version ${'.'.join(node.metadata.get('junos/version'))};
system {
    host-name ${node.name.split('.')[-1]};
    time-zone GMT;
    root-authentication {
        encrypted-password "$5$1hGrR8Kk$lx3CIdxqvesBrZUtDftROEoyXQuMENEu62JVtHw6WGD"; ## SECRET-DATA
    }
    name-server {
% for srv in repo.libs.defaults.nameservers_ipv4:
        ${srv};
% endfor
    }
    login {
% for uid, (uname, uconfig) in enumerate(sorted(users.items())):
        user ${uname} {
            full-name ${uname};
            uid ${1000+uid};
            class super-user;
            authentication {
%  for pubkey in sorted(uconfig['ssh_pubkey']):
                ${pubkey.split(' ', 1)[0]} "${pubkey}";
%  endfor
            }
        }
% endfor
    }
    services {
        ssh {
            protocol-version v2;
        }
        netconf {
            ssh;
        }
#        web-management {
#            http;
#        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    ntp {
% for srv in sorted(ntp_servers):
        server ${srv};
% endfor;
    }
}
interfaces {
% for iface, config in sorted(interfaces.items()):
    ${iface} {
        unit 0 {
%  if not config['enabled']:
            disable;
%  endif
%  if config['mode'] == 'trunk':
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ ${' '.join(sorted(config['tagged_vlans']))} ];
                }
%   if config['untagged_vlan']:
                native-vlan-id ${config['untagged_vlan']};
%   endif
            }
%  else:
            family ethernet-switching;
%  endif
        }
    }
% endfor
    vlan {
% for idx, (vlan, vconfig) in enumerate(sorted(vlans.items())):
%  if vconfig['ip_address']:
        unit ${idx} {
            family inet {
                address ${vconfig['ip_address']};
            }
        }
%  endif
% endfor
    }
}
snmp {
    contact "${repo.libs.defaults.hostmaster_email}";
    community public {
        authorization read-only;
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop ${gateway};
    }
}
protocols {
    igmp-snooping {
        vlan all;
    }
    rstp;
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
}
ethernet-switching-options {
    voip;
    storm-control {
        interface all;
    }
}
vlans {
% for idx, (vlan, vconfig) in enumerate(sorted(vlans.items())):
    ${vlan} {
%  if vconfig['id']:
        vlan-id ${vconfig['id']};
%  endif
        interface {
%  for iface, iconfig in sorted(interfaces.items()):
%   if iconfig['untagged_vlan'] == vlan:
            ${iface}.0;
%   endif
%  endfor
        }
%  if vconfig['ip_address']:
        l3-interface vlan.${idx};
%  endif
    }
% endfor
}
poe {
    interface all;
}