Automate the provisioning of an ephemeral development server on Google Cloud Platform.
An immutable image is built with Packer and deployed on an e2-micro
Compute Engine instance (in us-east1-b to fall in the free tier) with
Terraform, all via Cloud Build.
The instance is only accessible via SSH and MOSH in your Tailscale network.
If you don't have an SSH key pair already, generate one (preferably with a high-entropy passphrase):
ssh-keygen -o -a 100 -t ed25519 -C remote-devRun the setup script to set the permissions to call the services APIs and setup Packer/Terraform:
./run.sh -sIn the remote-dev repository, submit the Packer Cloud Build job:
./run.sh -pIn remote-dev/terraform/env/prod/terraform.tfvars, replace the SSH user/public key and Tailscale machines IP addresses
with your own values.
Generate a Tailscale ephemeral key and set it:
export TAILSCALE_KEY="tskey-xxx"Then in the remote-dev repository, submit the Terraform Cloud Build jobs:
./run.sh -tOnce deployed, you can set explicit Tailscale ACLs like the following to restrict network access in your mesh:
{
"Hosts": {
"remote-dev": "INSERT_IP_ADDRESS_HERE"
},
"ACLs": [
{ "Action": "accept", "Users": ["INSERT_USERNAME_HERE"], "Ports": ["remote-dev:22,60000-61000"] }
]
}In the remote-dev repository, submit the Terraform Destroy Cloud Build jobs:
./run.sh -d- Google Cloud Build: A service to "Continuously build, test, and deploy".
- Packer: A tool to "Build Automated Machine Images".
- Terraform: A tool to "Write, Plan, and Create Infrastructure as Code".
- Tailscale: A zero config WireGuard mesh VPN.
This project is licensed under the MIT License - see the LICENSE file for details