devMachine/main.tf at main · NoxiousAdvance/devMachine · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# Configure the Google Cloud provider
# Ensure you have authenticated to GCP (e.g., using `gcloud auth application-default login`)
# and set your project ID (e.g., `gcloud config set project your-gcp-project-id`)
provider "google" {
  project = "mydevmachine-464202" # REPLACE WITH YOUR GCP PROJECT ID
  region  = "us-central1"         # You can change this to your preferred region
}

# Create a custom firewall rule for SSH and VNC access from specific IPs
resource "google_compute_firewall" "allow_ssh_vnc_from_specific_ips" {
  name     = "allow-ssh-vnc-specific-ips"
  network  = "default"
  priority = 500  # Higher priority than the deny rule (lower number = higher priority)

  allow {
    protocol = "tcp"
    ports    = ["22", "5901", "5902", "6000-6010"]  # SSH, VNC, and X11 ports
  }

  # Your current public IP
  source_ranges = [
    "188.125.181.105/32",  # Your current IP
    # Add more IPs as needed
  ]

  target_tags = ["dev-vm"]
}

# Deny all other SSH and VNC access
resource "google_compute_firewall" "deny_ssh_vnc_default" {
  name     = "deny-ssh-vnc-default"
  network  = "default"
  priority = 1000

  deny {
    protocol = "tcp"
    ports    = ["22", "5901", "5902", "6000-6010"]
  }

  source_ranges = ["0.0.0.0/0"]
  target_tags   = ["dev-vm"]
}

# Define a Google Compute Engine instance
resource "google_compute_instance" "dev_vm" {
  name         = "vscode-gemini-dev-vm"
  machine_type = "t2a-standard-2" # Ampere Altra ARM64 architecture (2 vCPUs, 8 GB RAM)
                                  # Consider "t2a-standard-1" for lighter use (1 vCPU, 4 GB RAM)
                                  # or "t2a-standard-4" for more demanding tasks (4 vCPUs, 16 GB RAM)
  zone         = "us-central1-a" # You can change this to your preferred zone

  # Specify Ampere Altra CPU platform (ARM64)
  min_cpu_platform = "Ampere Altra"

  # Set up the boot disk with Ubuntu 22.04 LTS ARM64
  boot_disk {
    initialize_params {
      image = "ubuntu-os-cloud/ubuntu-2204-lts-arm64"
      size  = 50 # GB - Adjust as needed
    }
  }

  # Allow necessary network access (SSH, HTTP/S if needed later)
  network_interface {
    network = "default" # Use the default VPC network

    access_config {
      # This block allows the VM to have a public IP address for external access (e.g., SSH)
    }
  }

  # Metadata for the startup script
  # This script runs automatically when the VM starts for the first time
  metadata = {
    # The startup-script installs VSCode, C/C++ tools, and Gemini CLI
    startup-script = <<-EOF
      #!/bin/bash
      echo "Starting VM setup..."

      # Update package lists
      sudo apt update -y

      # Install common tools
      sudo apt install -y curl wget git build-essential g++ clang

      # --- Install Desktop Environment and X11 Support ---
      echo "Installing Ubuntu Desktop Environment and X11 support..."
      # Install Ubuntu Desktop (lightweight version)
      sudo apt install -y ubuntu-desktop-minimal
      # Install X11 and VNC server
      sudo apt install -y xorg xserver-xorg-core x11-apps
      sudo apt install -y tightvncserver xfce4 xfce4-goodies
      # Install additional GUI tools
      sudo apt install -y firefox gedit file-manager

      # Configure X11 forwarding in SSH
      sudo sed -i 's/#X11Forwarding no/X11Forwarding yes/' /etc/ssh/sshd_config
      sudo sed -i 's/#X11DisplayOffset 10/X11DisplayOffset 10/' /etc/ssh/sshd_config
      sudo sed -i 's/#X11UseLocalhost yes/X11UseLocalhost no/' /etc/ssh/sshd_config
      sudo systemctl restart ssh

      echo "Desktop environment installation complete."

      # Check architecture and CPU info
      echo "System architecture: $(uname -m)"
      echo "CPU info: $(lscpu | grep 'Model name')"
      echo "Vendor ID: $(lscpu | grep 'Vendor ID')"
      echo "ARM64 Architecture detected - using ARM64 compatible packages"

      # --- Install Visual Studio Code (ARM64 compatible) ---
      echo "Installing VSCode for ARM64 architecture..."
      sudo apt install software-properties-common apt-transport-https wget gpg -y
      # Use the official Microsoft GPG key and repository
      wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg
      sudo install -o root -g root -m 644 packages.microsoft.gpg /etc/apt/trusted.gpg.d/
      sudo sh -c 'echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/trusted.gpg.d/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list'
      sudo apt update -y
      sudo apt install code -y
      echo "VSCode installation complete for ARM64."

      # --- Install Google Cloud SDK (includes Gemini CLI) for ARM64 ---
      echo "Installing Google Cloud SDK for ARM64 architecture..."
      # Download the Linux ARM64 version
      curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-456.0.0-linux-arm.tar.gz
      tar -xf google-cloud-cli-456.0.0-linux-arm.tar.gz
      sudo mv google-cloud-sdk /opt/
      sudo /opt/google-cloud-sdk/install.sh --quiet --path-update=true
      # Add to PATH for all users
      echo 'export PATH="/opt/google-cloud-sdk/bin:$PATH"' | sudo tee -a /etc/profile
      export PATH="/opt/google-cloud-sdk/bin:$PATH"
      # Install additional components
      /opt/google-cloud-sdk/bin/gcloud components install gcloud-crc32c --quiet
      # Clean up
      rm google-cloud-cli-456.0.0-linux-arm.tar.gz
      echo "Google Cloud SDK installation complete for ARM64."

      # --- Install Warp Terminal (Note: Limited ARM64 support) ---
      echo "Installing terminal alternatives for ARM64 architecture..."
      # Warp Terminal has limited ARM64 support, so we'll install alternatives
      # Install modern terminal alternatives that work well on ARM64
      sudo apt install -y terminator tilix

      # Try to install Warp if ARM64 version is available, otherwise skip
      echo "Checking for Warp Terminal ARM64 support..."
      if wget -q --spider https://releases.warp.dev/linux/v0.2024.11.12.08.02.stable_01/warp-terminal_0.2024.11.12.08.02.stable.01_arm64.deb; then
        echo "ARM64 Warp Terminal found, installing..."
        wget -q https://releases.warp.dev/linux/v0.2024.11.12.08.02.stable_01/warp-terminal_0.2024.11.12.08.02.stable.01_arm64.deb
        sudo dpkg -i warp-terminal_0.2024.11.12.08.02.stable.01_arm64.deb || true
        sudo apt-get install -f -y
        rm warp-terminal_0.2024.11.12.08.02.stable.01_arm64.deb
        echo "Warp Terminal installation attempted for ARM64."
      else
        echo "Warp Terminal ARM64 version not available. Installed Terminator and Tilix as alternatives."
        echo "You can use 'terminator' or 'tilix' as modern terminal alternatives."
      fi

      # --- Setup VNC Server ---
      echo "Setting up VNC server..."
      # Create a VNC startup script
      sudo -u $USER mkdir -p /home/$USER/.vnc
      sudo -u $USER tee /home/$USER/.vnc/xstartup > /dev/null <<'VNC_EOF'
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
VNC_EOF
      sudo -u $USER chmod +x /home/$USER/.vnc/xstartup

      # Set a default VNC password (you should change this)
      echo "Setting VNC password..."
      sudo -u $USER mkdir -p /home/$USER/.vnc
      echo "development" | sudo -u $USER vncpasswd -f > /home/$USER/.vnc/passwd
      sudo -u $USER chmod 600 /home/$USER/.vnc/passwd

      # Create VNC service
      sudo tee /etc/systemd/system/vncserver@.service > /dev/null <<'SERVICE_EOF'
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=%i
Group=%i
WorkingDirectory=/home/%i

PIDFile=/home/%i/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x1024 :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target
SERVICE_EOF

      echo "Desktop environment and VNC setup complete."
      echo "VNC Password: development (please change after first login)"
      echo "VM setup complete. You can now SSH into the VM with X11 forwarding or use VNC."
    EOF
  }

  # Network tags for firewall rules
  tags = ["dev-vm"]

  # Allow SSH access
  allow_stopping_for_update = true # Allows Terraform to stop/start the VM for updates
}

# Output the external IP address of the VM for easy access
output "external_ip_address" {
  value       = google_compute_instance.dev_vm.network_interface[0].access_config[0].nat_ip
  description = "The external IP address of the development VM."
}