"As a developer, I want to quickly stand up and tear down a Linux server with some sane defaults so I can have a reasonably secure sandbox to play around in and get on with my projects."
Deploy a DigitalOcean droplet (Linux VM) with some basic security using terraform and cloud-init.
This will create a droplet in its own VPC with a static IP and a network firewall with an ssh inbound rule tied to your local public IP. The droplet will also have a passwordless sudo user, and the following will be disabled:
- password auth
- root login
- x11 forwarding
The default SSH port is also changed, and the OS packages should be fully up to date. Everything is variable-ized so feel free to change anything you want. The cloud-init.sh
file can be expanded quite a lot (for example, add as many packages as you want in the apt install
line).
Note: this assumes you're going to run a Debian or Ubuntu VM. If you want to run a different distro, further changes may be needed in cloud-init.sh
and you'll need to change the droplet_image
var in variables.tf
I intentionally chose the cheapest droplet ($4/month) as a starting point, feel free to change the droplet size to whatever you want (see Helpful Stuff at the bottom).
- Create a Digital Ocean account
- Create a Personal Access Token (PAT) and store it somewhere safe
- Create a local ssh key pair (defaults are fine):
ssh-keygen
- Install terraform and make sure it's in your
$PATH
- Clone repo, and go into directory
cd simple-vm-tf
- Change variables as needed in
variables.tf
andcloud-init.sh
- Set a local environment variable for your DO PAT (optional)
export TF_VAR_do_pat=<PASTE PAT HERE>
- Initialize terraform
terraform init
- Run the plan
terraform plan
- Create all resources
terraform apply # enter yes to confirm
- Log into the DO web console, and copy the reserved IP located in Networking > Reserved IPs (alternatively, if you've installed doctl you can run
doctl compute reserved-ip list
to grab the reserved IP) - Connect to the instance (change values as needed)
ssh -p <SSH PORT> <USERNAME>@<RESERVED IP>
# e.g. given the defaults in the scripts:
ssh -p 55022 yoloadmin@<RESERVED IP>
Note: It might take a couple minutes for everything to be provisioned and cloud-init to complete all its tasks before you can ssh in.
- Once connected, check if cloud-init completed successfully:
cloud-init status
. You can also check the cloud-init logs withless /var/log/cloud-init-output.log
terraform destroy # enter yes to confirm
On your local machine, create a new file in this location: ~/.ssh/config
And paste the following (change values as needed):
Host do
HostName <RESERVED IP>
User <USERNAME>
Port <SSH PORT>
IdentityFile /path/to/private/ssh/key
Then you can run this to connect to your droplet: ssh do
You can view all this information here or alternatively, do the following:
- Install doctl
- Authenticate with your PAT:
doctl auth init
- To get droplet size name list:
doctl compute size list
- To get droplet image name list:
doctl compute image list --public
- To get droplet region name list:
doctl compute region list