diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..4752f13 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 hoverkraft + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 59a090e..0238073 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,8 @@ -enix.teleport -============= +# webofmars/teleport A role for deploying and configuring [teleport](https://goteleport.com) and extensions on unix hosts using [Ansible](http://www.ansible.com/). -Requirements ------------- +## Requirements Supported targets: @@ -17,8 +15,7 @@ Supported targets: - Debian 10 "Buster" - Debian 11 "Bullseye" -Role Variables --------------- +## Role Variables This roles comes preloaded with almost every available default. You can override each one in your hosts/group vars, in your inventory, or in your play. See the annotated defaults in `defaults/main.yml` for help in configuration. All provided variables start with `teleport__`. @@ -50,6 +47,12 @@ This roles comes preloaded with almost every available default. You can override - `name` - Name of the application - `uri` - URI to reverse-proxify - `skip_verify: false` - Whether or not to skip certificate verification on the target URI +- `teleport__db: false` - Enable teleport db module +- `teleport_databases: []` - List of databases, defined as a dict with the following keys: + - `name` - Name of the database instance in teleport + - `protocol` - Name of the protocol (like mysql / postgresql) + - `uri` - URI of the database from the node (have to match the certificate) + - `static_labels` - List of labels to be applied to the database - `teleport__web_addr: {{ teleport__bind_addr }}` - Bind address for web teleport service - `teleport__web_port: 443` - Port to bind for web teleport service - `teleport__tunnel_addr: {{ teleport__bind_addr }}` - Bind address for tunnel service @@ -113,4 +116,4 @@ And add it to your play's roles: ## License -- Apache2 +- MIT diff --git a/defaults/main.yml b/defaults/main.yml index e34dbb1..cc60b6d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,4 +1,3 @@ ---- # defaults file for teleport teleport__version: 13 @@ -24,6 +23,8 @@ teleport__ssh_addr: "{{ teleport__bind_addr }}" teleport__ssh_port: 3022 teleport__app: false teleport__applications: [] +teleport__db: false +teleport__databases: [] teleport__web_addr: "{{ teleport__bind_addr }}" teleport__web_port: 443 teleport__tunnel_addr: "{{ teleport__bind_addr }}" diff --git a/templates/teleport.yaml.j2 b/templates/teleport.yaml.j2 index f9e070d..bd4b206 100644 --- a/templates/teleport.yaml.j2 +++ b/templates/teleport.yaml.j2 @@ -97,3 +97,18 @@ app_service: {% endif %} {% endfor %} {%endif%} + +{% if teleport__db %} +db_service: + enabled: yes + databases: + {% for db in teleport_databases %} + - name: "{{ db.name }}" + protocol: {{ db.protocol }} + uri: "{{ db.uri }}" + static_labels: + {% for label_id, value in db.static_labels.items() %} + {{ label_id }}: {{ value }} + {% endfor %} + {% endfor %} +{%endif%}