Google Compute Engine (Linux)

1terraform {
2  required_providers {
3    coder = {
4      source = "coder/coder"
5    }
6    google = {
7      source = "hashicorp/google"
8    }
9  }
10}
11
12provider "coder" {
13}
14
15variable "project_id" {
16  description = "Which Google Compute Project should your workspace live in?"
17}
18
19data "coder_parameter" "zone" {
20  name         = "zone"
21  display_name = "Zone"
22  description  = "Which zone should your workspace live in?"
23  type         = "string"
24  icon         = "/emojis/1f30e.png"
25  default      = "us-central1-a"
26  mutable      = false
27  option {
28    name  = "North America (Northeast)"
29    value = "northamerica-northeast1-a"
30    icon  = "/emojis/1f1fa-1f1f8.png"
31  }
32  option {
33    name  = "North America (Central)"
34    value = "us-central1-a"
35    icon  = "/emojis/1f1fa-1f1f8.png"
36  }
37  option {
38    name  = "North America (West)"
39    value = "us-west2-c"
40    icon  = "/emojis/1f1fa-1f1f8.png"
41  }
42  option {
43    name  = "Europe (West)"
44    value = "europe-west4-b"
45    icon  = "/emojis/1f1ea-1f1fa.png"
46  }
47  option {
48    name  = "South America (East)"
49    value = "southamerica-east1-a"
50    icon  = "/emojis/1f1e7-1f1f7.png"
51  }
52}
53
54provider "google" {
55  zone    = data.coder_parameter.zone.value
56  project = var.project_id
57}
58
59data "google_compute_default_service_account" "default" {
60}
61
62data "coder_workspace" "me" {
63}
64
65resource "google_compute_disk" "root" {
66  name  = "coder-${data.coder_workspace.me.id}-root"
67  type  = "pd-ssd"
68  zone  = data.coder_parameter.zone.value
69  image = "debian-cloud/debian-11"
70  lifecycle {
71    ignore_changes = [name, image]
72  }
73}
74
75resource "coder_agent" "main" {
76  auth           = "google-instance-identity"
77  arch           = "amd64"
78  os             = "linux"
79  startup_script = <<-EOT
80    set -e
81
82    # install and start code-server
83    curl -fsSL https://code-server.dev/install.sh | sh -s -- --method=standalone --prefix=/tmp/code-server --version 4.11.0
84    /tmp/code-server/bin/code-server --auth none --port 13337 >/tmp/code-server.log 2>&1 &
85  EOT
86
87  metadata {
88    key          = "cpu"
89    display_name = "CPU Usage"
90    interval     = 5
91    timeout      = 5
92    script       = <<-EOT
93      #!/bin/bash
94      set -e
95      top -bn1 | grep "Cpu(s)" | awk '{print $2 + $4 "%"}'
96    EOT
97  }
98  metadata {
99    key          = "memory"
100    display_name = "Memory Usage"
101    interval     = 5
102    timeout      = 5
103    script       = <<-EOT
104      #!/bin/bash
105      set -e
106      free -m | awk 'NR==2{printf "%.2f%%\t", $3*100/$2 }'
107    EOT
108  }
109  metadata {
110    key          = "disk"
111    display_name = "Disk Usage"
112    interval     = 600 # every 10 minutes
113    timeout      = 30  # df can take a while on large filesystems
114    script       = <<-EOT
115      #!/bin/bash
116      set -e
117      df /home/coder | awk '$NF=="/"{printf "%s", $5}'
118    EOT
119  }
120}
121
122# code-server
123resource "coder_app" "code-server" {
124  agent_id     = coder_agent.main.id
125  slug         = "code-server"
126  display_name = "code-server"
127  icon         = "/icon/code.svg"
128  url          = "http://localhost:13337?folder=/home/coder"
129  subdomain    = false
130  share        = "owner"
131
132  healthcheck {
133    url       = "http://localhost:13337/healthz"
134    interval  = 3
135    threshold = 10
136  }
137}
138
139resource "google_compute_instance" "dev" {
140  zone         = data.coder_parameter.zone.value
141  count        = data.coder_workspace.me.start_count
142  name         = "coder-${lower(data.coder_workspace.me.owner)}-${lower(data.coder_workspace.me.name)}-root"
143  machine_type = "e2-medium"
144  network_interface {
145    network = "default"
146    access_config {
147      // Ephemeral public IP
148    }
149  }
150  boot_disk {
151    auto_delete = false
152    source      = google_compute_disk.root.name
153  }
154  service_account {
155    email  = data.google_compute_default_service_account.default.email
156    scopes = ["cloud-platform"]
157  }
158  # The startup script runs as root with no $HOME environment set up, so instead of directly
159  # running the agent init script, create a user (with a homedir, default shell and sudo
160  # permissions) and execute the init script as that user.
161  metadata_startup_script = <<EOMETA
162#!/usr/bin/env sh
163set -eux
164
165# If user does not exist, create it and set up passwordless sudo
166if ! id -u "${local.linux_user}" >/dev/null 2>&1; then
167  useradd -m -s /bin/bash "${local.linux_user}"
168  echo "${local.linux_user} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/coder-user
169fi
170
171exec sudo -u "${local.linux_user}" sh -c '${coder_agent.main.init_script}'
172EOMETA
173}
174
175locals {
176  # Ensure Coder username is a valid Linux username
177  linux_user = lower(substr(data.coder_workspace.me.owner, 0, 32))
178}
179
180resource "coder_metadata" "workspace_info" {
181  count       = data.coder_workspace.me.start_count
182  resource_id = google_compute_instance.dev[0].id
183
184  item {
185    key   = "type"
186    value = google_compute_instance.dev[0].machine_type
187  }
188}
189
190resource "coder_metadata" "home_info" {
191  resource_id = google_compute_disk.root.id
192
193  item {
194    key   = "size"
195    value = "${google_compute_disk.root.size} GiB"
196  }
197}
198