A Terraform script to deploy an instance in Google Cloud running under the Always Free tier.

A custom VPC allows for more control over network security. The Terraform script below creates a custom VPC,

• terraform__gcloud-vpc
  • GitHub: github.com/k3karthic/terraform__gcloud-vpc
  • Codeberg: codeberg.org/k3karthic/terraform__gcloud-vpc

The following Ansible playbook covers basic setup for FreeBSD (e.g, swap, fail2ban),

• ansible__freebsd-basic
  • GitHub: github.com/k3karthic/ansible__freebsd-basic
  • Codeberg: codeberg.org/k3karthic/ansible__freebsd-basic

Use a Njalla hostname for the instance using the Ansible playbook below,

• ansible__gcloud-njalla-dns
  • GitHub: github.com/k3karthic/ansible__gcloud-njalla-dns
  • Codeberg: codeberg.org/k3karthic/ansible__gcloud-njalla-dns

• GitHub: github.com/k3karthic/terraform__gcloud-instance
• Codeberg: codeberg.org/k3karthic/terraform__gcloud-instance

1. Create a file to store the Terraform input variables. Use uscentral.tfvars.sample as a reference. Keep uscentral.tfvars as the filename or change the name in the following files,
   1. .gitignore
   2. bin/plan.sh
2. Create a custom VPC and update the subnet name in subnetwork. To skip creating a VPC, use default as the value.
3. Change name if you would like to change the name of the instance.
4. Set project to the name of your Google Cloud Project.
5. Set zone to an available zone in the same region as subnetwork. List of zones by region are at cloud.google.com/compute/docs/regions-zones/#available.
6. Create a hostname in Njalla and update the same in njalla_domain and njalla_domain_id.

Note: Image ID can be found in the release announcement from the FreeBSD website at https://www.freebsd.org/releases/.

Google provider documentation is at registry.terraform.io/providers/hashicorp/google/latest/docs.

Google Cloud Shell can deploy this script without configuration.

Step 1: Use the following command to create a Terraform plan,

$ ./bin/plan.sh

To avoid fetching the latest state of resources, use the following command,

$ ./bin/plan.sh -refresh=false

Step 2: Review the plan using the following command,

$ ./bin/view.sh

Step 3: Apply the plan using the following command,

$ ./bin/apply.sh

Step 4: Display the created instance using the following command,

$ terraform show google_compute_instance.free

Encrypt sensitive files (Terraform input variables, SSH public key and state) before saving them. .gitignore must contain the unencrypted file paths.

Use the following command to decrypt the files after cloning the repository,

$ ./bin/decrypt.sh

Use the following command after running bin/apply.sh to encrypt the updated state files,

$ ./bin/encrypt.sh <gpg key id>