summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/templates/container/systemd-unit.j22
-rw-r--r--data/templates/dhcp-server/kea-dhcp6.conf.j24
-rw-r--r--data/templates/firewall/nftables-zone.j213
-rw-r--r--data/templates/firewall/nftables.j24
-rw-r--r--data/templates/frr/bgpd.frr.j26
-rw-r--r--data/templates/grub/grub_common.j28
-rw-r--r--data/templates/grub/grub_compat.j212
-rw-r--r--data/templates/grub/grub_vyos_version.j211
-rw-r--r--data/templates/ipsec/swanctl/peer.j26
-rw-r--r--data/templates/rsyslog/rsyslog.conf.j24
10 files changed, 40 insertions, 30 deletions
diff --git a/data/templates/container/systemd-unit.j2 b/data/templates/container/systemd-unit.j2
index fa48384ab..d379f0a07 100644
--- a/data/templates/container/systemd-unit.j2
+++ b/data/templates/container/systemd-unit.j2
@@ -13,5 +13,5 @@ ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%n.cid -t 5
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%n.cid
ExecStopPost=/bin/rm -f %t/%n.cid
PIDFile=%t/%n.pid
-KillMode=none
+KillMode=control-group
Type=forking
diff --git a/data/templates/dhcp-server/kea-dhcp6.conf.j2 b/data/templates/dhcp-server/kea-dhcp6.conf.j2
index 3ce4e6370..3ab21551b 100644
--- a/data/templates/dhcp-server/kea-dhcp6.conf.j2
+++ b/data/templates/dhcp-server/kea-dhcp6.conf.j2
@@ -1,7 +1,11 @@
{
"Dhcp6": {
"interfaces-config": {
+{% if listen_interface is vyos_defined %}
+ "interfaces": {{ listen_interface | tojson }},
+{% else %}
"interfaces": [ "*" ],
+{% endif %}
"service-sockets-max-retries": 5,
"service-sockets-retry-wait-time": 5000
},
diff --git a/data/templates/firewall/nftables-zone.j2 b/data/templates/firewall/nftables-zone.j2
index 5e55099ca..e78725079 100644
--- a/data/templates/firewall/nftables-zone.j2
+++ b/data/templates/firewall/nftables-zone.j2
@@ -1,13 +1,6 @@
-
-{% macro zone_chains(zone, family, state_policy=False) %}
-{% if family == 'ipv6' %}
-{% set fw_name = 'ipv6_name' %}
-{% set suffix = '6' %}
-{% else %}
-{% set fw_name = 'name' %}
-{% set suffix = '' %}
-{% endif %}
-
+{% macro zone_chains(zone, ipv6=False, state_policy=False) %}
+{% set fw_name = 'ipv6_name' if ipv6 else 'name' %}
+{% set suffix = '6' if ipv6 else '' %}
chain VYOS_ZONE_FORWARD {
type filter hook forward priority 1; policy accept;
{% if state_policy %}
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index e0ad0e00a..833df3a67 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -163,7 +163,7 @@ table ip vyos_filter {
{{ group_tmpl.groups(group, False, True) }}
{% if zone is vyos_defined %}
-{{ zone_tmpl.zone_chains(zone, 'ipv4', global_options.state_policy is vyos_defined) }}
+{{ zone_tmpl.zone_chains(zone, False, global_options.state_policy is vyos_defined) }}
{% endif %}
{% if global_options.state_policy is vyos_defined %}
chain VYOS_STATE_POLICY {
@@ -298,7 +298,7 @@ table ip6 vyos_filter {
{% endif %}
{{ group_tmpl.groups(group, True, True) }}
{% if zone is vyos_defined %}
-{{ zone_tmpl.zone_chains(zone, 'ipv6', global_options.state_policy is vyos_defined) }}
+{{ zone_tmpl.zone_chains(zone, True, global_options.state_policy is vyos_defined) }}
{% endif %}
{% if global_options.state_policy is vyos_defined %}
chain VYOS_STATE_POLICY6 {
diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2
index 679ba8b04..e02fdd1bb 100644
--- a/data/templates/frr/bgpd.frr.j2
+++ b/data/templates/frr/bgpd.frr.j2
@@ -402,6 +402,9 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% if afi_config.flooding.head_end_replication is vyos_defined %}
flooding head-end-replication
{% endif %}
+{% if afi_config.nexthop.vpn.export is vyos_defined %}
+ nexthop vpn export {{ afi_config.nexthop.vpn.export }}
+{% endif %}
{% if afi_config.rd.vpn.export is vyos_defined %}
rd vpn export {{ afi_config.rd.vpn.export }}
{% endif %}
@@ -436,6 +439,9 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% if afi_config.route_map.vpn.import is vyos_defined %}
route-map vpn import {{ afi_config.route_map.vpn.import }}
{% endif %}
+{% if afi_config.sid.vpn.export is vyos_defined %}
+ sid vpn export {{ afi_config.sid.vpn.export }}
+{% endif %}
{% if afi_config.vni is vyos_defined %}
{% for vni, vni_config in afi_config.vni.items() %}
vni {{ vni }}
diff --git a/data/templates/grub/grub_common.j2 b/data/templates/grub/grub_common.j2
index 278ffbf2c..5e9b95cc0 100644
--- a/data/templates/grub/grub_common.j2
+++ b/data/templates/grub/grub_common.j2
@@ -8,9 +8,13 @@ fi
function setup_serial {
# initialize the first serial port by default
if [ "${console_type}" == "ttyS" ]; then
- serial --unit=${console_num}
+ if [ "${console_num}" == "0" ]; then
+ serial --unit=0 --speed=${console_speed}
+ else
+ serial --unit=${console_num} --speed=115200
+ fi
else
- serial --unit=0
+ serial --unit=0 --speed=${console_speed}
fi
terminal_output --append serial console
terminal_input --append serial console
diff --git a/data/templates/grub/grub_compat.j2 b/data/templates/grub/grub_compat.j2
index 887d5d0bd..d1085eec8 100644
--- a/data/templates/grub/grub_compat.j2
+++ b/data/templates/grub/grub_compat.j2
@@ -22,13 +22,13 @@
{%- endmacro %}
{% macro console_opts(type) -%}
{% if type == 'tty' -%}
- console=ttyS0,115200 console=tty0
+ console=ttyS0,{{ console_speed }} console=tty0
{%- elif type == 'ttyS' -%}
- console=tty0 console=ttyS0,115200
+ console=tty0 console=ttyS0,{{ console_speed }}
{%- elif type == 'ttyUSB' -%}
console=tty0 console=ttyUSB0,115200
{%- else -%}
- console=tty0 console=ttyS0,115200
+ console=tty0 console=ttyS0,{{ console_speed }}
{%- endif %}
{%- endmacro %}
{% macro passwd_opts(mode) -%}
@@ -39,9 +39,13 @@
set default={{ default }}
set timeout={{ timeout }}
{% if console_type == 'ttyS' %}
+{% if console_num == '0' %}
+serial --unit=0 --speed={{ console_speed }}
+{% else %}
serial --unit={{ console_num }} --speed=115200
+{% endif %}
{% else %}
-serial --unit=0 --speed=115200
+serial --unit=0 --speed={{ console_speed }}
{% endif %}
terminal_output --append serial
terminal_input serial console
diff --git a/data/templates/grub/grub_vyos_version.j2 b/data/templates/grub/grub_vyos_version.j2
index 97fbe8473..62688e68b 100644
--- a/data/templates/grub/grub_vyos_version.j2
+++ b/data/templates/grub/grub_vyos_version.j2
@@ -6,16 +6,21 @@
{% endif %}
menuentry "{{ version_name }}" --id {{ version_uuid }} {
set boot_opts="{{ boot_opts_rendered }}"
+ if [ "${console_type}" == "ttyS" ]; then
+ set console_opts="console=${console_type}${console_num},${console_speed}"
+ else
+ set console_opts="console=${console_type}${console_num}"
+ fi
# load rootfs to RAM
if [ "${boot_toram}" == "yes" ]; then
set boot_opts="${boot_opts} toram"
fi
if [ "${bootmode}" == "pw_reset" ]; then
- set boot_opts="${boot_opts} console=${console_type}${console_num} init=/usr/libexec/vyos/system/standalone_root_pw_reset"
+ set boot_opts="${boot_opts} ${console_opts} init=/usr/libexec/vyos/system/standalone_root_pw_reset"
elif [ "${bootmode}" == "recovery" ]; then
- set boot_opts="${boot_opts} console=${console_type}${console_num} init=/usr/bin/busybox init"
+ set boot_opts="${boot_opts} ${console_opts} init=/usr/bin/busybox init"
else
- set boot_opts="${boot_opts} console=${console_type}${console_num}"
+ set boot_opts="${boot_opts} ${console_opts}"
fi
linux "/boot/{{ version_name }}/vmlinuz" ${boot_opts}
initrd "/boot/{{ version_name }}/initrd.img"
diff --git a/data/templates/ipsec/swanctl/peer.j2 b/data/templates/ipsec/swanctl/peer.j2
index 9d95271fe..86a44a0ff 100644
--- a/data/templates/ipsec/swanctl/peer.j2
+++ b/data/templates/ipsec/swanctl/peer.j2
@@ -83,8 +83,7 @@
start_action = none
{% endif %}
{% if ike.dead_peer_detection is vyos_defined %}
-{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %}
- dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }}
+ dpd_action = {{ ike.dead_peer_detection.action }}
{% endif %}
close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }}
}
@@ -134,8 +133,7 @@
start_action = none
{% endif %}
{% if ike.dead_peer_detection is vyos_defined %}
-{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %}
- dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }}
+ dpd_action = {{ ike.dead_peer_detection.action }}
{% endif %}
close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }}
{% if peer_conf.vti.bind is vyos_defined %}
diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index 96f91def1..97e0ee0b7 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -1,9 +1,5 @@
### Autogenerated by system_syslog.py ###
-# Load journald logs to rsyslog
-module(load="imjournal")
-module(load="mmjsonparse")
-
{% if global.marker is vyos_defined %}
$ModLoad immark
{% if global.marker.interval is vyos_defined %}
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-16 00:26:43 +0000