patches i think

2025-12-16 22:12:19 +11:00 · 2024-06-10 14:17:36 +10:00 · 2024-06-10 14:17:36 +10:00 · 68e2eb38ed
commit 68e2eb38ed
parent 154ca96059
2 changed files with 51 additions and 4 deletions
--- a/main.ansible.yml
+++ b/main.ansible.yml
@ -24,7 +24,49 @@
        cmd: 'curl https://goteleport.com/static/install.sh | bash -s {{ TELEPORT_VER }}'
      when: not TELEPORT_VER in teleport_bin.stdout

-
+    - name: create teleport.yaml config
+      ansible.builtin.blockinfile:
+        content: |
+          version: v3
+          teleport:
+            nodename: {{ SUBDOMAIN }}
+            data_dir: /var/lib/teleport
+            log:
+              output: stderr
+              severity: INFO
+              format:
+                output: text
+            ca_pin: ""
+            diag_addr: ""
+          auth_service:
+            proxy_listener_mode: multiplex
+          ssh_service:
+            enabled: "yes"
+            commands:
+            - name: hostname
+              command: [hostname]
+              period: 1m0s
+          proxy_service:
+              enabled: yes
+              proxy_protocol: off
+              listen_addr: 0.0.0.0:3023
+              tunnel_listen_addr: 0.0.0.0:3024
+              web_listen_addr: 0.0.0.0:3080
+              public_addr: {{ SUBDOMAIN }}:3080
+              ssh_public_addr: {{ SUBDOMAIN }}:3023
+              tunnel_public_addr: {{ SUBDOMAIN }}:3024
+              https_keypairs: 
+                - key_file: /var/lib/teleport/webproxy_key.pem
+                  cert_file: /var/lib/teleport/webproxy_cert.pem
+              https_keypairs_reload_interval: 0
+              ui:
+                scrollback_lines: 1000
+              trust_x_forwarded_for: true
+        path: /etc/teleport.yaml 
+        create: true
+    - name: Generate self signed ssl cert 
+      ansible.builtin.shell: openssl req -x509 -newkey rsa:4096 -keyout /var/lib/teleport/webproxy_key.pem -out /var/lib/teleport/webproxy_cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN={{ SUBDOMAIN }}"
+    
    - name: Ensure teleport has selected state and enabled on boot.
      ansible.builtin.service:
        name: 'teleport'
@ -37,7 +79,7 @@

    - name: Get teleport token
      ansible.builtin.shell:
-        cmd: 'tctl tokens add --type=node --format=text'
+        cmd: 'tctl tokens add --type=node --format=text --insecure' 
        executable: /bin/bash
      register: token

@ -65,6 +107,7 @@
    - name: Check if teleport is installed.
      ansible.builtin.shell: "teleport version"
      register: teleport_bin_clients
+      ignore_errors: true

    - name: install teleport
      ansible.builtin.shell:
@ -75,6 +118,7 @@
      service:
        name: 'teleport'
        state: 'stopped'
+      when: teleport_bin_clients

    - name: remove existing config if exists
      ansible.builtin.file:
--- a/vars/default.yml
+++ b/vars/default.yml
@ -7,6 +7,9 @@
 #if you do enable reverse proxy make sure your selected domain name is routed to that ip address and port forwarding is set to the teleport host for ports 80 and 443
 REVERSE_PROXY: false
 #subdomain is the subdomain you want tied to teleport for the reverse proxy this should also be your hostname for your teleport hostnode(use {your teleport hostname}.localhost to use an internal certificate)
-SUBDOMAIN: t.localhost
+SUBDOMAIN: t.duboiss.com
 # set teleport version here
-TELEPORT_VER: 13.3.8
+TELEPORT_VER: 15.4.0
+
+SSL_ENABLED: yes
+SSL_EMAIL: harrison@duboiss.com