provisioning/examples/workspaces/cost-optimized/config.toml

# Cost-Optimized Workspace Configuration
# Multi-provider cost optimization using provider specialization

[workspace]
name = "cost-optimized"
environment = "production"
owner = "platform-team"
description = "Cost-optimized deployment using Hetzner compute, AWS managed services, and DigitalOcean CDN"

# Hetzner Configuration - Compute Tier (Best price/performance)
[providers.hetzner]
enabled = true
token_env = "HCLOUD_TOKEN"
default_location = "nbg1"
default_datacenter = "nbg1-dc8"
provider_type = "primary_compute"

[providers.hetzner.settings]
enable_automount = false
default_volume_format = "ext4"
server_type_default = "cpx21"
region_name = "eu-central"

# AWS Configuration - Managed Services
[providers.aws]
enabled = true
region = "us-east-1"
access_key_env = "AWS_ACCESS_KEY_ID"
secret_key_env = "AWS_SECRET_ACCESS_KEY"
provider_type = "managed_services"

[providers.aws.settings]
multi_az = true
backup_retention_days = 30
enable_performance_insights = true
enable_enhanced_monitoring = true
region_name = "us-east"

# DigitalOcean Configuration - CDN and Storage
[providers.digitalocean]
enabled = true
token_env = "DIGITALOCEAN_TOKEN"
default_region = "nyc3"
provider_type = "cdn_and_storage"

[providers.digitalocean.settings]
enable_monitoring = true
enable_backups = false
spaces_region = "nyc3"
region_name = "us-east-cdn"

# Cost Tracking and Budgets
[cost_tracking]
enabled = true
monthly_budget = 300
budget_alert_threshold = 280

[cost_tracking.regional_budgets]
hetzner = 75
aws = 120
digitalocean = 65

[cost_tracking.optimization_targets]
hetzner_compute = "€20.90/month per CPX21 (vs €45+ for equivalent AWS)"
aws_managed = "$100/month for all managed services (vs $200+ for self-managed)"
digitalocean_cdn = "$64/month for CDN and storage (vs $150+ for CloudFront)"

# Deployment Configuration
[deployment]
strategy = "rolling"
batch_size = 1
health_check_wait = 60
rollback_on_failure = true
order = ["hetzner", "aws", "digitalocean"]

# Networking Configuration
[networking]
enable_vpn_tunnels = true
vpn_protocol = "ipsec"
vpn_encryption = "aes-256"
vpn_authentication = "sha256"

[networking.cidr_blocks]
hetzner = "10.0.0.0/16"
aws = "10.1.0.0/16"

# Monitoring and Alerting
[monitoring]
enabled = true
metric_collection_interval = 60
alert_on_threshold_exceeded = true

[monitoring.thresholds]
cpu = 80
memory = 85
disk = 90
queue_depth = 1000

[monitoring.critical_alerts]
database_cpu_high = { threshold = 75, action = "scale_up", severity = "warning" }
queue_depth_high = { threshold = 1000, action = "alert", severity = "critical" }
cache_eviction_high = { threshold = 10, action = "alert", severity = "warning" }

# Backup Configuration
[backup]
enabled = true
frequency = "daily"
retention_days = 30
compression = true
encryption = true

[backup.strategies]
rds = "AWS managed, 30-day retention"
application = "Weekly Hetzner snapshots"
cdn = "Weekly Spaces backups to secondary region"

# Performance Configuration
[performance]
enable_caching = true
cache_ttl = 3600
cdn_cache_ttl = 86400

[performance.optimization]
database = "Use read replicas for read-heavy workloads"
cache = "ElastiCache Redis for session and data caching"
cdn = "Serve static assets from DigitalOcean CDN"
queue = "SQS for async job processing"

# Scaling Configuration
[scaling]
auto_scale_enabled = true

[scaling.hetzner]
min_instances = 2
max_instances = 5
scale_up_cpu_threshold = 80
scale_down_cpu_threshold = 30

[scaling.aws]
auto_scaling_enabled = false
note = "RDS handles scaling automatically, SQS scales automatically"

# Security Configuration
[security]
enable_encryption = true
enable_monitoring = true
backup_encryption = true

[security.vpn_tunnel]
encryption_algorithm = "AES-256"
authentication = "SHA256"
dh_group = "Group 14"
encryption_integrity = "enabled"

# Application Settings
[application]
app_name = "cost-optimized-app"
version = "1.0"

[application.database]
engine = "postgresql"
version = "14.6"
connection_pool = 20
idle_timeout = 900

[application.cache]
engine = "redis"
version = "7.0"
max_memory = "250MB"
eviction_policy = "allkeys-lru"

[application.queue]
max_message_size = 262144
default_visibility_timeout = 300
long_poll_interval = 20
chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/ 2026-01-08 09:55:37 +00:00			`# Cost-Optimized Workspace Configuration`
			`# Multi-provider cost optimization using provider specialization`

			`[workspace]`
			`name = "cost-optimized"`
			`environment = "production"`
			`owner = "platform-team"`
			`description = "Cost-optimized deployment using Hetzner compute, AWS managed services, and DigitalOcean CDN"`

			`# Hetzner Configuration - Compute Tier (Best price/performance)`
			`[providers.hetzner]`
			`enabled = true`
			`token_env = "HCLOUD_TOKEN"`
			`default_location = "nbg1"`
			`default_datacenter = "nbg1-dc8"`
			`provider_type = "primary_compute"`

			`[providers.hetzner.settings]`
			`enable_automount = false`
			`default_volume_format = "ext4"`
			`server_type_default = "cpx21"`
			`region_name = "eu-central"`

			`# AWS Configuration - Managed Services`
			`[providers.aws]`
			`enabled = true`
			`region = "us-east-1"`
			`access_key_env = "AWS_ACCESS_KEY_ID"`
			`secret_key_env = "AWS_SECRET_ACCESS_KEY"`
			`provider_type = "managed_services"`

			`[providers.aws.settings]`
			`multi_az = true`
			`backup_retention_days = 30`
			`enable_performance_insights = true`
			`enable_enhanced_monitoring = true`
			`region_name = "us-east"`

			`# DigitalOcean Configuration - CDN and Storage`
			`[providers.digitalocean]`
			`enabled = true`
			`token_env = "DIGITALOCEAN_TOKEN"`
			`default_region = "nyc3"`
			`provider_type = "cdn_and_storage"`

			`[providers.digitalocean.settings]`
			`enable_monitoring = true`
			`enable_backups = false`
			`spaces_region = "nyc3"`
			`region_name = "us-east-cdn"`

			`# Cost Tracking and Budgets`
			`[cost_tracking]`
			`enabled = true`
			`monthly_budget = 300`
			`budget_alert_threshold = 280`

			`[cost_tracking.regional_budgets]`
			`hetzner = 75`
			`aws = 120`
			`digitalocean = 65`

			`[cost_tracking.optimization_targets]`
			`hetzner_compute = "€20.90/month per CPX21 (vs €45+ for equivalent AWS)"`
			`aws_managed = "$100/month for all managed services (vs $200+ for self-managed)"`
			`digitalocean_cdn = "$64/month for CDN and storage (vs $150+ for CloudFront)"`

			`# Deployment Configuration`
			`[deployment]`
			`strategy = "rolling"`
			`batch_size = 1`
			`health_check_wait = 60`
			`rollback_on_failure = true`
			`order = ["hetzner", "aws", "digitalocean"]`

			`# Networking Configuration`
			`[networking]`
			`enable_vpn_tunnels = true`
			`vpn_protocol = "ipsec"`
			`vpn_encryption = "aes-256"`
			`vpn_authentication = "sha256"`

			`[networking.cidr_blocks]`
			`hetzner = "10.0.0.0/16"`
			`aws = "10.1.0.0/16"`

			`# Monitoring and Alerting`
			`[monitoring]`
			`enabled = true`
			`metric_collection_interval = 60`
			`alert_on_threshold_exceeded = true`

			`[monitoring.thresholds]`
			`cpu = 80`
			`memory = 85`
			`disk = 90`
			`queue_depth = 1000`

			`[monitoring.critical_alerts]`
			`database_cpu_high = { threshold = 75, action = "scale_up", severity = "warning" }`
			`queue_depth_high = { threshold = 1000, action = "alert", severity = "critical" }`
			`cache_eviction_high = { threshold = 10, action = "alert", severity = "warning" }`

			`# Backup Configuration`
			`[backup]`
			`enabled = true`
			`frequency = "daily"`
			`retention_days = 30`
			`compression = true`
			`encryption = true`

			`[backup.strategies]`
			`rds = "AWS managed, 30-day retention"`
			`application = "Weekly Hetzner snapshots"`
			`cdn = "Weekly Spaces backups to secondary region"`

			`# Performance Configuration`
			`[performance]`
			`enable_caching = true`
			`cache_ttl = 3600`
			`cdn_cache_ttl = 86400`

			`[performance.optimization]`
			`database = "Use read replicas for read-heavy workloads"`
			`cache = "ElastiCache Redis for session and data caching"`
			`cdn = "Serve static assets from DigitalOcean CDN"`
			`queue = "SQS for async job processing"`

			`# Scaling Configuration`
			`[scaling]`
			`auto_scale_enabled = true`

			`[scaling.hetzner]`
			`min_instances = 2`
			`max_instances = 5`
			`scale_up_cpu_threshold = 80`
			`scale_down_cpu_threshold = 30`

			`[scaling.aws]`
			`auto_scaling_enabled = false`
			`note = "RDS handles scaling automatically, SQS scales automatically"`

			`# Security Configuration`
			`[security]`
			`enable_encryption = true`
			`enable_monitoring = true`
			`backup_encryption = true`

			`[security.vpn_tunnel]`
			`encryption_algorithm = "AES-256"`
			`authentication = "SHA256"`
			`dh_group = "Group 14"`
			`encryption_integrity = "enabled"`

			`# Application Settings`
			`[application]`
			`app_name = "cost-optimized-app"`
			`version = "1.0"`

			`[application.database]`
			`engine = "postgresql"`
			`version = "14.6"`
			`connection_pool = 20`
			`idle_timeout = 900`

			`[application.cache]`
			`engine = "redis"`
			`version = "7.0"`
			`max_memory = "250MB"`
			`eviction_policy = "allkeys-lru"`

			`[application.queue]`
			`max_message_size = 262144`
			`default_visibility_timeout = 300`
			`long_poll_interval = 20`