expand/ansibleteleportsetup
1
0
Fork 0
mirror of https://github.com/Expand-sys/ansibleteleportsetup synced 2025-12-18 23:12:16 +11:00
Code Issues Projects Releases Packages Wiki Activity Actions

working

Browse source
This commit is contained in:
Expand 2023-09-13 16:27:20 +10:00
parent 5674eac0e6
commit d74268005a
5 changed files with 19 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.ansible-lint Normal file
View file

@ -0,0 +1,2 @@
skip_list:
- '403'

8
inventory
View file

@ -1,8 +1,8 @@
hostnode: hostnode:
hosts: hosts:
10.10.0.209: t2.dubois.localhost:
vars: ansible_ssh_user=root ansible_ssh_common_args='-o StrictHostKeyChecking=no' vars: ansible_ssh_user=root ansible_ssh_common_args='-o StrictHostKeyChecking=no' ANSIBLE_HOST_KEY_CHECKING=False
clients: clients:
hosts: hosts:
10.10.0.209: t2.dubois.localhost:
vars: ansible_ssh_user=root ansible_ssh_common_args='-o StrictHostKeyChecking=no' vars: ansible_ssh_user=root ansible_ssh_common_args='-o StrictHostKeyChecking=no' ANSIBLE_HOST_KEY_CHECKING=False

17
main.ansible.yml
View file

@ -14,24 +14,26 @@
register: teleport_bin register: teleport_bin
- debug: - debug:
msg: "{{ teleport_bin }}" msg: "{{ teleport_bin.stat }}"
- name: install teleport - name: install teleport
ansible.builtin.shell: ansible.builtin.shell:
cmd: 'curl https://goteleport.com/static/install.sh | bash -s 13.3.8' cmd: 'curl https://goteleport.com/static/install.sh | bash -s 13.3.8'
- name:
- name: Ensure teleport has selected state and enabled on boot. - name: Ensure teleport has selected state and enabled on boot.
service: service:
name: 'teleport' name: 'teleport'
state: 'started' state: 'started'
enabled: yes enabled: yes
- name: sleep for 15 secs to wait for teleport to start
ansible.builtin.wait_for:
timeout: 15
delegate_to: localhost
- name: Get teleport token - name: Get teleport token
ansible.builtin.shell: ansible.builtin.shell:
cmd: '/usr/local/bin/tctl tokens add --type=node --format=text' cmd: 'tctl tokens add --type=node --format=text'
executable: /bin/bash executable: /bin/bash
register: token register: token
@ -89,5 +91,6 @@
with_first_found: with_first_found:
- "vars/default.yml" - "vars/default.yml"
tasks: tasks:
- include_tasks: reverseproxy.ansible.yml - name: set up reverse proxy
when: {{ REVERSE_PROXY }} include_tasks: reverseproxy.ansible.yml
when: REVERSE_PROXY

4
reverseproxy.ansible..yml → reverseproxy.ansible.yml
View file

@ -9,7 +9,7 @@
ansible.builtin.blockinfile: ansible.builtin.blockinfile:
block: | block: |
{{ SUBDOMAIN }} { {{ SUBDOMAIN }} {
reverse_proxy https://{{ ansible_default_ipv4.address }}:3022 { reverse_proxy https://{{ ansible_default_ipv4.address }}:3080 {
transport http { transport http {
tls_insecure_skip_verify tls_insecure_skip_verify
} }
@ -42,7 +42,7 @@
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
dest: /etc/caddy/Caddyfile dest: /etc/systemd/system/caddy.service
- name: Start Caddy on startup - name: Start Caddy on startup
ansible.builtin.systemd_service: ansible.builtin.systemd_service:

2
vars/default.yml
View file

@ -7,5 +7,5 @@
#if you do enable reverse proxy make sure your selected domain name is routed to that ip address and port forwarding is set to the teleport host for ports 80 and 443 #if you do enable reverse proxy make sure your selected domain name is routed to that ip address and port forwarding is set to the teleport host for ports 80 and 443
REVERSE_PROXY: true REVERSE_PROXY: true
#subdomain is the subdomain you want tied to teleport for the reverse proxy this should also be your hostname for your teleport hostnode(use {your teleport hostname}.localhost to use an internal certificate) #subdomain is the subdomain you want tied to teleport for the reverse proxy this should also be your hostname for your teleport hostnode(use {your teleport hostname}.localhost to use an internal certificate)
SUBDOMAIN: t.localhost SUBDOMAIN: t2.dubois.localhost