if v3.group is defined and v3.group is not none %}
+{% if v3.group is vyos_defined %}
# context sec.model sec.level match read write notif
{% for group, group_config in v3.group.items() %}
access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {% if group_config.mode == 'ro' %}none{% else %}{{ group_config.view }}{% endif %} none
@@ -130,30 +128,30 @@ access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view
{% endif %}
# trap-target
-{% if v3.trap_target is defined and v3.trap_target is not none %}
+{% if v3.trap_target is vyos_defined %}
{% for trap, trap_config in v3.trap_target.items() %}
{% set options = '' %}
{% if trap_config.type == 'inform' %}
{% set options = options ~ ' -Ci' %}
{% endif %}
-{% if v3.engineid is defined and v3.engineid is not none %}
+{% if v3.engineid is vyos_defined %}
{% set options = options ~ ' -e "' ~ v3.engineid ~ '"' %}
{% endif %}
-{% if trap_config.user is defined and trap_config.user is not none %}
+{% if trap_config.user is vyos_defined %}
{% set options = options ~ ' -u ' ~ trap_config.user %}
{% endif %}
-{% if trap_config.auth is defined and trap_config.auth.plaintext_password is defined or trap_config.auth.encrypted_password is defined %}
+{% if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %}
{% set options = options ~ ' -a ' ~ trap_config.auth.type %}
-{% if trap_config.auth.plaintext_password is defined and trap_config.auth.plaintext_password is not none %}
+{% if trap_config.auth.plaintext_password is vyos_defined %}
{% set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %}
-{% elif trap_config.auth.encrypted_password is defined and trap_config.auth.encrypted_password is not none %}
+{% elif trap_config.auth.encrypted_password is vyos_defined %}
{% set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %}
{% endif %}
-{% if trap_config.privacy is defined and trap_config.privacy.plaintext_password is defined or trap_config.privacy.encrypted_password is defined %}
+{% if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %}
{% set options = options ~ ' -x ' ~ trap_config.privacy.type %}
-{% if trap_config.privacy.plaintext_password is defined and trap_config.privacy.plaintext_password is not none %}
+{% if trap_config.privacy.plaintext_password is vyos_defined %}
{% set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %}
-{% elif trap_config.privacy.encrypted_password is defined and trap_config.privacy.encrypted_password is not none %}
+{% elif trap_config.privacy.encrypted_password is vyos_defined %}
{% set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %}
{% endif %}
{% set options = options ~ ' -l authPriv' %}
@@ -168,7 +166,7 @@ trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config
{% endif %}
# group
-{% if v3.user is defined and v3.user is not none %}
+{% if v3.user is vyos_defined %}
{% for user, user_config in v3.user.items() %}
group {{ user_config.group }} usm {{ user }}
{% endfor %}
@@ -176,7 +174,7 @@ group {{ user_config.group }} usm {{ user }}
{# SNMPv3 end #}
{% endif %}
-{% if script_extensions is defined and script_extensions.extension_name is defined and script_extensions.extension_name is not none %}
+{% if script_extensions.extension_name is vyos_defined %}
# extension scripts
{% for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %}
extend {{ script }} {{ script_config.script }}
diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.tmpl
index 3b00aab83..5d787de86 100644
--- a/data/templates/snmp/override.conf.tmpl
+++ b/data/templates/snmp/override.conf.tmpl
@@ -1,5 +1,5 @@
-{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
-{% set oid_route_table = ' ' if oid_enable is defined and oid_enable == 'route-table' else '-I -ipCidrRouteTable,inetCidrRouteTable' %}
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
+{% set oid_route_table = ' ' if oid_enable is vyos_defined('route-table') else '-I -ipCidrRouteTable,inetCidrRouteTable' %}
[Unit]
StartLimitIntervalSec=0
After=vyos-router.service
@@ -8,7 +8,7 @@ After=vyos-router.service
Environment=
Environment="MIBDIRS=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/vyos/mibs"
ExecStart=
-ExecStart={{vrf_command}}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp {{oid_route_table}} -f -p /run/snmpd.pid
+ExecStart={{ vrf_command }}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp {{ oid_route_table }} -f -p /run/snmpd.pid
Restart=always
RestartSec=10
diff --git a/data/templates/snmp/usr.snmpd.conf.tmpl b/data/templates/snmp/usr.snmpd.conf.tmpl
index 1c688a61e..a46b3997f 100644
--- a/data/templates/snmp/usr.snmpd.conf.tmpl
+++ b/data/templates/snmp/usr.snmpd.conf.tmpl
@@ -1,5 +1,5 @@
### Autogenerated by snmp.py ###
-{% if v3 is defined and v3.user is defined and v3.user is not none %}
+{% if v3.user is vyos_defined %}
{% for user, user_config in v3.user.items() %}
{{ user_config.mode }}user {{ user }}
{% endfor %}
diff --git a/data/templates/snmp/var.snmpd.conf.tmpl b/data/templates/snmp/var.snmpd.conf.tmpl
index 5871a8234..16d39db89 100644
--- a/data/templates/snmp/var.snmpd.conf.tmpl
+++ b/data/templates/snmp/var.snmpd.conf.tmpl
@@ -1,7 +1,7 @@
### Autogenerated by snmp.py ###
# user
-{% if v3 is defined and v3 is not none %}
-{% if v3.user is defined and v3.user is not none %}
+{% if v3 is vyos_defined %}
+{% if v3.user is vyos_defined %}
{% for user, user_config in v3.user.items() %}
usmUser 1 3 0x{{ v3.engineid }} "{{ user }}" "{{ user }}" NULL {{ user_config.auth.type | snmp_auth_oid }} 0x{{ user_config.auth.encrypted_password }} {{ user_config.privacy.type | snmp_auth_oid }} 0x{{ user_config.privacy.encrypted_password }} 0x
{% endfor %}
@@ -10,7 +10,7 @@ usmUser 1 3 0x{{ v3.engineid }} "{{ user }}" "{{ user }}" NULL {{ user_config.au
# VyOS default user
createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES
-{% if v3.engineid is defined and v3.engineid is not none %}
+{% if v3.engineid is vyos_defined %}
oldEngineID 0x{{ v3.engineid }}
{% endif %}
{% endif %}
diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl
index 5f8f35e89..e4d6f51cb 100644
--- a/data/templates/ssh/override.conf.tmpl
+++ b/data/templates/ssh/override.conf.tmpl
@@ -1,12 +1,12 @@
-{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
[Unit]
StartLimitIntervalSec=0
After=vyos-router.service
-ConditionPathExists={{config_file}}
+ConditionPathExists={{ config_file }}
[Service]
ExecStart=
-ExecStart={{vrf_command}}/usr/sbin/sshd -f {{config_file}} -D $SSHD_OPTS
+ExecStart={{ vrf_command }}/usr/sbin/sshd -f {{ config_file }} -D $SSHD_OPTS
Restart=always
RestartPreventExitStatus=
RestartSec=10
diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl
index 670cf85a1..d39b47669 100644
--- a/data/templates/ssh/sshd_config.tmpl
+++ b/data/templates/ssh/sshd_config.tmpl
@@ -37,7 +37,7 @@ DebianBanner no
# Look up remote host name and check that the resolved host name for the remote IP
# address maps back to the very same IP address.
-UseDNS {{ "no" if disable_host_validation is defined else "yes" }}
+UseDNS {{ "no" if disable_host_validation is vyos_defined else "yes" }}
# Specifies the port number that sshd(8) listens on
{% for value in port %}
@@ -48,61 +48,50 @@ Port {{ value }}
LogLevel {{ loglevel | upper }}
# Specifies whether password authentication is allowed
-PasswordAuthentication {{ "no" if disable_password_authentication is defined else "yes" }}
+PasswordAuthentication {{ "no" if disable_password_authentication is vyos_defined else "yes" }}
-{% if listen_address is defined and listen_address is not none %}
+{% if listen_address is vyos_defined %}
# Specifies the local addresses sshd should listen on
{% for address in listen_address %}
ListenAddress {{ address }}
{% endfor %}
{% endif %}
-{% if ciphers is defined and ciphers is not none %}
+{% if ciphers is vyos_defined %}
# Specifies the ciphers allowed for protocol version 2
-{% set value = ciphers if ciphers is string else ciphers | join(',') %}
-Ciphers {{ value }}
+Ciphers {{ ciphers | join(',') }}
{% endif %}
-{% if mac is defined and mac is not none %}
+{% if mac is vyos_defined %}
# Specifies the available MAC (message authentication code) algorithms
-{% set value = mac if mac is string else mac | join(',') %}
-MACs {{ value }}
+MACs {{ mac | join(',') }}
{% endif %}
-{% if key_exchange is defined and key_exchange is not none %}
+{% if key_exchange is vyos_defined %}
# Specifies the available Key Exchange algorithms
-{% set value = key_exchange if key_exchange is string else key_exchange | join(',') %}
-KexAlgorithms {{ value }}
+KexAlgorithms {{ key_exchange | join(',') }}
{% endif %}
-{% if access_control is defined and access_control is not none %}
-{% if access_control.allow is defined and access_control.allow is not none %}
-{% if access_control.allow.user is defined %}
+{% if access_control is vyos_defined %}
+{% if access_control.allow.user is vyos_defined %}
# If specified, login is allowed only for user names that match
-{% set value = access_control.allow.user if access_control.allow.user is string else access_control.allow.user | join(' ') %}
-AllowUsers {{ value }}
-{% endif %}
-{% if access_control.allow.group is defined %}
+AllowUsers {{ access_control.allow.user | join(' ') }}
+{% endif %}
+{% if access_control.allow.group is vyos_defined %}
# If specified, login is allowed only for users whose primary group or supplementary group list matches
-{% set value = access_control.allow.group if access_control.allow.group is string else access_control.allow.group | join(' ') %}
-AllowGroups {{ value }}
-{% endif %}
+AllowGroups {{ access_control.allow.group | join(' ') }}
{% endif %}
-{% if access_control.deny is defined and access_control.deny is not none %}
-{% if access_control.deny.user is defined %}
+{% if access_control.deny.user is vyos_defined %}
# Login is disallowed for user names that match
-{% set value = access_control.deny.user if access_control.deny.user is string else access_control.deny.user | join(' ') %}
-DenyUsers {{ value }}
-{% endif %}
-{% if access_control.deny.group is defined %}
+DenyUsers {{ access_control.deny.user | join(' ') }}
+{% endif %}
+{% if access_control.deny.group is vyos_defined %}
# Login is disallowed for users whose primary group or supplementary group list matches
-{% set value = access_control.deny.group if access_control.deny.group is string else access_control.deny.group | join(' ') %}
-DenyGroups {{ value }}
-{% endif %}
+DenyGroups {{ access_control.deny.group | join(' ') }}
{% endif %}
{% endif %}
-{% if client_keepalive_interval is defined and client_keepalive_interval is not none %}
+{% if client_keepalive_interval is vyos_defined %}
# Sets a timeout interval in seconds after which if no data has been received from the client,
# sshd(8) will send a message through the encrypted channel to request a response from the client
ClientAliveInterval {{ client_keepalive_interval }}
diff --git a/data/templates/system/curlrc.tmpl b/data/templates/system/curlrc.tmpl
index 3e5ce801c..be4efe8ba 100644
--- a/data/templates/system/curlrc.tmpl
+++ b/data/templates/system/curlrc.tmpl
@@ -1,8 +1,6 @@
-{% if http_client is defined %}
-{% if http_client.source_interface is defined %}
+{% if http_client.source_interface is vyos_defined %}
--interface "{{ http_client.source_interface }}"
-{% endif %}
-{% if http_client.source_address is defined %}
+{% endif %}
+{% if http_client.source_address is vyos_defined %}
--interface "{{ http_client.source_address }}"
-{% endif %}
{% endif %}
diff --git a/data/templates/system/ssh_config.tmpl b/data/templates/system/ssh_config.tmpl
index abc03f069..1449f95b1 100644
--- a/data/templates/system/ssh_config.tmpl
+++ b/data/templates/system/ssh_config.tmpl
@@ -1,3 +1,3 @@
-{% if ssh_client is defined and ssh_client.source_address is defined and ssh_client.source_address is not none %}
+{% if ssh_client.source_address is vyos_defined %}
BindAddress {{ ssh_client.source_address }}
{% endif %}
diff --git a/data/templates/system/sysctl.conf.tmpl b/data/templates/system/sysctl.conf.tmpl
index 72af82ee5..3aa857647 100644
--- a/data/templates/system/sysctl.conf.tmpl
+++ b/data/templates/system/sysctl.conf.tmpl
@@ -1,6 +1,6 @@
# autogenerated by system_sysctl.py
-{% if parameter is defined and parameter is not none %}
+{% if parameter is vyos_defined %}
{% for k, v in parameter.items() %}
{{ k }} = {{ v.value }}
{% endfor %}