From e99822f21e5a645ecc00838dc45ccfb58cae0ed3 Mon Sep 17 00:00:00 2001 From: David Simic Date: Thu, 19 Apr 2018 12:08:39 -0500 Subject: [PATCH] inventory.exmaple file to include amazon aws example --- .gitignore | 3 +++ inventory.example | 2 ++ playbooks/roles/openvpn/tasks/openvpn.yml | 5 +++++ .../roles/openvpn/templates/sshd.service.j2 | 18 ++++++++++++++++++ 4 files changed, 28 insertions(+) create mode 100644 playbooks/roles/openvpn/templates/sshd.service.j2 diff --git a/.gitignore b/.gitignore index 1ead0c6..82e3648 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ fetched_creds *.retry /inventory +.DS_Store +playbooks/group_vars/all.yml +playbooks/group_vars/openvpn-vpn.yml diff --git a/inventory.example b/inventory.example index a4a43d3..55ad2e3 100644 --- a/inventory.example +++ b/inventory.example @@ -5,6 +5,8 @@ [openvpn-internet] # Typical Digital Ocean config w/ root user and pub/priv key authentication #255.255.255.255 ansible_user=root +# Typical Amazon AWS Ubuntu config w/ sudo user ubuntu and pub/priv key authentication +#255.255.255.255 ansible_user=ubuntu ansible_become_user=root ansible_become=yes # Typical azure config w/ ssh authentication #255.255.255.255 ansible_user=vpnuser ansible_become=yes # Config for a machine with pub/priv key and password diff --git a/playbooks/roles/openvpn/tasks/openvpn.yml b/playbooks/roles/openvpn/tasks/openvpn.yml index dacd668..b30056f 100644 --- a/playbooks/roles/openvpn/tasks/openvpn.yml +++ b/playbooks/roles/openvpn/tasks/openvpn.yml @@ -4,6 +4,11 @@ name: net.ipv4.ip_forward value: 1 +- name: OpenVPN | Configuration | Copy sshd service file into place + template: + src: sshd.service.j2 + dest: "/lib/systemd/system/ssh.service" + - name: OpenVPN | Configuration | Copy OpenVPN server configuration files into place template: src: etc_openvpn_server.conf.j2 diff --git a/playbooks/roles/openvpn/templates/sshd.service.j2 b/playbooks/roles/openvpn/templates/sshd.service.j2 new file mode 100644 index 0000000..fd2d380 --- /dev/null +++ b/playbooks/roles/openvpn/templates/sshd.service.j2 @@ -0,0 +1,18 @@ +[Unit] +Description=OpenBSD Secure Shell server +Wants=sys-devices-virtual-net-tun-udp-1194.device +After=network.target auditd.service sys-devices-virtual-net-tun-udp-1194.device +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run + +[Service] +EnvironmentFile=-/etc/default/ssh +ExecStart=/usr/sbin/sshd -D $SSHD_OPTS +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +RestartPreventExitStatus=255 +Type=notify + +[Install] +WantedBy=multi-user.target +Alias=sshd.service