#cloud-config

package_upgrade: true
packages:
  - fail2ban
  - curl
users:
  - name: vpn
#    ssh_authorized_keys:
#      - ssh-rsa ... Main computer
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: sudo
    shell: /bin/bash
write_files:
  - path: /etc/fail2ban/jail.local
    content: |
        [DEFAULT]
        # Ban hosts for one hour:
        bantime = 3600
        #
        # Override /etc/fail2ban/jail.d/00-firewalld.conf:
        banaction = iptables-multiport
        #
        [sshd]
        enabled = true
        port    = 4444
        logpath = %(sshd_log)s
runcmd:
  # Configure SSH and fail2ban
  - sed -i -e '/^Port/s/^.*$/Port 4444/' /etc/ssh/sshd_config
  - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -e '$aAllowUsers vpn' /etc/ssh/sshd_config
  - service ssh restart
  - service fail2ban restart
  # Install OpenVPN
  - wget git.io/vpn --no-check-certificate -O openvpn-install.sh && bash openvpn-install.sh
  - cp /root/client.ovpn /home/vpn/client.ovpn
  # Reboot system after finished
  - shutdown --reboot now