From 555a4ea2db9d46f9c12818fb450a2e416cd00ff1 Mon Sep 17 00:00:00 2001
From: Shaun Smiley <senorsmile@gmail.com>
Date: Mon, 18 Dec 2017 16:27:28 -0800
Subject: [PATCH 1/2] Set defaults/ dir as a symlink in add_clients role

---
 playbooks/roles/add_clients/defaults       | 1 +
 playbooks/roles/add_clients/tasks/main.yml | 3 ---
 2 files changed, 1 insertion(+), 3 deletions(-)
 create mode 120000 playbooks/roles/add_clients/defaults

diff --git a/playbooks/roles/add_clients/defaults b/playbooks/roles/add_clients/defaults
new file mode 120000
index 0000000..e1ca9a6
--- /dev/null
+++ b/playbooks/roles/add_clients/defaults
@@ -0,0 +1 @@
+../openvpn/defaults
\ No newline at end of file
diff --git a/playbooks/roles/add_clients/tasks/main.yml b/playbooks/roles/add_clients/tasks/main.yml
index 8914c33..465b6d0 100644
--- a/playbooks/roles/add_clients/tasks/main.yml
+++ b/playbooks/roles/add_clients/tasks/main.yml
@@ -1,7 +1,4 @@
 ---
-- name: OpenVPN | Add Clients | Set variables
-  include_vars: ../../openvpn/defaults/main.yml
-
 - name: OpenVPN | Add Clients | Register the OpenVPN server common name
   command: cat {{ openvpn_server_common_name_file }}
   no_log: true

From 550f49c6f396d07e527cb4229f5474e0bdcf3f4c Mon Sep 17 00:00:00 2001
From: Shaun Smiley <senorsmile@gmail.com>
Date: Mon, 18 Dec 2017 16:28:19 -0800
Subject: [PATCH 2/2] Default SUDO_USER to nothing This is needed in the case
 that you are connecting to the server as root and ansible.env.SUDO_USER is
 not even present

---
 playbooks/roles/openvpn/tasks/harden_sshd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/roles/openvpn/tasks/harden_sshd.yml b/playbooks/roles/openvpn/tasks/harden_sshd.yml
index 05ccb7c..a54e42e 100644
--- a/playbooks/roles/openvpn/tasks/harden_sshd.yml
+++ b/playbooks/roles/openvpn/tasks/harden_sshd.yml
@@ -6,7 +6,7 @@
 
 - name: OpenVPN | Harden | Set allowed SSH users for test
   set_fact:
-    allowed_ssh_users: "{{ sudo_username }} {{ ansible_env.SUDO_USER }}"
+    allowed_ssh_users: "{{ sudo_username }} {{ ansible_env.SUDO_USER | default('') }}"
   when: ssh_on_vpn_only != true
   tags:
     - ci_test