Add Template to deploy forgejo.

This template allows deploying a forgejo en either Scaleway or Hetzner
(untested) without much knowledge about them.
It DOES require knowledge about Terragrunt and ansible. A wizard of
sorts is provided but it will not guarantee success without some
knowledge about the underlying technology.

terraform/scaleway/storage/terragrunt.hcl

@@ -0,0 +1,154 @@
+# Include root configuration
+include "root" {
+  path = find_in_parent_folders("root.hcl")
+}
+
+# Terragrunt configuration
+terraform {
+  source = "."
+}
+
+# Generate the storage Terraform configuration
+generate "main" {
+  path      = "main.tf"
+  if_exists = "overwrite"
+  contents  = <<EOF
+# Scaleway Object Storage for Forgejo
+
+variable "project_name" {
+  description = "Project name"
+  type        = string
+}
+
+variable "environment" {
+  description = "Environment name"
+  type        = string
+}
+
+variable "region" {
+  description = "Scaleway region"
+  type        = string
+}
+
+variable "common_tags" {
+  description = "Common tags for all resources"
+  type        = map(string)
+}
+
+# Object Storage Bucket for Git LFS and Artifacts
+resource "scaleway_object_bucket" "forgejo_lfs" {
+  name   = "$${var.project_name}-$${var.environment}-lfs"
+  region = var.region
+  
+  tags = var.common_tags
+  
+  # Enable versioning for data protection
+  versioning {
+    enabled = true
+  }
+  
+  # Lifecycle rules to manage storage costs
+  lifecycle_rule {
+    id      = "delete-old-versions"
+    enabled = true
+    
+    expiration {
+      days = 90
+    }
+    
+    noncurrent_version_expiration {
+      days = 30
+    }
+  }
+}
+
+# Object Storage Bucket for Backups
+resource "scaleway_object_bucket" "forgejo_backups" {
+  name   = "$${var.project_name}-$${var.environment}-backups"
+  region = var.region
+  
+  tags = var.common_tags
+  
+  versioning {
+    enabled = true
+  }
+  
+  # Keep backups for 30 days
+  lifecycle_rule {
+    id      = "expire-old-backups"
+    enabled = true
+    
+    expiration {
+      days = 30
+    }
+  }
+}
+
+# Access Key for application usage
+resource "scaleway_iam_application" "forgejo" {
+  name        = "$${var.project_name}-$${var.environment}"
+  description = "Application credentials for Forgejo object storage"
+  
+  tags = [for k, v in var.common_tags : "$${k}=$${v}"]
+}
+
+resource "scaleway_iam_api_key" "forgejo" {
+  application_id = scaleway_iam_application.forgejo.id
+  description    = "API key for Forgejo object storage access"
+}
+
+# Policy for bucket access
+resource "scaleway_iam_policy" "forgejo_storage" {
+  name           = "$${var.project_name}-$${var.environment}-storage-policy"
+  description    = "Policy for Forgejo storage buckets"
+  application_id = scaleway_iam_application.forgejo.id
+  
+  rule {
+    project_ids          = [data.scaleway_account_project.main.id]
+    permission_set_names = ["ObjectStorageFullAccess"]
+  }
+}
+
+data "scaleway_account_project" "main" {
+  name = var.project_name
+}
+
+# Outputs
+output "lfs_bucket_name" {
+  description = "LFS bucket name"
+  value       = scaleway_object_bucket.forgejo_lfs.name
+}
+
+output "lfs_bucket_endpoint" {
+  description = "LFS bucket endpoint"
+  value       = scaleway_object_bucket.forgejo_lfs.endpoint
+}
+
+output "backup_bucket_name" {
+  description = "Backup bucket name"
+  value       = scaleway_object_bucket.forgejo_backups.name
+}
+
+output "backup_bucket_endpoint" {
+  description = "Backup bucket endpoint"
+  value       = scaleway_object_bucket.forgejo_backups.endpoint
+}
+
+output "access_key" {
+  description = "Access key for object storage"
+  value       = scaleway_iam_api_key.forgejo.access_key
+  sensitive   = true
+}
+
+output "secret_key" {
+  description = "Secret key for object storage"
+  value       = scaleway_iam_api_key.forgejo.secret_key
+  sensitive   = true
+}
+
+output "s3_region" {
+  description = "S3-compatible region"
+  value       = var.region
+}
+EOF
+}