7 files changed, 90 insertions, 56 deletions

diff --git a/data/configd-include.json b/data/configd-include.json
index 456211caa..e8f090c46 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -9,7 +9,7 @@
 "dhcpv6_relay.py",
 "dhcpv6_server.py",
 "dns_forwarding.py",
-"dynamic_dns.py",
+"dns_dynamic.py",
 "firewall.py",
 "flow_accounting_conf.py",
 "high-availability.py",
diff --git a/data/templates/container/storage.conf.j2 b/data/templates/container/storage.conf.j2
index ec2046fb5..1a4e601b5 100644
--- a/data/templates/container/storage.conf.j2
+++ b/data/templates/container/storage.conf.j2
@@ -2,5 +2,6 @@
 [storage]
   driver = "overlay"
   graphroot = "/usr/lib/live/mount/persistence/container/storage"
+  runroot = "/var/run/containers/storage"
   [storage.options]
     mount_program = "/usr/bin/fuse-overlayfs"
diff --git a/data/templates/dns-dynamic/ddclient.conf.j2 b/data/templates/dns-dynamic/ddclient.conf.j2
new file mode 100644
index 000000000..4da7153c7
--- /dev/null
+++ b/data/templates/dns-dynamic/ddclient.conf.j2
@@ -0,0 +1,75 @@
+{% macro render_config(host, address, web_options, ip_suffixes=['']) %}
+{# Address: use=if, if=ethX, usev6=ifv6, ifv6=ethX, usev6=webv6, webv6=https://v6.example.com #}
+{% for ipv in ip_suffixes %}
+use{{ ipv }}={{ address if address == 'web' else 'if' }}{{ ipv }}, \
+{%     if address == 'web' %}
+{%         if web_options.url is vyos_defined %}
+web{{ ipv }}={{ web_options.url }}, \
+{%         endif %}
+{%         if web_options.skip is vyos_defined %}
+web-skip{{ ipv }}='{{ web_options.skip }}', \
+{%         endif %}
+{%     else %}
+if{{ ipv }}={{ address }}, \
+{%     endif %}
+{% endfor %}
+{# Other service options #}
+{% for k,v in kwargs.items() %}
+{%     if v is vyos_defined %}
+{{ k }}={{ v }}{{ ',' if not loop.last }} \
+{%     endif %}
+{% endfor %}
+{# Actual hostname for the service #}
+{{ host }}
+{% endmacro %}
+### Autogenerated by dns_dynamic.py ###
+daemon=1m
+syslog=yes
+ssl=yes
+pid={{ config_file | replace('.conf', '.pid') }}
+cache={{ config_file | replace('.conf', '.cache') }}
+{# Explicitly override global options for reliability #}
+web=googledomains {# ddclient default ('dyndns') doesn't support ssl and results in process lockup #}
+use=no            {# ddclient default ('ip') results in confusing warning message in log #}
+
+{% if address is vyos_defined %}
+{%     for address, service_cfg in address.items() %}
+{%         if service_cfg.rfc2136 is vyos_defined %}
+{%             for name, config in service_cfg.rfc2136.items() %}
+{%                 if config.description is vyos_defined %}
+# {{ config.description }}
+
+{%                 endif %}
+{%                 for host in config.host_name if config.host_name is vyos_defined %}
+# RFC2136 dynamic DNS configuration for {{ name }}: [{{ config.zone }}, {{ host }}]
+{# Don't append 'new-style' compliant suffix ('usev4', 'usev6', 'ifv4', 'ifv6' etc.)
+   to the properties since 'nsupdate' doesn't support that yet. #}
+{{ render_config(host, address, service_cfg.web_options,
+                 protocol='nsupdate', server=config.server, zone=config.zone,
+                 password=config.key, ttl=config.ttl) }}
+
+{%                 endfor %}
+{%             endfor %}
+{%         endif %}
+{%         if service_cfg.service is vyos_defined %}
+{%             for name, config in service_cfg.service.items() %}
+{%                 if config.description is vyos_defined %}
+# {{ config.description }}
+
+{%                 endif %}
+{%                 for host in config.host_name if config.host_name is vyos_defined %}
+{%                     set ip_suffixes = ['v4', 'v6'] if config.ip_version == 'both'
+                                                      else (['v6'] if config.ip_version == 'ipv6' else ['']) %}
+# Web service dynamic DNS configuration for {{ name }}: [{{ config.protocol }}, {{ host }}]
+{# For ipv4 only setup or legacy ipv6 setup, don't append 'new-style' compliant suffix
+   ('usev4', 'ifv4', 'webv4' etc.) to the properties and instead live through the
+   deprecation warnings for better compatibility with most ddclient protocols. #}
+{{ render_config(host, address, service_cfg.web_options, ip_suffixes,
+                 protocol=config.protocol, server=config.server, zone=config.zone,
+                 login=config.username, password=config.password) }}
+
+{%                 endfor %}
+{%             endfor %}
+{%         endif %}
+{%     endfor %}
+{% endif %}
diff --git a/data/templates/dns-dynamic/override.conf.j2 b/data/templates/dns-dynamic/override.conf.j2
new file mode 100644
index 000000000..6ca1b8a45
--- /dev/null
+++ b/data/templates/dns-dynamic/override.conf.j2
@@ -0,0 +1,10 @@
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
+[Unit]
+ConditionPathExists={{ config_file }}
+After=vyos-router.service
+
+[Service]
+PIDFile={{ config_file | replace('.conf', '.pid') }}
+EnvironmentFile=
+ExecStart=
+ExecStart=/usr/bin/ddclient -file {{ config_file }}
diff --git a/data/templates/dynamic-dns/ddclient.conf.j2 b/data/templates/dynamic-dns/ddclient.conf.j2
deleted file mode 100644
index e8ef5ac90..000000000
--- a/data/templates/dynamic-dns/ddclient.conf.j2
+++ /dev/null
@@ -1,53 +0,0 @@
-### Autogenerated by dynamic_dns.py ###
-daemon=1m
-syslog=yes
-ssl=yes
-
-{% if interface is vyos_defined %}
-{%     for iface, iface_config in interface.items() %}
-# ddclient configuration for interface "{{ iface }}"
-{%         if iface_config.use_web is vyos_defined %}
-{%             set web_skip = ", web-skip='" ~ iface_config.use_web.skip ~ "'" if iface_config.use_web.skip is vyos_defined else '' %}
-use=web, web='{{ iface_config.use_web.url }}'{{ web_skip }}
-{%         else %}
-{{ 'usev6=ifv6' if iface_config.ipv6_enable is vyos_defined else 'use=if' }}, if={{ iface }}
-{%         endif %}
-
-{%         if iface_config.rfc2136 is vyos_defined %}
-{%             for rfc2136, config in iface_config.rfc2136.items() %}
-{%                 for dns_record in config.record if config.record is vyos_defined %}
-# RFC2136 dynamic DNS configuration for {{ rfc2136 }}, {{ config.zone }}, {{ dns_record }}
-server={{ config.server }}
-protocol=nsupdate
-password={{ config.key }}
-ttl={{ config.ttl }}
-zone={{ config.zone }}
-{{ dns_record }}
-
-{%                 endfor %}
-{%             endfor %}
-{%         endif %}
-
-{%         if iface_config.service is vyos_defined %}
-{%             for service, config in iface_config.service.items() %}
-{%                 for dns_record in config.host_name %}
-# DynDNS provider configuration for {{ service }}, {{ dns_record }}
-protocol={{ config.protocol }},
-max-interval=28d,
-{%                     if config.login is vyos_defined %}
-login={{ config.login }},
-{%                     endif %}
-password='{{ config.password }}',
-{%                     if config.server is vyos_defined %}
-server={{ config.server }},
-{%                     endif %}
-{%                     if config.zone is vyos_defined %}
-zone={{ config.zone }},
-{%                     endif %}
-{{ dns_record }}
-
-{%                 endfor %}
-{%             endfor %}
-{%         endif %}
-{%     endfor %}
-{% endif %}
diff --git a/data/templates/mdns-repeater/avahi-daemon.j2 b/data/templates/mdns-repeater/avahi-daemon.j2
index 3aaa7fc82..e0dfd897e 100644
--- a/data/templates/mdns-repeater/avahi-daemon.j2
+++ b/data/templates/mdns-repeater/avahi-daemon.j2
@@ -1,3 +1,4 @@
+### Autogenerated by service_mdns-repeater.py ###
 [server]
 use-ipv4=yes
 use-ipv6=yes
diff --git a/data/templates/pmacct/uacctd.conf.j2 b/data/templates/pmacct/uacctd.conf.j2
index 8fbc09e83..1370f8121 100644
--- a/data/templates/pmacct/uacctd.conf.j2
+++ b/data/templates/pmacct/uacctd.conf.j2
@@ -53,7 +53,7 @@ nfprobe_maxflows[{{ nf_server_key }}]: {{ netflow.max_flows }}
 sampling_rate[{{ nf_server_key }}]: {{ netflow.sampling_rate }}
 {%         endif %}
 {%         if netflow.source_address is vyos_defined %}
-nfprobe_source_ip[{{ nf_server_key }}]: {{ netflow.source_address }}
+nfprobe_source_ip[{{ nf_server_key }}]: {{ netflow.source_address | bracketize_ipv6 }}
 {%         endif %}
 {%         if netflow.timeout is vyos_defined %}
 nfprobe_timeouts[{{ nf_server_key }}]: expint={{ netflow.timeout.expiry_interval }}:general={{ netflow.timeout.flow_generic }}:icmp={{ netflow.timeout.icmp }}:maxlife={{ netflow.timeout.max_active_life }}:tcp.fin={{ netflow.timeout.tcp_fin }}:tcp={{ netflow.timeout.tcp_generic }}:tcp.rst={{ netflow.timeout.tcp_rst }}:udp={{ netflow.timeout.udp }}
@@ -73,7 +73,7 @@ sfprobe_agentip[{{ sf_server_key }}]: {{ sflow.agent_address }}
 sampling_rate[{{ sf_server_key }}]: {{ sflow.sampling_rate }}
 {%         endif %}
 {%         if sflow.source_address is vyos_defined %}
-sfprobe_source_ip[{{ sf_server_key }}]: {{ sflow.source_address }}
+sfprobe_source_ip[{{ sf_server_key }}]: {{ sflow.source_address | bracketize_ipv6 }}
 {%         endif %}
 
 {%     endfor %}