# Cost-Optimized Workspace Configuration
# Multi-provider cost optimization using provider specialization

[workspace]
description = "Cost-optimized deployment using Hetzner compute, AWS managed services, and DigitalOcean CDN"
environment = "production"
name = "cost-optimized"
owner = "platform-team"

# Hetzner Configuration - Compute Tier (Best price/performance)
[providers.hetzner]
default_datacenter = "nbg1-dc8"
default_location = "nbg1"
enabled = true
provider_type = "primary_compute"
token_env = "HCLOUD_TOKEN"

  [providers.hetzner.settings]
  default_volume_format = "ext4"
  enable_automount = false
  region_name = "eu-central"
  server_type_default = "cpx21"

# AWS Configuration - Managed Services
[providers.aws]
access_key_env = "AWS_ACCESS_KEY_ID"
enabled = true
provider_type = "managed_services"
region = "us-east-1"
secret_key_env = "AWS_SECRET_ACCESS_KEY"

  [providers.aws.settings]
  backup_retention_days = 30
  enable_enhanced_monitoring = true
  enable_performance_insights = true
  multi_az = true
  region_name = "us-east"

# DigitalOcean Configuration - CDN and Storage
[providers.digitalocean]
default_region = "nyc3"
enabled = true
provider_type = "cdn_and_storage"
token_env = "DIGITALOCEAN_TOKEN"

  [providers.digitalocean.settings]
  enable_backups = false
  enable_monitoring = true
  region_name = "us-east-cdn"
  spaces_region = "nyc3"

# Cost Tracking and Budgets
[cost_tracking]
budget_alert_threshold = 280
enabled = true
monthly_budget = 300

  [cost_tracking.regional_budgets]
  aws = 120
  digitalocean = 65
  hetzner = 75

  [cost_tracking.optimization_targets]
  aws_managed = "$100/month for all managed services (vs $200+ for self-managed)"
  digitalocean_cdn = "$64/month for CDN and storage (vs $150+ for CloudFront)"
  hetzner_compute = "€20.90/month per CPX21 (vs €45+ for equivalent AWS)"

# Deployment Configuration
[deployment]
batch_size = 1
health_check_wait = 60
order = ["hetzner", "aws", "digitalocean"]
rollback_on_failure = true
strategy = "rolling"

# Networking Configuration
[networking]
enable_vpn_tunnels = true
vpn_authentication = "sha256"
vpn_encryption = "aes-256"
vpn_protocol = "ipsec"

  [networking.cidr_blocks]
  aws = "10.1.0.0/16"
  hetzner = "10.0.0.0/16"

# Monitoring and Alerting
[monitoring]
alert_on_threshold_exceeded = true
enabled = true
metric_collection_interval = 60

  [monitoring.thresholds]
  cpu = 80
  disk = 90
  memory = 85
  queue_depth = 1000

  [monitoring.critical_alerts]
  cache_eviction_high = { threshold = 10, action = "alert", severity = "warning" }
  database_cpu_high = { threshold = 75, action = "scale_up", severity = "warning" }
  queue_depth_high = { threshold = 1000, action = "alert", severity = "critical" }

# Backup Configuration
[backup]
compression = true
enabled = true
encryption = true
frequency = "daily"
retention_days = 30

  [backup.strategies]
  application = "Weekly Hetzner snapshots"
  cdn = "Weekly Spaces backups to secondary region"
  rds = "AWS managed, 30-day retention"

# Performance Configuration
[performance]
cache_ttl = 3600
cdn_cache_ttl = 86400
enable_caching = true

  [performance.optimization]
  cache = "ElastiCache Redis for session and data caching"
  cdn = "Serve static assets from DigitalOcean CDN"
  database = "Use read replicas for read-heavy workloads"
  queue = "SQS for async job processing"

# Scaling Configuration
[scaling]
auto_scale_enabled = true

  [scaling.hetzner]
  max_instances = 5
  min_instances = 2
  scale_down_cpu_threshold = 30
  scale_up_cpu_threshold = 80

  [scaling.aws]
  auto_scaling_enabled = false
  note = "RDS handles scaling automatically, SQS scales automatically"

# Security Configuration
[security]
backup_encryption = true
enable_encryption = true
enable_monitoring = true

  [security.vpn_tunnel]
  authentication = "SHA256"
  dh_group = "Group 14"
  encryption_algorithm = "AES-256"
  encryption_integrity = "enabled"

# Application Settings
[application]
app_name = "cost-optimized-app"
version = "1.0"

  [application.database]
  connection_pool = 20
  engine = "postgresql"
  idle_timeout = 900
  version = "14.6"

  [application.cache]
  engine = "redis"
  eviction_policy = "allkeys-lru"
  max_memory = "250MB"
  version = "7.0"

  [application.queue]
  default_visibility_timeout = 300
  long_poll_interval = 20
  max_message_size = 262144