656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
675 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Deploys an Ubuntu Minimal OS Virtual Machine with Docker-ce and Docker Compose installed in GCP using Terraform
2 | Using the below instructions and supplied .tf files you will be able to deploy an e2-micro instance into GCP using Terraform, this is the free tier so shouldnt cost you a thing. This version comes with docker installed and will inject a compose file into the app data drive in /mnt/disks/docker/projects/app my example contains an Uptime Kuma and Healthchecks container.
3 |
4 | # 🔧 IMPORTANT
5 | I have moved all the installation instructions for this project over to my doc's site at [sudo-kraken Docs](https://sudo-kraken.github.io/docs/gcp-free-forever/) This contains everything you need to know and more to deploy this project.
6 |
7 |
8 |
9 |
10 | Everything from this point down is deprecated in favor of the doc's page, I am leaving it in however for those of you who do not require a long and in-depth guide.
11 |
12 | ____
13 |
14 | ## Instructions
15 | Firstly you will need to have a GCP account you can read more on this [here](https://cloud.google.com/free/docs/gcp-free-tier). Once this is done, go ahead and create yourself a blank project, name it whatever you like. Then enable the Compute Engine API, finally proceed to open up the google cloud shell from within that project.
16 |
17 | Once in the cloud shell, make sure you are in /home/USERHERE
18 | Create the folders required for your auth, tf, and docker compose files. (You should automatically be in your home folder feel free to put these wherever you choose.)
19 |
20 | - I made the folders in /home/USER.
21 | - All TF files go in the terraform folder.
22 | - docker-compose.yaml goes into compose_files
23 | - The auth command auto outputs into the /home/USER/auth folder
24 | - Finally the startup.sh goes into the startup folder.
25 |
26 | ```
27 | cd ~/
28 |
29 | mkdir terraform
30 |
31 | mkdir auth
32 |
33 | mkdir compose_files
34 |
35 | mkdir startup
36 |
37 | mkdir .ssh
38 | ```
39 | Git clone this repo into the terraform folder and move the compose file into the compose_files folder, startup.sh into the startup folder.
40 |
41 | You will also need to store a private and public key in your ~/.ssh folder and name them "sshkey" and "sshkey.pub", these should container your OpenSSH format keys, this will be what is added to the VM so that you can SSH in on the public interface to manage it.
42 |
43 | Now you will need to create a service account to use Terraform with and give it all the required permissions necessary to provision the VM.
44 |
45 | ```
46 | # Creates a service account named tf-serviceaccount
47 | gcloud iam service-accounts create tf-serviceaccount --description="service account for terraform" --display-name="terraform_service_account"
48 |
49 | # List accounts to ensure it was created
50 | gcloud iam service-accounts list
51 |
52 | # Create keys for the service account to use when provisioning and store them in the auth folder.
53 | **Ensure that you update PROJECT-ID-HERE with your project ID.**
54 | gcloud iam service-accounts keys create ~/auth/google-key.json --iam-account tf-serviceaccount@PROJECT-ID-HERE.iam.gserviceaccount.com
55 | ```
56 |
57 | With this done we will now add the following permissions to the service account.
58 |
59 | ```
60 | gcloud services enable cloudresourcemanager.googleapis.com
61 | gcloud services enable cloudbilling.googleapis.com
62 | gcloud services enable iam.googleapis.com
63 | gcloud services enable storage.googleapis.com
64 | gcloud services enable serviceusage.googleapis.com
65 |
66 | # For all of the below commands ensure that you update PROJECT-ID-HERE with your project ID.
67 | gcloud projects add-iam-policy-binding PROJECT-ID-HERE --member serviceAccount:tf-serviceaccount@PROJECT-ID-HERE.iam.gserviceaccount.com --role roles/viewer
68 |
69 | gcloud projects add-iam-policy-binding PROJECT-ID-HERE --member serviceAccount:tf-serviceaccount@PROJECT-ID-HERE.iam.gserviceaccount.com --role roles/storage.admin
70 |
71 | gcloud projects add-iam-policy-binding PROJECT-ID-HERE --member serviceAccount:tf-serviceaccount@PROJECT-ID-HERE.iam.gserviceaccount.com --role roles/compute.instanceAdmin.v1
72 |
73 | gcloud projects add-iam-policy-binding PROJECT-ID-HERE --member serviceAccount:tf-serviceaccount@PROJECT-ID-HERE.iam.gserviceaccount.com --role roles/compute.networkAdmin
74 |
75 | gcloud projects add-iam-policy-binding PROJECT-ID-HERE --member serviceAccount:tf-serviceaccount@PROJECT-ID-HERE.iam.gserviceaccount.com --role roles/compute.securityAdmin
76 | ```
77 |
78 | Now you will want to copy all of the .tf files in this repo into the terraform folder we created earlier, ensure you read all of them carefully and update each one with your own information.
79 |
80 | You should now be ready to deploy. First you will run the init, to pull all dependancies, then a plan to test the config and finally apply to build the project.
81 | ```
82 | terraform init
83 |
84 | terraform plan
85 |
86 | terraform apply
87 | ```
88 |
89 | Voila! if all is well you should be presented with the information of your new vm. You can now SSH in via the public IP or go through the cloud console SSH which can be found in the GCP Compute Engine under VM Instances. It can take a couple of minutes to complete all the installations and file injection once the machine is up so give it a few minutes to process, it will all be there I promise.
90 |
91 | By Default Google sets the VM networking to premium, so dont forget to go and change it to standard, as shown here.
92 |
93 | 
94 |
95 | ____
96 |
97 | ### Notes
98 | ``` sh
99 | .
100 | ├─ auth/ # Folder to store the API user credentials
101 | ├─ compose_files/
102 | │ └─ docker-compose.yaml # Docker compose configuration file
103 | ├─ startup/
104 | │ └─ startup.sh # Startup script to install dependancies
105 | └─ terraform/
106 | ├─ network-firewall.tf # Network Firewall Rule Definitions
107 | ├─ network-main.tf # Network Definitions
108 | ├─ network-variables.tf # Network Terraform Variable Definitions
109 | ├─ provider-main.tf # GCP Providers Definitions
110 | ├─ provider-variables.tf # GCP Providers Terraform Variable Definitions
111 | ├─ terraform.tfvars # Terraform Variable Definitions
112 | ├─ ubnt-versions.tf # Ubuntu Version Definitions
113 | ├─ ubnt-vm-main.tf # Main VM Configuration Definitions
114 | ├─ ubnt-vm-output.tf # Information To Display When Provisioning Completes
115 | └─ ubnt-vm-variables.tf # Main VM Terraform Variable Definitions
116 | ```
117 | ### Google Free Tier Information
118 | I have highlighted the key information in bold below.
119 |
120 | **Compute Engine**
121 | - 1 non-preemptible **e2-micro VM** instance per month in one of the following US regions:
122 | - Oregon: **us-west1**
123 | - Iowa: us-central1
124 | - South Carolina: us-east1
125 | - 30 GB-months standard persistent disk**
126 | - 5 GB-month snapshot storage** in the following regions:
127 | - Oregon: **us-west1**
128 | - Iowa: us-central1
129 | - South Carolina: us-east1
130 | - Taiwan: asia-east1
131 | - Belgium: europe-west1
132 | - **1 GB network egress from North America to all region destinations** (excluding China and Australia) per month
133 | - **Your Free Tier e2-micro instance limit is by time**, not by instance. Each month, eligible use of all of your e2-micro instance is free until you have used a number of hours equal to the total hours in the current month. Usage calculations are combined across the supported regions.
134 |
135 | - **Compute Engine free tier does not charge for an external IP address.**
136 |
137 | - GPUs and TPUs are not included in the Free Tier offer. You are always charged for GPUs and TPUs that you add to VM instances.
138 |
139 |
140 | ### Infrastructure model
141 |
142 | 
143 |
--------------------------------------------------------------------------------
/assets/gcp/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/1.png
--------------------------------------------------------------------------------
/assets/gcp/10.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/10.png
--------------------------------------------------------------------------------
/assets/gcp/11.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/11.png
--------------------------------------------------------------------------------
/assets/gcp/12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/12.png
--------------------------------------------------------------------------------
/assets/gcp/13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/13.png
--------------------------------------------------------------------------------
/assets/gcp/14.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/14.png
--------------------------------------------------------------------------------
/assets/gcp/15.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/15.png
--------------------------------------------------------------------------------
/assets/gcp/16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/16.png
--------------------------------------------------------------------------------
/assets/gcp/17.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/17.png
--------------------------------------------------------------------------------
/assets/gcp/18.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/18.png
--------------------------------------------------------------------------------
/assets/gcp/19.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/19.png
--------------------------------------------------------------------------------
/assets/gcp/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/2.png
--------------------------------------------------------------------------------
/assets/gcp/20.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/20.png
--------------------------------------------------------------------------------
/assets/gcp/21.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/21.png
--------------------------------------------------------------------------------
/assets/gcp/22.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/22.png
--------------------------------------------------------------------------------
/assets/gcp/23.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/23.gif
--------------------------------------------------------------------------------
/assets/gcp/24.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/24.png
--------------------------------------------------------------------------------
/assets/gcp/25.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/25.png
--------------------------------------------------------------------------------
/assets/gcp/3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/3.png
--------------------------------------------------------------------------------
/assets/gcp/4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/4.png
--------------------------------------------------------------------------------
/assets/gcp/5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/5.png
--------------------------------------------------------------------------------
/assets/gcp/6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/6.png
--------------------------------------------------------------------------------
/assets/gcp/7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/7.png
--------------------------------------------------------------------------------
/assets/gcp/8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/8.png
--------------------------------------------------------------------------------
/assets/gcp/9.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sudo-kraken/terraform-gcp-ubuntu-container-ready-e2-micro-vm/0e813e0789cea60d7b3a805c0f4366a11da3c6d7/assets/gcp/9.png
--------------------------------------------------------------------------------
/docker-compose.yaml:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## Change as Required ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 |
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 | ################################## Networks ####################################
7 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
8 |
9 | networks:
10 | proxy_net:
11 | name: proxy_net
12 | driver: bridge
13 | ipam:
14 | config:
15 | - subnet: 10.0.0.0/24
16 |
17 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
18 | ################################## Services ####################################
19 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
20 |
21 | services:
22 |
23 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
24 | ################################## Uptime Kuma ####################################
25 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
26 |
27 | uptime-kuma:
28 | container_name: uptime-kuma
29 | image: louislam/uptime-kuma:latest
30 | restart: unless-stopped
31 | volumes:
32 | - /mnt/disks/docker/uptime-kuma:/app/data
33 | networks:
34 | - proxy_net
35 | ports:
36 | - 3001:3001
37 | security_opt:
38 | - no-new-privileges:true
39 |
40 | ##~~~~~~~~~~~~~~~~~~~~##
41 | ##### Healthchecks #####
42 | ##~~~~~~~~~~~~~~~~~~~~##
43 |
44 | healthchecks:
45 | container_name: healthchecks
46 | image: linuxserver/healthchecks:latest
47 | restart: unless-stopped
48 | environment:
49 | - TZ=Europe/London
50 | - SITE_ROOT=https://healthchecks.domainhere
51 | - SITE_NAME=Health Checks
52 | - SUPERUSER_EMAIL=adminemailhere
53 | - SUPERUSER_PASSWORD=adminpasshere
54 | - APPRISE_ENABLED=True
55 | - PING_BODY_LIMIT=100000
56 | - DEBUG=False
57 | volumes:
58 | - /mnt/disks/docker/healthchecks:/config
59 | networks:
60 | - proxy_net
61 | ports:
62 | - 8000:8000
63 | security_opt:
64 | - no-new-privileges:true
65 |
--------------------------------------------------------------------------------
/network-firewall.tf:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## Network Firewall Rules - Main ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 | ## Change as Required ##
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 |
7 | # Update all instances of IDENTIFIER in the name fields below with something unique to you like VM name or your initials.
8 |
9 | # Allow http
10 | resource "google_compute_firewall" "allow-http" {
11 | name = "IDENTIFIER-fw-allow-http"
12 | network = google_compute_network.vpc.name
13 | allow {
14 | protocol = "tcp"
15 | ports = ["80"]
16 | }
17 |
18 | source_ranges = ["0.0.0.0/0"]
19 | target_tags = ["http-server"]
20 | }
21 |
22 | # allow https
23 | resource "google_compute_firewall" "allow-https" {
24 | name = "IDENTIFIER-fw-allow-https"
25 | network = google_compute_network.vpc.name
26 | allow {
27 | protocol = "tcp"
28 | ports = ["443"]
29 | }
30 |
31 | source_ranges = ["0.0.0.0/0"]
32 | target_tags = ["https-server"]
33 | }
34 |
35 | # allow ssh
36 | resource "google_compute_firewall" "allow-ssh" {
37 | name = "IDENTIFIER-fw-allow-http-fw-allow-ssh"
38 | network = google_compute_network.vpc.name
39 | allow {
40 | protocol = "tcp"
41 | ports = ["22"]
42 | }
43 |
44 | source_ranges = ["0.0.0.0/0"]
45 | target_tags = ["ssh"]
46 | }
47 |
--------------------------------------------------------------------------------
/network-main.tf:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## Network - Main ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 | ## Change as Required ##
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 |
7 | # Update IDENTIFIER in the name fields below with something unique to you like VM name or your initials.
8 |
9 | # Create VPC
10 | resource "google_compute_network" "vpc" {
11 | name = "IDENTIFIER-vpc"
12 | auto_create_subnetworks = "false"
13 | routing_mode = "GLOBAL"
14 | }
15 |
16 | # create public subnet
17 | resource "google_compute_subnetwork" "network_subnet" {
18 | name = "IDENTIFIER-subnet"
19 | ip_cidr_range = var.network-subnet-cidr
20 | network = google_compute_network.vpc.name
21 | region = var.gcp_region
22 | }
23 |
--------------------------------------------------------------------------------
/network-variables.tf:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## Network - Variables ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 | ## Change as Required ##
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 |
7 | variable "network-subnet-cidr" {
8 | type = string
9 | description = "The CIDR for the network subnet"
10 | }
11 |
--------------------------------------------------------------------------------
/provider-main.tf:
--------------------------------------------------------------------------------
1 | ###~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## GCP Provider - Main ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 | ## Change as Required ##
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 |
7 | # Define Terraform provider
8 | terraform {
9 | required_version = "~> 1.0"
10 |
11 | required_providers {
12 | google = {
13 | source = "hashicorp/google"
14 | // version = "4.11.0" # pinning version
15 | }
16 | }
17 | }
18 |
19 | provider "google" {
20 | credentials = file(var.gcp_auth_file)
21 | project = var.gcp_project
22 | region = var.gcp_region
23 | zone = var.gcp_zone
24 | }
25 |
--------------------------------------------------------------------------------
/provider-variables.tf:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## GCP Provider - Variables ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 | ## Change as Required ##
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 |
7 | # GCP authentication file
8 | variable "gcp_auth_file" {
9 | type = string
10 | description = "GCP authentication file"
11 | }
12 |
13 | # define GCP project name
14 | variable "gcp_project" {
15 | type = string
16 | description = "GCP project name"
17 | }
18 |
19 | # define GCP region
20 | variable "gcp_region" {
21 | type = string
22 | description = "GCP region"
23 | }
24 |
25 | # define GCP region
26 | variable "gcp_zone" {
27 | type = string
28 | description = "GCP zone"
29 | }
30 |
--------------------------------------------------------------------------------
/startup.sh:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## Change as Required ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 |
5 | # Update
6 | sudo apt update
7 |
8 | # Mount App Data
9 | fsck.ext4 -tvy /dev/sdb || mkfs.ext4 /dev/sdb
10 | mkdir -p /mnt/disks/docker
11 | mount -o defaults -t ext4 /dev/sdb /mnt/disks/docker
12 | mkdir -p /mnt/disks/docker/projects/app
13 | sudo chmod 777 /mnt/disks/docker/projects/app
14 |
15 | # Allow user account access to sudo without password for these actions - update the username to your own
16 | sudo echo "USERNAMEHERE ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/mv,/bin/cat,/bin/rm,/bin/nano" >> /etc/sudoers
17 |
18 | # Install Docker
19 | sudo apt install apt-transport-https ca-certificates curl software-properties-common gnupg lsb-release -y
20 | sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg --batch --yes
21 | echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
22 | sudo apt update -y
23 | sudo apt install docker-ce nano -y
24 |
25 | # Install Docker Compose - manually add your username to the path
26 | sudo mkdir -p /usr/local/lib/docker/cli-plugins
27 | sudo curl -L https://github.com/docker/compose/releases/download/v2.4.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/lib/docker/cli-plugins/docker-compose
28 | sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
29 | sudo usermod -aG sudo USERNAMEHERE
30 | sudo usermod -aG docker USERNAMEHERE
31 | sleep 30
32 |
33 | # Move compose file - again update the username here
34 | sudo mv /home/USERNAMEHERE/docker-compose.yaml /mnt/disks/docker/projects/app/docker-compose.yaml
35 |
--------------------------------------------------------------------------------
/terraform.tfvars:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## Terraform - Variables ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 | ## Change as Required ##
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 |
7 | # Please update all the info below with your own project ID, region you want this hosted in, network CIDR and instance type.
8 |
9 | # GCP Settings
10 | gcp_project = "PROJECT-ID-HERE"
11 | gcp_region = "us-west1"
12 | gcp_zone = "us-west1-a"
13 | gcp_auth_file = "../auth/google-key.json"
14 |
15 | # GCP Netwok
16 | network-subnet-cidr = "10.0.10.0/24"
17 |
18 | # Linux VM
19 | vm_instance_type = "e2-micro"
20 | user = "middlewareinvetory_gmail_com" # this should match the username set by the OS Login
21 | email = "tf-serviceaccount@PROJECTNAME.iam.gserviceaccount.com" # this should match the service account we set earlier
22 |
--------------------------------------------------------------------------------
/ubnt-versions.tf:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## Ubuntu Versions ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 | ## Change as Required ##
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 |
7 | variable "ubnt_1804" {
8 | type = string
9 | description = "Ubuntu Minimal - 18.04 - Bionic - LTS"
10 | default = "ubuntu-os-cloud/ubuntu-minimal-1804-lts"
11 | }
12 |
13 | variable "ubnt_2004" {
14 | type = string
15 | description = "Ubuntu Minimal - 20.04 - Focal - LTS"
16 | default = "ubuntu-os-cloud/ubuntu-minimal-2004-lts"
17 | }
18 |
19 | variable "ubnt_2204" {
20 | type = string
21 | description = "Ubuntu Minimal - 22.04 - Jammy - LTS"
22 | default = "ubuntu-os-cloud/ubuntu-minimal-2204-lts"
23 | }
--------------------------------------------------------------------------------
/ubnt-vm-main.tf:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## GCP Linux VM - Main ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 | ## Change as Required ##
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 |
7 | /* App Data Disk --------------------------------------------------------------------- */
8 | resource "google_compute_disk" "app-data" {
9 | name = "app-data"
10 | type = "pd-standard"
11 | zone = "${var.gcp_zone}"
12 | size = 20
13 | labels = {
14 | vm = "gcp-cos-vm-01"
15 | managedby = "terraform"
16 | }
17 | }
18 |
19 | /* VM --------------------------------------------------------------------- */
20 | resource "google_compute_instance" "gcp-ubnt-vm" {
21 | name = var.vm_name
22 | machine_type = var.vm_instance_type
23 | zone = var.gcp_zone
24 | can_ip_forward = "true"
25 | allow_stopping_for_update = "true"
26 | tags = ["ssh","http-server","https-server"]
27 |
28 |
29 | /* Boot Disk --------------------------------------------------------------------- */
30 | boot_disk {
31 | initialize_params {
32 | image = var.ubnt_2204
33 | }
34 | }
35 |
36 | /* App Data Disk --------------------------------------------------------------------- */
37 | attached_disk {
38 | source = google_compute_disk.app-data.self_link
39 | device_name = google_compute_disk.app-data.name
40 | }
41 |
42 | /* Startup Script --------------------------------------------------------------------- */
43 | metadata = {
44 | ssh-keys = "${var.user}:${file(var.publickeypath)}"
45 | }
46 |
47 | metadata_startup_script = "${file("../startup/startup.sh")}"
48 |
49 | /* Network --------------------------------------------------------------------- */
50 | network_interface {
51 | network = google_compute_network.vpc.name
52 | subnetwork = google_compute_subnetwork.network_subnet.name
53 | access_config {
54 | }
55 | }
56 |
57 | /* Options --------------------------------------------------------------------- */
58 | scheduling {
59 | automatic_restart = true
60 | }
61 |
62 | lifecycle {
63 | ignore_changes = [attached_disk]
64 | }
65 |
66 | /* File Copy --------------------------------------------------------------------- */
67 | provisioner "file" {
68 | # source file name on the local machine where you execute terraform plan and apply
69 | source = "../compose_files/docker-compose.yaml"
70 | # destination is the file location on the newly created instance
71 | destination = "/home/${var.user}/docker-compose.yaml"
72 | connection {
73 | host = google_compute_instance.gcp-ubnt-vm.network_interface.0.access_config.0.nat_ip
74 | type = "ssh"
75 | # username of the instance would vary for each account refer the OS Login in GCP documentation
76 | user = var.user
77 | timeout = "500s"
78 | private_key = file(var.privatekeypath)
79 | }
80 | # Commands to be executed as the instance gets ready.
81 | # installing nginx
82 | #inline = [
83 | # "sudo /tmp/startupscript.sh"
84 | #]
85 | }
86 |
87 | }
88 |
89 |
--------------------------------------------------------------------------------
/ubnt-vm-output.tf:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## GCP Linux VM - Output ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 | ## Change as Required ##
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 |
7 | output "vm-name" {
8 | value = google_compute_instance.gcp-ubnt-vm.name
9 | }
10 |
11 | output "vm-external-ip" {
12 | value = google_compute_instance.gcp-ubnt-vm.network_interface.0.access_config.0.nat_ip
13 | }
14 |
15 | output "vm-internal-ip" {
16 | value = google_compute_instance.gcp-ubnt-vm.network_interface.0.network_ip
17 | }
18 |
--------------------------------------------------------------------------------
/ubnt-vm-variables.tf:
--------------------------------------------------------------------------------
1 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
2 | ## GCP Ubuntu VM - Variables ##
3 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
4 | ## Change as Required ##
5 | ##~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~##
6 |
7 | variable "vm_instance_type" {
8 | type = string
9 | description = "VM instance type"
10 | default = "e2-micro"
11 | }
12 |
13 | variable "vm_name" {
14 | type = string
15 | description = "VM name"
16 | }
17 |
18 | variable "privatekeypath" {
19 | type = string
20 | default = "~/.ssh/sshkey"
21 | }
22 |
23 | variable "publickeypath" {
24 | type = string
25 | default = "~/.ssh/sshkey.pub"
26 | }
27 |
28 | variable "user" {
29 | type = string
30 | }
31 |
32 | variable "email" {
33 | type = string
34 | }
--------------------------------------------------------------------------------