# Cost-Optimized Workspace Configuration
# Multi-provider cost optimization using provider specialization

[workspace]
name = "cost-optimized"
environment = "production"
owner = "platform-team"
description = "Cost-optimized deployment using Hetzner compute, AWS managed services, and DigitalOcean CDN"

# Hetzner Configuration - Compute Tier (Best price/performance)
[providers.hetzner]
enabled = true
token_env = "HCLOUD_TOKEN"
default_location = "nbg1"
default_datacenter = "nbg1-dc8"
provider_type = "primary_compute"

[providers.hetzner.settings]
enable_automount = false
default_volume_format = "ext4"
server_type_default = "cpx21"
region_name = "eu-central"

# AWS Configuration - Managed Services
[providers.aws]
enabled = true
region = "us-east-1"
access_key_env = "AWS_ACCESS_KEY_ID"
secret_key_env = "AWS_SECRET_ACCESS_KEY"
provider_type = "managed_services"

[providers.aws.settings]
multi_az = true
backup_retention_days = 30
enable_performance_insights = true
enable_enhanced_monitoring = true
region_name = "us-east"

# DigitalOcean Configuration - CDN and Storage
[providers.digitalocean]
enabled = true
token_env = "DIGITALOCEAN_TOKEN"
default_region = "nyc3"
provider_type = "cdn_and_storage"

[providers.digitalocean.settings]
enable_monitoring = true
enable_backups = false
spaces_region = "nyc3"
region_name = "us-east-cdn"

# Cost Tracking and Budgets
[cost_tracking]
enabled = true
monthly_budget = 300
budget_alert_threshold = 280

[cost_tracking.regional_budgets]
hetzner = 75
aws = 120
digitalocean = 65

[cost_tracking.optimization_targets]
hetzner_compute = "€20.90/month per CPX21 (vs €45+ for equivalent AWS)"
aws_managed = "$100/month for all managed services (vs $200+ for self-managed)"
digitalocean_cdn = "$64/month for CDN and storage (vs $150+ for CloudFront)"

# Deployment Configuration
[deployment]
strategy = "rolling"
batch_size = 1
health_check_wait = 60
rollback_on_failure = true
order = ["hetzner", "aws", "digitalocean"]

# Networking Configuration
[networking]
enable_vpn_tunnels = true
vpn_protocol = "ipsec"
vpn_encryption = "aes-256"
vpn_authentication = "sha256"

[networking.cidr_blocks]
hetzner = "10.0.0.0/16"
aws = "10.1.0.0/16"

# Monitoring and Alerting
[monitoring]
enabled = true
metric_collection_interval = 60
alert_on_threshold_exceeded = true

[monitoring.thresholds]
cpu = 80
memory = 85
disk = 90
queue_depth = 1000

[monitoring.critical_alerts]
database_cpu_high = { threshold = 75, action = "scale_up", severity = "warning" }
queue_depth_high = { threshold = 1000, action = "alert", severity = "critical" }
cache_eviction_high = { threshold = 10, action = "alert", severity = "warning" }

# Backup Configuration
[backup]
enabled = true
frequency = "daily"
retention_days = 30
compression = true
encryption = true

[backup.strategies]
rds = "AWS managed, 30-day retention"
application = "Weekly Hetzner snapshots"
cdn = "Weekly Spaces backups to secondary region"

# Performance Configuration
[performance]
enable_caching = true
cache_ttl = 3600
cdn_cache_ttl = 86400

[performance.optimization]
database = "Use read replicas for read-heavy workloads"
cache = "ElastiCache Redis for session and data caching"
cdn = "Serve static assets from DigitalOcean CDN"
queue = "SQS for async job processing"

# Scaling Configuration
[scaling]
auto_scale_enabled = true

[scaling.hetzner]
min_instances = 2
max_instances = 5
scale_up_cpu_threshold = 80
scale_down_cpu_threshold = 30

[scaling.aws]
auto_scaling_enabled = false
note = "RDS handles scaling automatically, SQS scales automatically"

# Security Configuration
[security]
enable_encryption = true
enable_monitoring = true
backup_encryption = true

[security.vpn_tunnel]
encryption_algorithm = "AES-256"
authentication = "SHA256"
dh_group = "Group 14"
encryption_integrity = "enabled"

# Application Settings
[application]
app_name = "cost-optimized-app"
version = "1.0"

[application.database]
engine = "postgresql"
version = "14.6"
connection_pool = 20
idle_timeout = 900

[application.cache]
engine = "redis"
version = "7.0"
max_memory = "250MB"
eviction_policy = "allkeys-lru"

[application.queue]
max_message_size = 262144
default_visibility_timeout = 300
long_poll_interval = 20