dumontix/forgejo-autohebergement
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
forgejo-autohebergement/terraform/scaleway/storage/terragrunt.hcl
Horacio Duran 822e42dbb8 Add Template to deploy forgejo. 
This template allows deploying a forgejo en either Scaleway or Hetzner
(untested) without much knowledge about them.
It DOES require knowledge about Terragrunt and ansible. A wizard of
sorts is provided but it will not guarantee success without some
knowledge about the underlying technology.
2026-01-09 16:07:44 +01:00

154 lines
3.4 KiB
HCL
Raw Blame History

# Include root configuration
include "root" {
path = find_in_parent_folders("root.hcl")
}
# Terragrunt configuration
terraform {
source = "."
}
# Generate the storage Terraform configuration
generate "main" {
path = "main.tf"
if_exists = "overwrite"
contents = <<EOF
# Scaleway Object Storage for Forgejo
variable "project_name" {
description = "Project name"
type = string
}
variable "environment" {
description = "Environment name"
type = string
}
variable "region" {
description = "Scaleway region"
type = string
}
variable "common_tags" {
description = "Common tags for all resources"
type = map(string)
}
# Object Storage Bucket for Git LFS and Artifacts
resource "scaleway_object_bucket" "forgejo_lfs" {
name = "$${var.project_name}-$${var.environment}-lfs"
region = var.region
tags = var.common_tags
# Enable versioning for data protection
versioning {
enabled = true
}
# Lifecycle rules to manage storage costs
lifecycle_rule {
id = "delete-old-versions"
enabled = true
expiration {
days = 90
}
noncurrent_version_expiration {
days = 30
}
}
}
# Object Storage Bucket for Backups
resource "scaleway_object_bucket" "forgejo_backups" {
name = "$${var.project_name}-$${var.environment}-backups"
region = var.region
tags = var.common_tags
versioning {
enabled = true
}
# Keep backups for 30 days
lifecycle_rule {
id = "expire-old-backups"
enabled = true
expiration {
days = 30
}
}
}
# Access Key for application usage
resource "scaleway_iam_application" "forgejo" {
name = "$${var.project_name}-$${var.environment}"
description = "Application credentials for Forgejo object storage"
tags = [for k, v in var.common_tags : "$${k}=$${v}"]
}
resource "scaleway_iam_api_key" "forgejo" {
application_id = scaleway_iam_application.forgejo.id
description = "API key for Forgejo object storage access"
}
# Policy for bucket access
resource "scaleway_iam_policy" "forgejo_storage" {
name = "$${var.project_name}-$${var.environment}-storage-policy"
description = "Policy for Forgejo storage buckets"
application_id = scaleway_iam_application.forgejo.id
rule {
project_ids = [data.scaleway_account_project.main.id]
permission_set_names = ["ObjectStorageFullAccess"]
}
}
data "scaleway_account_project" "main" {
name = var.project_name
}
# Outputs
output "lfs_bucket_name" {
description = "LFS bucket name"
value = scaleway_object_bucket.forgejo_lfs.name
}
output "lfs_bucket_endpoint" {
description = "LFS bucket endpoint"
value = scaleway_object_bucket.forgejo_lfs.endpoint
}
output "backup_bucket_name" {
description = "Backup bucket name"
value = scaleway_object_bucket.forgejo_backups.name
}
output "backup_bucket_endpoint" {
description = "Backup bucket endpoint"
value = scaleway_object_bucket.forgejo_backups.endpoint
}
output "access_key" {
description = "Access key for object storage"
value = scaleway_iam_api_key.forgejo.access_key
sensitive = true
}
output "secret_key" {
description = "Secret key for object storage"
value = scaleway_iam_api_key.forgejo.secret_key
sensitive = true
}
output "s3_region" {
description = "S3-compatible region"
value = var.region
}
EOF
}
View git blame Copy permalink