{"id":28208842,"url":"https://github.com/healscodes/ephemeral-devbox","last_synced_at":"2026-02-15T12:38:44.289Z","repository":{"id":288440920,"uuid":"968105184","full_name":"HealsCodes/ephemeral-devbox","owner":"HealsCodes","description":"Ephemeral on-demand development server with a persistent, encrypted $HOME (#scaleway, #terraform, #tailscale)","archived":false,"fork":false,"pushed_at":"2025-04-17T15:07:23.000Z","size":11,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-07T00:27:10.796Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit-0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HealsCodes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-17T14:12:23.000Z","updated_at":"2025-09-19T10:42:42.000Z","dependencies_parsed_at":"2025-04-18T05:03:07.171Z","dependency_job_id":"a5dae422-f844-48cd-9c4d-ad1f7d08bb41","html_url":"https://github.com/HealsCodes/ephemeral-devbox","commit_stats":null,"previous_names":["healscodes/ephemeral-devbox"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/HealsCodes/ephemeral-devbox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HealsCodes%2Fephemeral-devbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HealsCodes%2Fephemeral-devbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HealsCodes%2Fephemeral-devbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HealsCodes%2Fephemeral-devbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HealsCodes","download_url":"https://codeload.github.com/HealsCodes/ephemeral-devbox/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HealsCodes%2Fephemeral-devbox/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29478355,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-15T11:35:25.641Z","status":"ssl_error","status_checked_at":"2026-02-15T11:34:57.128Z","response_time":118,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-17T15:12:50.286Z","updated_at":"2026-02-15T12:38:44.284Z","avatar_url":"https://github.com/HealsCodes.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Ephemeral DevBox with persistent $HOME on Scaleway + terraform + Tailscale\n\nThis little toy repo implements an ephemeral development system with a peristent,\nencrypted $HOME and secure access via Tailscale.\n\nI built it as a more flexible alternative to GitPod / CodeSpaces since a good deal\nof the time I might have my iPad around but not my MacBook and having access (mosh/ssh/vscode-tunnel!)\nto a full fleged linux system while on-the-go withough having to permanantly rent\na server and creating only monthly costs in the \u003c1ct range if unused seemed like a fun idea.\n\n\n### Prerequisites\n- Accounts:\n  - Scaleway\n  - Tailscale\n\n- Local tools:\n  - scaleway-cli\n  - terraform / opentofu\n\n- Credentials:\n  - Scaleway API-Key/Secret\n  - Tailscale OAuth-Client Key/Secret with \"auth_keys\" scope\n\n#### Checkout prep\nAfter cloning the repositoty you neeed to initialise terraform once:\n\n`terraform init`\n\nNext, rename `terraform.tfvars.example` to `terraform.tfvars` and ajust the values to match your setup.\n\nFinally, run `terraform plan` (this step needs to be repeated whenever you change the .tfvars)\n\n#### Scaleway prep\nThe one step I clound't automate yet is the required initial snapshot used to\nsetup the user's persistent $HOME.\n\nThis can however easily be done using the scaleway cli (make sure to use the same name as you set for scw_persistent_data_name):\n\n```bash\n# create a temporary block storage volume the the desired size for your $HOME\n# and set tmp_block_id to it's UUID\n# In this case it'll be 5k IOPS and 25G in size - adjust as desired\n\ntmp_block_id=$(scw block volume create perf-iops=5000 from-empty.size=25G | awk '/^ID/{ print $2 }')\n\n# create the initial - empty - snapshot from our storage\n\nscw block snapshot create volume_id=$tmp_block_id name=same-as-scw_persistent_data_name\n\n# remove the block volume\nscw block volume delete $tmp_block_id\n```\n\n### Usage\n\nTo start the devbox instance run `terraform apply -auto-approve`.\nIf terraform reported no issues it should only take a minute or two until your devbox appears in you tailnet and accessible via tailnet-SSH.\n\nTo destroy the devbox instance run `terraform destroy -auto-approve`.\n\n_It might take a few minutes for the devbox to be removed from your tailnet and starting a new instance in the meantime\nmight lead to \u003chostname\u003e-2, \u003chostname\u003e-3, ... situations._\n\n_I'm looking into improving this behaviour_\n\n### Optional extras\n\n#### VSCode Tunnel\ncloud-init will take care of preparing the system and also installs vscode-cli with an enabled code-tunnel service.\n\nFor this to be usable you will have to authenticate the tunnel once by performing these steps:\n\n- run `terrafrom plan \u0026\u0026 terraform apply` if you haven't yet\n- log into the devbox\n- `sudo systemctl stop code-tunnel@$USER`\n- `/snap/bin/code tunnel`\n- follow the on-screen instructions to authenticate the tunnel\n- Ctrl+C to stop code-tunnel\n- `sudo systemctl start code-tunnel@$USER`\n\nAfter these steps your code tunnel shoul be up and reachable as https://vscode.dev/tunnel/$HOST-$USER (so depending on whatever you set as variables for terraform).\nThis state is als persisted in the user's home directory and will survive restarts of the environment.\n\n### Security Stuff\n\n\u003e Is the instance exposed to the internet in any way?\n\nNo, the only open port is the default wireguard port for tailscale.\n\n\u003e Is the data inside of my $HOME safe?\n\nAs safe as you make the `persistent_data_key` in your terraform.tfvars.\nOn first lauch the block volume serving your $HOME is formatted using cyptsetup LUKS2 before anything is stored in it.\nWhile the devbox is offline all data for that volume resides in an encrypted snapshot on Scaleway's datacenter in Paris.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhealscodes%2Fephemeral-devbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhealscodes%2Fephemeral-devbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhealscodes%2Fephemeral-devbox/lists"}