Add teleport

teleport/README.md

@@ -0,0 +1,32 @@
+# teleport 
+
+The easiest, most secure way to access infrastructure.
+
+## Deploying
+### Adding the teleport apt repo
+```bash
+$ sudo curl https://deb.releases.teleport.dev/teleport-pubkey.asc -o /usr/share/keyrings/teleport-archive-keyring.asc
+$ echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] https://deb.releases.teleport.dev/ stable main" | sudo tee /etc/apt/sources.list.d/teleport.list
+```
+
+### Updating and installing teleport
+```bash
+$ sudo apt update
+$ sudo apt install teleport
+```
+
+### Installing as server
+Copy the `teleport.yaml` to `/etc/teleport.yaml`.
+
+Start the teleport service.
+
+### Adding a node
+Copy the `teleport-node.yaml` to `/etc/teleport.yaml`.
+On the teleport server create a new invitation token:
+```bash
+$ sudo tctl tokens add --type=node
+```
+Copy the auth_token and ca_pin and insert in the `teleport.yaml`.
+Change the node name.
+
+Start the teleport service.

teleport/teleport-node.yaml

@@ -0,0 +1,33 @@
+teleport:
+  nodename: sx48p2
+  data_dir: /var/lib/teleport
+  auth_token: auth_token
+  auth_servers:
+    - tp.jfreudenberger.de:443
+  log:
+    output: /var/lib/teleport/teleport.log
+    severity: ERROR
+  ca_pin: ca_pin
+auth_service:
+  enabled: no
+ssh_service:
+  enabled: yes
+  permit_user_env: true
+  commands:  
+  - name: hostname
+    command: [hostname]
+    period: 1m0s
+  - name: IP
+    command: ["/usr/bin/curl", "ifconfig.me"]
+    period: 1h0m0s
+  - name: UP
+    command: ["/bin/sh", "-c", "uptime -p | cut -c4- | cut -d',' -f1"]
+    period: 1h0m0s
+proxy_service:
+  enabled: no
+app_service:
+  enabled: yes
+  apps:
+  - name: app_name
+    uri: app_uri
+

teleport/teleport.yaml

@@ -0,0 +1,35 @@
+version: v2
+teleport:
+  nodename: srv02
+  data_dir: /var/lib/teleport
+  log:
+    output: /var/lib/teleport/teleport.log
+    severity: ERROR
+    format:
+      output: text
+  ca_pin: []
+  diag_addr: ""
+auth_service:
+  enabled: "yes"
+  listen_addr: 0.0.0.0:3025
+  public_addr: tp.jfreudenberger.de:3025
+  cluster_name: "tp.jfreudenberger.de"
+  proxy_listener_mode: multiplex
+ssh_service:
+  enabled: "yes"
+  commands:
+  - name: hostname
+    command: [hostname]
+    period: 1m0s
+  - name: UP
+    command: ["/bin/sh", "-c", "uptime -p | cut -c4- | cut -d',' -f1"]
+    period: 1h0m0s
+  permit_user_env: true
+proxy_service:
+  enabled: "yes"
+  web_listen_addr: 0.0.0.0:443
+  public_addr: tp.jfreudenberger.de:443
+  https_keypairs: []
+  acme:
+    enabled: "yes"
+    email: julius@jfreudenberger.de