expand/ansibleteleportsetup
1
0
Fork 0
mirror of https://github.com/Expand-sys/ansibleteleportsetup synced 2026-03-22 10:07:08 +11:00
Code Issues Projects Releases Packages Wiki Activity Actions

blah

Browse source
This commit is contained in:
expand-sys 2024-07-23 21:22:04 +10:00
parent afc1da5c5f
commit a5c5e12050
2 changed files with 16 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
main.ansible.yml
View file

@ -21,7 +21,7 @@
- name: install teleport - name: install teleport
ansible.builtin.shell: ansible.builtin.shell:
cmd: 'curl https://goteleport.com/static/install.sh | bash -s {{ TELEPORT_VER }}' cmd: 'curl https://goteleport.com/static/install.sh | bash -s {{ TELEPORT_VER }} oss'
when: not TELEPORT_VER in teleport_bin.stdout when: not TELEPORT_VER in teleport_bin.stdout
- name: create teleport.yaml config - name: create teleport.yaml config
@ -40,6 +40,13 @@
diag_addr: "" diag_addr: ""
auth_service: auth_service:
proxy_listener_mode: multiplex proxy_listener_mode: multiplex
authentication:
type: local
second_factor: "on"
webauthn:
rp_id: t.duboiss.com
device_trust:
mode: off
ssh_service: ssh_service:
enabled: "yes" enabled: "yes"
commands: commands:
@ -64,6 +71,12 @@
trust_x_forwarded_for: true trust_x_forwarded_for: true
path: /etc/teleport.yaml path: /etc/teleport.yaml
create: true create: true
- name: make teleport directory
ansible.builtin.file:
path: /var/lib/teleport
state: directory
- name: Generate self signed ssl cert - name: Generate self signed ssl cert
ansible.builtin.shell: openssl req -x509 -newkey rsa:4096 -keyout /var/lib/teleport/webproxy_key.pem -out /var/lib/teleport/webproxy_cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN={{ SUBDOMAIN }}" ansible.builtin.shell: openssl req -x509 -newkey rsa:4096 -keyout /var/lib/teleport/webproxy_key.pem -out /var/lib/teleport/webproxy_cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN={{ SUBDOMAIN }}"
@ -111,7 +124,7 @@
- name: install teleport - name: install teleport
ansible.builtin.shell: ansible.builtin.shell:
cmd: 'curl https://goteleport.com/static/install.sh | bash -s 13.3.8' cmd: 'curl https://goteleport.com/static/install.sh | bash -s {{ TELEPORT_VER }}'
when: not TELEPORT_VER in teleport_bin_clients.stdout when: not TELEPORT_VER in teleport_bin_clients.stdout
- name: Ensure teleport is stopped. - name: Ensure teleport is stopped.

2
vars/default.yml
View file

@ -9,7 +9,7 @@ REVERSE_PROXY: false
#subdomain is the subdomain you want tied to teleport for the reverse proxy this should also be your hostname for your teleport hostnode(use {your teleport hostname}.localhost to use an internal certificate) #subdomain is the subdomain you want tied to teleport for the reverse proxy this should also be your hostname for your teleport hostnode(use {your teleport hostname}.localhost to use an internal certificate)
SUBDOMAIN: t.duboiss.com SUBDOMAIN: t.duboiss.com
# set teleport version here # set teleport version here
TELEPORT_VER: 15.4.0 TELEPORT_VER: 16.1.0
SSL_ENABLED: yes SSL_ENABLED: yes
SSL_EMAIL: harrison@duboiss.com SSL_EMAIL: harrison@duboiss.com