# Enterprise Production Configuration
#
# Full-featured production deployment with observability
# Suitable for: Production environments, enterprise deployments, high availability

# Installation metadata
installation_id = "enterprise-prod-20250106"
verbose = true
fail_fast = false  # Continue on non-critical errors
cleanup_on_failure = false  # Keep state for debugging

# Paths
provisioning_path = "/usr/local/bin/provisioning"
work_dir = "/opt/provisioning"

# Deployment configuration
[deployment]
platform = "Kubernetes"
mode = "Enterprise"
domain = "provisioning.example.com"
auto_generate_secrets = true

# Core services
[[deployment.services]]
name = "orchestrator"
description = "Task coordination engine"
port = 8080
enabled = true
required = true

[[deployment.services]]
name = "control-center"
description = "Web UI dashboard"
port = 8081
enabled = true
required = true

[[deployment.services]]
name = "coredns"
description = "DNS service"
port = 5353
enabled = true
required = true

# Enterprise services
[[deployment.services]]
name = "gitea"
description = "Git server"
port = 3000
enabled = true
required = true

[[deployment.services]]
name = "postgres"
description = "Production database"
port = 5432
enabled = true
required = true

[[deployment.services]]
name = "api-server"
description = "REST API server"
port = 8083
enabled = true
required = true

[[deployment.services]]
name = "harbor"
description = "Harbor OCI Registry"
port = 5000
enabled = true
required = true

[[deployment.services]]
name = "kms"
description = "Cosmian KMS for secrets"
port = 9998
enabled = true
required = true

# Observability stack
[[deployment.services]]
name = "prometheus"
description = "Metrics collection"
port = 9090
enabled = true
required = true

[[deployment.services]]
name = "grafana"
description = "Metrics dashboards"
port = 3001
enabled = true
required = true

[[deployment.services]]
name = "loki"
description = "Log aggregation"
port = 3100
enabled = true
required = true

[[deployment.services]]
name = "nginx"
description = "Reverse proxy and load balancer"
port = 80
enabled = true
required = true

[[deployment.services]]
name = "mcp-server"
description = "Model Context Protocol"
port = 8084
enabled = true
required = false

[[deployment.services]]
name = "api-gateway"
description = "API Gateway with rate limiting"
port = 8085
enabled = true
required = true

# Production webhook notifications (example with PagerDuty)
[notifications]
webhook_url = "https://events.pagerduty.com/v2/enqueue"
notify_progress = false  # Only critical notifications in production
notify_completion = true
notify_failure = true
retry_attempts = 5

[notifications.headers]
Content-Type = "application/json"
Authorization = "Token token=${PAGERDUTY_API_KEY}"
X-Routing-Key = "${PAGERDUTY_ROUTING_KEY}"

# Production environment variables
[env_vars]
LOG_LEVEL = "info"
ENABLE_DEBUG = "false"
PROVISIONING_MODE = "production"

# Database settings
POSTGRES_MAX_CONNECTIONS = "500"
POSTGRES_SHARED_BUFFERS = "2GB"
POSTGRES_EFFECTIVE_CACHE_SIZE = "6GB"

# API settings
API_RATE_LIMIT = "5000"
API_MAX_REQUEST_SIZE = "10MB"
API_TIMEOUT = "30s"

# Security settings
ENABLE_TLS = "true"
TLS_MIN_VERSION = "1.3"
ENABLE_MTLS = "true"
ENABLE_AUDIT_LOG = "true"

# Monitoring settings
PROMETHEUS_RETENTION = "30d"
GRAFANA_ENABLE_ALERTS = "true"
LOKI_RETENTION = "90d"

# High availability settings
ENABLE_HA = "true"
REPLICA_COUNT = "3"
ENABLE_AUTO_SCALING = "true"
MIN_REPLICAS = "3"
MAX_REPLICAS = "10"