remote-dev (on GCP)

Automate the provisioning of an ephemeral development server on Google Cloud Platform. An immutable image is built with Packer and deployed on an e2-micro Compute Engine instance (in us-east1-b to fall in the free tier) with Terraform, all via Cloud Build. The instance is only accessible via SSH and MOSH in your Tailscale network.

Diagram

Usage

✅ Prerequisites

🔐 Generate your SSH key pair

If you don't have an SSH key pair already, generate one (preferably with a high-entropy passphrase):

ssh-keygen -o -a 100 -t ed25519 -C remote-dev

👷‍♂️ Setup Cloud Build

Run the setup script to set the permissions to call the services APIs and setup Packer/Terraform:

./run.sh -s

⚙️ Build the machine image

In the remote-dev repository, submit the Packer Cloud Build job:

./run.sh -p

🚀 Deploy the server

In remote-dev/terraform/env/prod/terraform.tfvars, replace the SSH user/public key and Tailscale machines IP addresses with your own values.

Generate a Tailscale ephemeral key and set it:

export TAILSCALE_KEY="tskey-xxx"

Then in the remote-dev repository, submit the Terraform Cloud Build jobs:

./run.sh -t

Once deployed, you can set explicit Tailscale ACLs like the following to restrict network access in your mesh:

{
  "Hosts": {
    "remote-dev": "INSERT_IP_ADDRESS_HERE"
  },
  "ACLs": [
    { "Action": "accept", "Users": ["INSERT_USERNAME_HERE"], "Ports": ["remote-dev:22,60000-61000"] }
  ]
}

💥 Destroy the server

In the remote-dev repository, submit the Terraform Destroy Cloud Build jobs:

./run.sh -d

About

🧰 Tech/frameworks used

• Google Cloud Build: A service to "Continuously build, test, and deploy".
• Packer: A tool to "Build Automated Machine Images".
• Terraform: A tool to "Write, Plan, and Create Infrastructure as Code".
• Tailscale: A zero config WireGuard mesh VPN.

📃 License

This project is licensed under the MIT License - see the LICENSE file for details