From 6c78f40d20a33a6fc61625fc250ea18ad63b14da Mon Sep 17 00:00:00 2001 From: JuliusFreudenberger Date: Sun, 20 Mar 2022 14:08:28 +0100 Subject: [PATCH] Add teleport --- teleport/README.md | 32 ++++++++++++++++++++++++++++++++ teleport/teleport-node.yaml | 33 +++++++++++++++++++++++++++++++++ teleport/teleport.yaml | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 100 insertions(+) create mode 100644 teleport/README.md create mode 100644 teleport/teleport-node.yaml create mode 100644 teleport/teleport.yaml diff --git a/teleport/README.md b/teleport/README.md new file mode 100644 index 0000000..63978a1 --- /dev/null +++ b/teleport/README.md @@ -0,0 +1,32 @@ +# teleport + +The easiest, most secure way to access infrastructure. + +## Deploying +### Adding the teleport apt repo +```bash +$ sudo curl https://deb.releases.teleport.dev/teleport-pubkey.asc -o /usr/share/keyrings/teleport-archive-keyring.asc +$ echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] https://deb.releases.teleport.dev/ stable main" | sudo tee /etc/apt/sources.list.d/teleport.list +``` + +### Updating and installing teleport +```bash +$ sudo apt update +$ sudo apt install teleport +``` + +### Installing as server +Copy the `teleport.yaml` to `/etc/teleport.yaml`. + +Start the teleport service. + +### Adding a node +Copy the `teleport-node.yaml` to `/etc/teleport.yaml`. +On the teleport server create a new invitation token: +```bash +$ sudo tctl tokens add --type=node +``` +Copy the auth_token and ca_pin and insert in the `teleport.yaml`. +Change the node name. + +Start the teleport service. diff --git a/teleport/teleport-node.yaml b/teleport/teleport-node.yaml new file mode 100644 index 0000000..13bf505 --- /dev/null +++ b/teleport/teleport-node.yaml @@ -0,0 +1,33 @@ +teleport: + nodename: sx48p2 + data_dir: /var/lib/teleport + auth_token: auth_token + auth_servers: + - tp.jfreudenberger.de:443 + log: + output: /var/lib/teleport/teleport.log + severity: ERROR + ca_pin: ca_pin +auth_service: + enabled: no +ssh_service: + enabled: yes + permit_user_env: true + commands: + - name: hostname + command: [hostname] + period: 1m0s + - name: IP + command: ["/usr/bin/curl", "ifconfig.me"] + period: 1h0m0s + - name: UP + command: ["/bin/sh", "-c", "uptime -p | cut -c4- | cut -d',' -f1"] + period: 1h0m0s +proxy_service: + enabled: no +app_service: + enabled: yes + apps: + - name: app_name + uri: app_uri + diff --git a/teleport/teleport.yaml b/teleport/teleport.yaml new file mode 100644 index 0000000..9538b1d --- /dev/null +++ b/teleport/teleport.yaml @@ -0,0 +1,35 @@ +version: v2 +teleport: + nodename: srv02 + data_dir: /var/lib/teleport + log: + output: /var/lib/teleport/teleport.log + severity: ERROR + format: + output: text + ca_pin: [] + diag_addr: "" +auth_service: + enabled: "yes" + listen_addr: 0.0.0.0:3025 + public_addr: tp.jfreudenberger.de:3025 + cluster_name: "tp.jfreudenberger.de" + proxy_listener_mode: multiplex +ssh_service: + enabled: "yes" + commands: + - name: hostname + command: [hostname] + period: 1m0s + - name: UP + command: ["/bin/sh", "-c", "uptime -p | cut -c4- | cut -d',' -f1"] + period: 1h0m0s + permit_user_env: true +proxy_service: + enabled: "yes" + web_listen_addr: 0.0.0.0:443 + public_addr: tp.jfreudenberger.de:443 + https_keypairs: [] + acme: + enabled: "yes" + email: julius@jfreudenberger.de