parent
793bbe6c69
commit
d811a6ea73
@ -0,0 +1,98 @@ |
||||
{ config, pkgs, lib, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.teleport; |
||||
settingsYaml = pkgs.formats.yaml { }; |
||||
in |
||||
{ |
||||
options = { |
||||
services.teleport = with lib.types; { |
||||
enable = mkEnableOption "the Teleport service"; |
||||
|
||||
settings = mkOption { |
||||
type = settingsYaml.type; |
||||
default = { }; |
||||
example = literalExpression '' |
||||
{ |
||||
teleport = { |
||||
nodename = "client"; |
||||
advertise_ip = "192.168.1.2"; |
||||
auth_token = "60bdc117-8ff4-478d-95e4-9914597847eb"; |
||||
auth_servers = [ "192.168.1.1:3025" ]; |
||||
log.severity = "DEBUG"; |
||||
ssh_service = { |
||||
enabled = true; |
||||
labels = { |
||||
role = "client"; |
||||
}; |
||||
}; |
||||
proxy_service.enabled = false; |
||||
auth_service.enabled = false; |
||||
} |
||||
''; |
||||
description = '' |
||||
Contents of the <literal>teleport.yaml</literal> config file. |
||||
The <literal>--config</literal> arguments will only be passed if this set is not empty. |
||||
|
||||
See <link xlink:href="https://goteleport.com/docs/setup/reference/config/"/>. |
||||
''; |
||||
}; |
||||
|
||||
insecure.enable = mkEnableOption '' |
||||
starting teleport in insecure mode. |
||||
|
||||
This is dangerous! |
||||
Sensitive information will be logged to console and certificates will not be verified. |
||||
Proceed with caution! |
||||
|
||||
Teleport starts with disabled certificate validation on Proxy Service, validation still occurs on Auth Service |
||||
''; |
||||
|
||||
diag = { |
||||
enable = mkEnableOption '' |
||||
endpoints for monitoring purposes. |
||||
|
||||
See <link xlink:href="https://goteleport.com/docs/setup/admin/troubleshooting/#troubleshooting/"/> |
||||
''; |
||||
|
||||
addr = mkOption { |
||||
type = str; |
||||
default = "127.0.0.1"; |
||||
description = "Metrics and diagnostics address."; |
||||
}; |
||||
|
||||
port = mkOption { |
||||
type = int; |
||||
default = 3000; |
||||
description = "Metrics and diagnostics port."; |
||||
}; |
||||
}; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf config.services.teleport.enable { |
||||
environment.systemPackages = [ pkgs.teleport ]; |
||||
|
||||
systemd.services.teleport = { |
||||
wantedBy = [ "multi-user.target" ]; |
||||
after = [ "network.target" ]; |
||||
serviceConfig = { |
||||
ExecStart = '' |
||||
${pkgs.teleport}/bin/teleport start \ |
||||
${optionalString cfg.insecure.enable "--insecure"} \ |
||||
${optionalString cfg.diag.enable "--diag-addr=${cfg.diag.addr}:${toString cfg.diag.port}"} \ |
||||
${optionalString (cfg.settings != { }) "--config=${settingsYaml.generate "teleport.yaml" cfg.settings}"} |
||||
''; |
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; |
||||
LimitNOFILE = 65536; |
||||
Restart = "always"; |
||||
RestartSec = "5s"; |
||||
RuntimeDirectory = "teleport"; |
||||
Type = "simple"; |
||||
}; |
||||
}; |
||||
}; |
||||
} |
||||
|
Loading…
Reference in new issue