sys-cluster/teleport: add v2.6.7

3 files changed, 180 insertions, 0 deletions

diff --git a/sys-cluster/teleport/Manifest b/sys-cluster/teleport/Manifest
index 739e3918ea0b..ec5a8a5af893 100644
--- a/sys-cluster/teleport/Manifest
+++ b/sys-cluster/teleport/Manifest
@@ -3,3 +3,4 @@ DIST teleport-2.4.5.tar.gz 9975753 BLAKE2B cdb6e577cd565cf6760d73c92cac674571e9b
 DIST teleport-2.5.2.tar.gz 16211219 BLAKE2B 28d0d1bb8d01fba39e79a262744b69a9df27438b9dbb0a25cd23acd57b6004a7f2309e432c0db4188c2e023a0b0299fd64723acfd57c1328d2345bba08fff4a9 SHA512 58fad4015824b9077bbd13cc3c6a994e5a54ed367264477854da7b129eea04c4cba44a580650a259b01f390a9f2028d7501df2ac4ab4821d085bbfe1cd887ec5
 DIST teleport-2.5.6.tar.gz 16216649 BLAKE2B e5ae8645d59df2684601dab5c222399d89b356592774365ffbca4e3f2d9ed745f2839902ee1e244c7b7eb300230d771daa754bbbbe29fc8e79f833715094d4f2 SHA512 fae1eb53ff45115551c5002745303cd0e9a044557e6e56cda870a57531700bb68e23b59d2930ac2dd654b200732edc3ed9432e1bc0e9dbf0e7529e980599a323
 DIST teleport-2.5.8.tar.gz 16219666 BLAKE2B dd64ef4ca5b26e025e46c88d58e7ec226810b583c4b740416f6cc0caec5ea7d050c732368917ec34c5f8a36c7670d2903baa6c32203a2c5cac972e3a2b4bcbbb SHA512 070eebc889adde017641a833ee0e414c5f56848ac36fa96fb66e83062212307904e8264da758042765ba13d6a0c1b4f5314c1b0e90a2c37723ef1c0aa22889be
+DIST teleport-2.6.7.tar.gz 16655508 BLAKE2B a020ab999b7503cb7aec54ed81532baf9d08b98000f2c659f63859d89f7f2b5fb311c41d6fcafb7d9bf72ea1c97eecfc6ac621b7c90d74f5afe2717edb8b0402 SHA512 45002dcf7b99108ca6fffae94d6608188eb9b0bea05cd14068618bfb11c496cad5546e261f349fee70f2acb574e7fc44093683dd991001e01406da6982c5c4c3
diff --git a/sys-cluster/teleport/files/teleport-2.6.yaml b/sys-cluster/teleport/files/teleport-2.6.yaml
new file mode 100644
index 000000000000..384dea937c97
--- /dev/null
+++ b/sys-cluster/teleport/files/teleport-2.6.yaml
@@ -0,0 +1,130 @@
+# By default, this file should be stored in /etc/teleport.yaml
+## IMPORTANT ##
+#When editing YAML configuration, please pay attention to how your editor handles white space. YAML requires consistent handling of tab characters
+# This section of the configuration file applies to all teleport
+# services.
+teleport:
+    # nodename allows to assign an alternative name this node can be reached by.
+    # by default it's equal to hostname
+    # nodename: graviton
+
+    # Data directory where Teleport keeps its data, like keys/users for 
+    # authentication (if using the default BoltDB back-end)
+    data_dir: /var/lib/teleport
+
+    # one-time invitation token used to join a cluster. it is not used on 
+    # subsequent starts
+    auth_token: xxxx-token-xxxx
+
+    # when running in multi-homed or NATed environments Teleport nodes need 
+    # to know which IP it will be reachable at by other nodes
+    # public_addr: 10.1.0.5
+
+    # list of auth servers in a cluster. you will have more than one auth server
+    # if you configure teleport auth to run in HA configuration
+    auth_servers: 
+        - localhost:3025
+
+    # Teleport throttles all connections to avoid abuse. These settings allow
+    # you to adjust the default limits
+    connection_limits:
+        max_connections: 1000
+        max_users: 250
+
+    # Logging configuration. Possible output values are 'stdout', 'stderr' and 
+    # 'syslog'. Possible severity values are INFO, WARN and ERROR (default).
+    log:
+        output: stderr
+        severity: ERROR
+
+    # Type of storage used for keys. You need to configure this to use etcd
+    # backend if you want to run Teleport in HA configuration.
+    storage:
+        type: bolt
+
+# This section configures the 'auth service':
+auth_service:
+    enabled: yes
+
+    # defines the types and second factors the auth server supports
+    authentication:
+        # second_factor can be off, otp, or u2f
+        second_factor: otp
+
+        # this section is only used if using u2f
+        u2f:
+            # app_id should point to the Web UI.
+            app_id: https://localhost:3080
+
+            # facets should list all proxy servers.
+            facets:
+            - https://localhost
+            - https://localhost:3080
+
+    # IP and the port to bind to. Other Teleport nodes will be connecting to
+    # this port (AKA "Auth API" or "Cluster API") to validate client 
+    # certificates 
+    listen_addr: 0.0.0.0:3025
+
+    # Pre-defined tokens for adding new nodes to a cluster. Each token specifies
+    # the role a new node will be allowed to assume. The more secure way to 
+    # add nodes is to use `ttl node add --ttl` command to generate auto-expiring 
+    # tokens. 
+    #
+    # We recommend to use tools like `pwgen` to generate sufficiently random
+    # tokens of 32+ byte length.
+    tokens:
+        - "proxy,node:xxxxx"
+        - "auth:yyyy"
+
+    # Optional "cluster name" is needed when configuring trust between multiple
+    # auth servers. A cluster name is used as part of a signature in certificates
+    # generated by this CA.
+    # 
+    # By default an automatically generated GUID is used.
+    #
+    # IMPORTANT: if you change cluster_name, it will invalidate all generated 
+    # certificates and keys (may need to wipe out /var/lib/teleport directory)
+    cluster_name: "main"
+
+# This section configures the 'node service':
+ssh_service:
+    enabled: yes
+    # IP and the port for SSH service to bind to. 
+    listen_addr: 0.0.0.0:3022
+    # See explanation of labels in "Labeling Nodes" section below
+    labels:
+        role: master
+        type: postgres
+    # List (YAML array) of commands to periodically execute and use
+    # their output as labels. 
+    # See explanation of how this works in "Labeling Nodes" section below
+    commands:
+    - name: hostname
+      command: [/usr/bin/hostname]
+      period: 1m0s
+    - name: arch
+      command: [/usr/bin/uname, -p]
+      period: 1h0m0s
+
+# This section configures the 'proxy servie'
+proxy_service:
+    enabled: yes
+    # SSH forwarding/proxy address. Command line (CLI) clients always begin their
+    # SSH sessions by connecting to this port
+    listen_addr: 0.0.0.0:3023
+
+    # Reverse tunnel listening address. An auth server (CA) can establish an 
+    # outbound (from behind the firewall) connection to this address. 
+    # This will allow users of the outside CA to connect to behind-the-firewall 
+    # nodes.
+    tunnel_listen_addr: 0.0.0.0:3024
+
+    # The HTTPS listen address to serve the Web UI and also to authenticate the 
+    # command line (CLI) users via password+HOTP
+    web_listen_addr: 0.0.0.0:3080
+
+    # TLS certificate for the HTTPS connection. Configuring these properly is 
+    # critical for Teleport security.
+    https_key_file: /etc/teleport/teleport.key
+    https_cert_file: /etc/teleport/teleport.crt
diff --git a/sys-cluster/teleport/teleport-2.6.7.ebuild b/sys-cluster/teleport/teleport-2.6.7.ebuild
new file mode 100644
index 000000000000..a187d11ee22a
--- /dev/null
+++ b/sys-cluster/teleport/teleport-2.6.7.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit golang-build systemd
+
+DESCRIPTION="Modern SSH server for teams managing distributed infrastructure"
+HOMEPAGE="https://gravitational.com/teleport"
+
+EGO_PN="github.com/gravitational/${PN}/..."
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit git-r3 golang-vcs
+	EGIT_REPO_URI="https://github.com/gravitational/${PN}.git"
+else
+	inherit golang-vcs-snapshot
+	SRC_URI="https://github.com/gravitational/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+fi
+
+IUSE="pam"
+LICENSE="Apache-2.0"
+RESTRICT="test strip"
+SLOT="0"
+
+DEPEND="app-arch/zip"
+RDEPEND="pam? ( sys-libs/pam )"
+
+src_compile() {
+	BUILDFLAGS="" GOPATH="${S}" emake -j1 -C src/${EGO_PN%/*} full
+}
+
+src_install() {
+	keepdir /var/lib/${PN} /etc/${PN}
+	dobin src/${EGO_PN%/*}/build/{tsh,tctl,teleport}
+
+	insinto /etc/${PN}
+	newins "${FILESDIR}"/${PN}-2.6.yaml ${PN}.yaml
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}.conf.d ${PN}
+
+	systemd_newunit "${FILESDIR}"/${PN}.service ${PN}.service
+	systemd_install_serviced "${FILESDIR}"/${PN}.service.conf ${PN}.service
+}
+
+src_test() {
+	BUILDFLAGS="" GOPATH="${S}" emake -C src/${EGO_PN%/*} test
+}