# Orchestrator Configuration Example - Enterprise Deployment Mode
#
# This example shows large-scale enterprise deployments with full HA,
# 3 replicas, distributed storage, and comprehensive monitoring.
#
# Usage:
#   nickel export --format toml orchestrator.enterprise.example.ncl > orchestrator.enterprise.toml
#   nickel export --format json orchestrator.enterprise.example.ncl | jq

{
  workspace = {
    root_path = "/var/provisioning/workspace",
    data_path = "/mnt/provisioning/workspace/data",
    state_path = "/mnt/provisioning/workspace/state",
    cache_path = "/var/cache/provisioning",
    isolation_level = 'kubernetes,
    execution_mode = 'distributed,
  },

  server = {
    address = "0.0.0.0",
    port = 8080,
    tls = true,
    tls_cert = "/etc/provisioning/certs/server.crt",
    tls_key = "/etc/provisioning/certs/server.key",
    tls_client_cert = "/etc/provisioning/certs/client-ca.crt",
    tls_require_client_cert = true,
    cors = {
      enabled = true,
      allowed_origins = [
        "https://control-center.production.svc:8081",
        "https://api.provisioning.example.com",
      ],
      allowed_methods = ["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD"],
    },
    rate_limiting = {
      enabled = true,
      requests_per_second = 5000,
      burst_size = 500,
    },
    request_timeout = 30000,
    keepalive_timeout = 75000,
  },

  storage = {
    backend = 's3,
    s3 = {
      bucket = "provisioning-enterprise",
      region = "us-east-1",
      endpoint = "https://s3.us-east-1.amazonaws.com",
    },
    max_size = 1099511627776,  # 1TB
    cache_enabled = true,
    cache_ttl = 14400,  # 4 hours
    replication = {
      enabled = true,
      regions = ["us-west-2"],
    },
  },

  queue = {
    max_concurrent_tasks = 100,
    retry_attempts = 7,
    retry_delay = 30000,
    retry_backoff = 'exponential,
    task_timeout = 14400000,  # 4 hours
    persist = true,
    dead_letter_queue = {
      enabled = true,
      max_size = 100000,
      retention_days = 30,
    },
    priority_queue = true,
    metrics = true,
    distributed = true,
    redis = {
      cluster = "redis-provisioning",
      nodes = ["redis-1", "redis-2", "redis-3"],
    },
  },

  database = {
    host = "postgres-primary.provisioning.svc",
    port = 5432,
    username = "provisioning",
    pool_size = 50,
    pool_idle_timeout = 900,
    connection_timeout = 30000,
    ssl = true,
  },

  logging = {
    level = 'info,
    format = 'json,
    output = 'file,
    file = "/var/log/provisioning/orchestrator.log",
    max_size = 1073741824,  # 1GB
    retention_days = 90,
  },

  monitoring = {
    enabled = true,
    metrics_port = 9090,
    health_check_interval = 5,
    prometheus = {
      enabled = true,
      scrape_interval = "10s",
      remote_write = {
        url = "https://prometheus-remote.example.com/api/v1/write",
        queue_capacity = 10000,
      },
    },
    jaeger = {
      enabled = true,
      endpoint = "http://jaeger-collector.observability.svc:14268/api/traces",
      sample_rate = 0.1,
    },
  },

  security = {
    enable_auth = true,
    auth_backend = 'local,
    token_expiry = 1800,
    enable_rbac = true,
    enable_audit_log = true,
    audit_log_path = "/var/log/provisioning/audit.log",
  },

  mode = 'enterprise,

  resources = {
    cpus = "4.0",
    memory = "4096M",
    disk = "1T",
  },

  # Enterprise HA setup: 3 replicas with leader election
  replicas = 3,
  replica_sync = {
    enabled = true,
    sync_interval = 1000,  # Faster sync for consistency
    quorum_required = true,
  },
  leader_election = {
    enabled = true,
    backend = 'etcd,
    etcd_endpoints = ["etcd-0.etcd", "etcd-1.etcd", "etcd-2.etcd"],
    lease_duration = 15,
  },

}