{"id":16162341,"url":"https://github.com/billimek/cloudvm","last_synced_at":"2025-03-18T22:31:03.567Z","repository":{"id":38305185,"uuid":"204791660","full_name":"billimek/cloudvm","owner":"billimek","description":"terraform free-tier google cloud VM for IAP access \u0026 wireguard VPN with pihole","archived":false,"fork":false,"pushed_at":"2020-10-21T18:22:31.000Z","size":19,"stargazers_count":25,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-17T00:09:04.768Z","etag":null,"topics":["googlecloudplatform","pihole","terraform","wireguard"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/billimek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-08-27T21:14:18.000Z","updated_at":"2025-03-14T04:55:02.000Z","dependencies_parsed_at":"2022-09-05T09:10:17.406Z","dependency_job_id":null,"html_url":"https://github.com/billimek/cloudvm","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billimek%2Fcloudvm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billimek%2Fcloudvm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billimek%2Fcloudvm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billimek%2Fcloudvm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/billimek","download_url":"https://codeload.github.com/billimek/cloudvm/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244318493,"owners_count":20433917,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["googlecloudplatform","pihole","terraform","wireguard"],"created_at":"2024-10-10T02:29:48.142Z","updated_at":"2025-03-18T22:31:03.319Z","avatar_url":"https://github.com/billimek.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Using terraform to provision a [free-tier](https://cloud.google.com/free/docs/gcp-free-tier#always-free-usage-limits) google cloud compute engine which will only allow access via Identity-Aware Proxy (IAP) or wireguard VPN\n\nBenefits/Uses of this approach:\n\n* ~~No external-facing IP for a VM~~ cloud NAT isn't yet free tier\n* Essentially https-based SSH access to a VM (via the gcloud-wrapped IAP session)\n* Remote, secure 'home shell' (additional egress charges may apply)\n* Secure https-based ssh proxy to access other remote ssh resources (additional egress charges may apply)\n* pihole-processed DNS queries while connected via wireguard VPN\n\nFor example:\n\n```shell\nexport GOOGLE_CLOUD_KEYFILE_JSON=\"\u003csome google cloud account json file\u003e\"\nterraform init\nterraform apply\n\ngcloud beta compute ssh \\\n  --account \"\u003csome GCP account address\u003e\" \\\\\n  --project \"\u003csome GCP project name\u003e\" \\\\\n  --zone \"us-east1-b\" \\\\\n  --tunnel-through-iap \"\u003csome user\u003e@cloud\"\n```\n\nTo configure a client to use the wireguard VPN via QR Code, ssh to the VM (using the IAP instructions above) and run,\n\n```shell\nqrencode -t ansiutf8 -l L \u003c /etc/wireguard/clients/mobile-wg0.conf\n```\n\n... and scan the generated QR code with your wireguard client.\n\nTo add additional wireguard peers or change the wireguard configuration, ssh to the VM (using the IAP instructions above) and run,\n\n```shell\nsudo /wireguard-server.sh\n```\n\n(requires terraform \u003e= v0.12)\n\n(example of the entire terraform process):\n[![asciicast](https://asciinema.org/a/275480.png)](https://asciinema.org/a/275480?speed=2)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbillimek%2Fcloudvm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbillimek%2Fcloudvm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbillimek%2Fcloudvm/lists"}