From a5c5e1205060a997d26bf2662848b01055d4b52a Mon Sep 17 00:00:00 2001
From: expand-sys <expand@ur-mom.gay>
Date: Tue, 23 Jul 2024 21:22:04 +1000
Subject: [PATCH] blah

---
 main.ansible.yml | 17 +++++++++++++++--
 vars/default.yml |  2 +-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/main.ansible.yml b/main.ansible.yml
index 280ecd1..9ec6aab 100644
--- a/main.ansible.yml
+++ b/main.ansible.yml
@@ -21,7 +21,7 @@
 
     - name: install teleport
       ansible.builtin.shell:
-        cmd: 'curl https://goteleport.com/static/install.sh | bash -s {{ TELEPORT_VER }}'
+        cmd: 'curl https://goteleport.com/static/install.sh | bash -s {{ TELEPORT_VER }} oss' 
       when: not TELEPORT_VER in teleport_bin.stdout
 
     - name: create teleport.yaml config
@@ -40,6 +40,13 @@
             diag_addr: ""
           auth_service:
             proxy_listener_mode: multiplex
+            authentication:
+              type: local
+              second_factor: "on"
+              webauthn:
+                rp_id: t.duboiss.com
+              device_trust:
+                mode: off
           ssh_service:
             enabled: "yes"
             commands:
@@ -64,6 +71,12 @@
               trust_x_forwarded_for: true
         path: /etc/teleport.yaml 
         create: true
+
+    - name: make teleport directory
+      ansible.builtin.file:
+        path: /var/lib/teleport
+        state: directory
+
     - name: Generate self signed ssl cert 
       ansible.builtin.shell: openssl req -x509 -newkey rsa:4096 -keyout /var/lib/teleport/webproxy_key.pem -out /var/lib/teleport/webproxy_cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN={{ SUBDOMAIN }}"
     
@@ -111,7 +124,7 @@
 
     - name: install teleport
       ansible.builtin.shell:
-        cmd: 'curl https://goteleport.com/static/install.sh | bash -s 13.3.8'
+        cmd: 'curl https://goteleport.com/static/install.sh | bash -s {{ TELEPORT_VER }}'
       when: not TELEPORT_VER in teleport_bin_clients.stdout
     
     - name: Ensure teleport is stopped.
diff --git a/vars/default.yml b/vars/default.yml
index 4aeb07b..16a1112 100644
--- a/vars/default.yml
+++ b/vars/default.yml
@@ -9,7 +9,7 @@ REVERSE_PROXY: false
 #subdomain is the subdomain you want tied to teleport for the reverse proxy this should also be your hostname for your teleport hostnode(use {your teleport hostname}.localhost to use an internal certificate)
 SUBDOMAIN: t.duboiss.com
 # set teleport version here
-TELEPORT_VER: 15.4.0
+TELEPORT_VER: 16.1.0
 
 SSL_ENABLED: yes
 SSL_EMAIL: harrison@duboiss.com
\ No newline at end of file