Add teleport

2022-03-20 14:08:28 +01:00 · 2022-03-20 14:08:28 +01:00 · 6c78f40d20
commit 6c78f40d20
parent 2676ac7a2c
3 changed files with 100 additions and 0 deletions
--- a/teleport/README.md
+++ b/teleport/README.md
@ -0,0 +1,32 @@
 # teleport 
 The easiest, most secure way to access infrastructure.
 ## Deploying
 ### Adding the teleport apt repo
 ```bash
 $ sudo curl https://deb.releases.teleport.dev/teleport-pubkey.asc -o /usr/share/keyrings/teleport-archive-keyring.asc
 $ echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] https://deb.releases.teleport.dev/ stable main" | sudo tee /etc/apt/sources.list.d/teleport.list
 ```
 ### Updating and installing teleport
 ```bash
 $ sudo apt update
 $ sudo apt install teleport
 ```
 ### Installing as server
 Copy the `teleport.yaml` to `/etc/teleport.yaml`.
 Start the teleport service.
 ### Adding a node
 Copy the `teleport-node.yaml` to `/etc/teleport.yaml`.
 On the teleport server create a new invitation token:
 ```bash
 $ sudo tctl tokens add --type=node
 ```
 Copy the auth_token and ca_pin and insert in the `teleport.yaml`.
 Change the node name.
 Start the teleport service.
--- a/teleport/teleport-node.yaml
+++ b/teleport/teleport-node.yaml
@ -0,0 +1,33 @@
 teleport:
  nodename: sx48p2
  data_dir: /var/lib/teleport
  auth_token: auth_token
  auth_servers:
    - tp.jfreudenberger.de:443
  log:
    output: /var/lib/teleport/teleport.log
    severity: ERROR
  ca_pin: ca_pin
 auth_service:
  enabled: no
 ssh_service:
  enabled: yes
  permit_user_env: true
  commands:  
  - name: hostname
    command: [hostname]
    period: 1m0s
  - name: IP
    command: ["/usr/bin/curl", "ifconfig.me"]
    period: 1h0m0s
  - name: UP
    command: ["/bin/sh", "-c", "uptime -p | cut -c4- | cut -d',' -f1"]
    period: 1h0m0s
 proxy_service:
  enabled: no
 app_service:
  enabled: yes
  apps:
  - name: app_name
    uri: app_uri
--- a/teleport/teleport.yaml
+++ b/teleport/teleport.yaml
@ -0,0 +1,35 @@
 version: v2
 teleport:
  nodename: srv02
  data_dir: /var/lib/teleport
  log:
    output: /var/lib/teleport/teleport.log
    severity: ERROR
    format:
      output: text
  ca_pin: []
  diag_addr: ""
 auth_service:
  enabled: "yes"
  listen_addr: 0.0.0.0:3025
  public_addr: tp.jfreudenberger.de:3025
  cluster_name: "tp.jfreudenberger.de"
  proxy_listener_mode: multiplex
 ssh_service:
  enabled: "yes"
  commands:
  - name: hostname
    command: [hostname]
    period: 1m0s
  - name: UP
    command: ["/bin/sh", "-c", "uptime -p | cut -c4- | cut -d',' -f1"]
    period: 1h0m0s
  permit_user_env: true
 proxy_service:
  enabled: "yes"
  web_listen_addr: 0.0.0.0:443
  public_addr: tp.jfreudenberger.de:443
  https_keypairs: []
  acme:
    enabled: "yes"
    email: julius@jfreudenberger.de