+++ /dev/null
-# By default, this file should be stored in /etc/teleport.yaml
-## IMPORTANT ##
-#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
-# This section of the configuration file applies to all teleport
-# services.
-teleport:
- # nodename allows to assign an alternative name this node can be reached by.
- # by default it's equal to hostname
- # nodename: graviton
-
- # Data directory where Teleport keeps its data, like keys/users for
- # authentication (if using the default BoltDB back-end)
- data_dir: /var/lib/teleport
-
- # one-time invitation token used to join a cluster. it is not used on
- # subsequent starts
- auth_token: xxxx-token-xxxx
-
- # when running in multi-homed or NATed environments Teleport nodes need
- # to know which IP it will be reachable at by other nodes
- # public_addr: 10.1.0.5
-
- # list of auth servers in a cluster. you will have more than one auth server
- # if you configure teleport auth to run in HA configuration
- auth_servers:
- - localhost:3025
-
- # Teleport throttles all connections to avoid abuse. These settings allow
- # you to adjust the default limits
- connection_limits:
- max_connections: 1000
- max_users: 250
-
- # Logging configuration. Possible output values are 'stdout', 'stderr' and
- # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
- log:
- output: stderr
- severity: ERROR
-
- # Type of storage used for keys. You need to configure this to use etcd
- # backend if you want to run Teleport in HA configuration.
- storage:
- type: bolt
-
-# This section configures the 'auth service':
-auth_service:
- enabled: yes
-
- # defines the types and second factors the auth server supports
- authentication:
- # second_factor can be off, otp, or u2f
- second_factor: otp
-
- # this section is only used if using u2f
- u2f:
- # app_id should point to the Web UI.
- app_id: https://localhost:3080
-
- # facets should list all proxy servers.
- facets:
- - https://localhost
- - https://localhost:3080
-
- # IP and the port to bind to. Other Teleport nodes will be connecting to
- # this port (AKA "Auth API" or "Cluster API") to validate client
- # certificates
- listen_addr: 0.0.0.0:3025
-
- # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
- # the role a new node will be allowed to assume. The more secure way to
- # add nodes is to use `ttl node add --ttl` command to generate auto-expiring
- # tokens.
- #
- # We recommend to use tools like `pwgen` to generate sufficiently random
- # tokens of 32+ byte length.
- tokens:
- - "proxy,node:xxxxx"
- - "auth:yyyy"
-
- # Optional "cluster name" is needed when configuring trust between multiple
- # auth servers. A cluster name is used as part of a signature in certificates
- # generated by this CA.
- #
- # By default an automatically generated GUID is used.
- #
- # IMPORTANT: if you change cluster_name, it will invalidate all generated
- # certificates and keys (may need to wipe out /var/lib/teleport directory)
- cluster_name: "main"
-
-# This section configures the 'node service':
-ssh_service:
- enabled: yes
- # IP and the port for SSH service to bind to.
- listen_addr: 0.0.0.0:3022
- # See explanation of labels in "Labeling Nodes" section below
- labels:
- role: master
- type: postgres
- # List (YAML array) of commands to periodically execute and use
- # their output as labels.
- # See explanation of how this works in "Labeling Nodes" section below
- commands:
- - name: hostname
- command: [/usr/bin/hostname]
- period: 1m0s
- - name: arch
- command: [/usr/bin/uname, -p]
- period: 1h0m0s
-
-# This section configures the 'proxy servie'
-proxy_service:
- enabled: yes
- # SSH forwarding/proxy address. Command line (CLI) clients always begin their
- # SSH sessions by connecting to this port
- listen_addr: 0.0.0.0:3023
-
- # Reverse tunnel listening address. An auth server (CA) can establish an
- # outbound (from behind the firewall) connection to this address.
- # This will allow users of the outside CA to connect to behind-the-firewall
- # nodes.
- tunnel_listen_addr: 0.0.0.0:3024
-
- # The HTTPS listen address to serve the Web UI and also to authenticate the
- # command line (CLI) users via password+HOTP
- web_listen_addr: 0.0.0.0:3080
-
- # TLS certificate for the HTTPS connection. Configuring these properly is
- # critical for Teleport security.
- https_key_file: /etc/teleport/teleport.key
- https_cert_file: /etc/teleport/teleport.crt
+++ /dev/null
-# Copyright 2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit golang-build systemd
-
-DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
-HOMEPAGE="https://gravitational.com/teleport"
-
-EGO_PN="github.com/gravitational/${PN}/..."
-
-if [[ ${PV} == "9999" ]] ; then
- inherit git-r3 golang-vcs
- EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
-else
- inherit golang-vcs-snapshot
- SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~amd64 ~arm"
-fi
-
-IUSE="pam"
-LICENSE="Apache-2.0"
-RESTRICT="test strip"
-SLOT="0"
-
-DEPEND="app-arch/zip"
-RDEPEND="pam? ( sys-libs/pam )"
-
-src_compile() {
- BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full
-}
-
-src_install() {
- keepdir /var/lib/${PN} /etc/${PN}
- dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
-
- insinto /etc/${PN}
- newins "${FILESDIR}"/${PN}-2.yaml ${PN}.yaml
-
- newinitd "${FILESDIR}"/${PN}.init.d ${PN}
- newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
-
- systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service
- systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
-}
-
-src_test() {
- BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test
-}
projects / gentoo.git / commitdiff