# Infrastructure-Specific Extension Development\n\nThis guide focuses on creating extensions tailored to specific infrastructure requirements, business needs, and organizational constraints.\n\n## Table of Contents\n\n1. [Overview](#overview)\n2. [Infrastructure Assessment](#infrastructure-assessment)\n3. [Custom Taskserv Development](#custom-taskserv-development)\n4. [Provider-Specific Extensions](#provider-specific-extensions)\n5. [Multi-Environment Management](#multi-environment-management)\n6. [Integration Patterns](#integration-patterns)\n7. [Real-World Examples](#real-world-examples)\n\n## Overview\n\nInfrastructure-specific extensions address unique requirements that generic modules cannot cover:\n\n- **Company-specific applications and services**\n- **Compliance and security requirements**\n- **Legacy system integrations**\n- **Custom networking configurations**\n- **Specialized monitoring and alerting**\n- **Multi-cloud and hybrid deployments**\n\n## Infrastructure Assessment\n\n### Identifying Extension Needs\n\nBefore creating custom extensions, assess your infrastructure requirements:\n\n#### 1. Application Inventory\n\n```\n# Document existing applications\ncat > infrastructure-assessment.yaml << EOF\napplications:\n - name: "legacy-billing-system"\n type: "monolith"\n runtime: "java-8"\n database: "oracle-11g"\n integrations: ["ldap", "file-storage", "email"]\n compliance: ["pci-dss", "sox"]\n\n - name: "customer-portal"\n type: "microservices"\n runtime: "nodejs-16"\n database: "postgresql-13"\n integrations: ["redis", "elasticsearch", "s3"]\n compliance: ["gdpr", "hipaa"]\n\ninfrastructure:\n - type: "on-premise"\n location: "datacenter-primary"\n capabilities: ["kubernetes", "vmware", "storage-array"]\n\n - type: "cloud"\n provider: "aws"\n regions: ["us-east-1", "eu-west-1"]\n services: ["eks", "rds", "s3", "cloudfront"]\n\ncompliance_requirements:\n - "PCI DSS Level 1"\n - "SOX compliance"\n - "GDPR data protection"\n - "HIPAA safeguards"\n\nnetwork_requirements:\n - "air-gapped environments"\n - "private subnet isolation"\n - "vpn connectivity"\n - "load balancer integration"\nEOF\n```\n\n#### 2. Gap Analysis\n\n```\n# Analyze what standard modules don't cover\n./provisioning/core/cli/module-loader discover taskservs > available-modules.txt\n\n# Create gap analysis\ncat > gap-analysis.md << EOF\n# Infrastructure Gap Analysis\n\n## Standard Modules Available\n$(cat available-modules.txt)\n\n## Missing Capabilities\n- [ ] Legacy Oracle database integration\n- [ ] Company-specific LDAP authentication\n- [ ] Custom monitoring for legacy systems\n- [ ] Compliance reporting automation\n- [ ] Air-gapped deployment workflows\n- [ ] Multi-datacenter replication\n\n## Custom Extensions Needed\n1. **oracle-db-taskserv**: Oracle database with company settings\n2. **company-ldap-taskserv**: LDAP integration with custom schema\n3. **compliance-monitor-taskserv**: Automated compliance checking\n4. **airgap-deployment-cluster**: Air-gapped deployment patterns\n5. **company-monitoring-taskserv**: Custom monitoring dashboard\nEOF\n```\n\n### Requirements Gathering\n\n#### Business Requirements Template\n\n```\n"""\nBusiness Requirements Schema for Custom Extensions\nUse this template to document requirements before development\n"""\n\nschema BusinessRequirements:\n """Document business requirements for custom extensions"""\n\n # Project information\n project_name: str\n stakeholders: [str]\n timeline: str\n budget_constraints?: str\n\n # Functional requirements\n functional_requirements: [FunctionalRequirement]\n\n # Non-functional requirements\n performance_requirements: PerformanceRequirements\n security_requirements: SecurityRequirements\n compliance_requirements: [str]\n\n # Integration requirements\n existing_systems: [ExistingSystem]\n required_integrations: [Integration]\n\n # Operational requirements\n monitoring_requirements: [str]\n backup_requirements: [str]\n disaster_recovery_requirements: [str]\n\nschema FunctionalRequirement:\n id: str\n description: str\n priority: "high" | "medium" | "low"\n acceptance_criteria: [str]\n\nschema PerformanceRequirements:\n max_response_time: str\n throughput_requirements: str\n availability_target: str\n scalability_requirements: str\n\nschema SecurityRequirements:\n authentication_method: str\n authorization_model: str\n encryption_requirements: [str]\n audit_requirements: [str]\n network_security: [str]\n\nschema ExistingSystem:\n name: str\n type: str\n version: str\n api_available: bool\n integration_method: str\n\nschema Integration:\n target_system: str\n integration_type: "api" | "database" | "file" | "message_queue"\n data_format: str\n frequency: str\n direction: "inbound" | "outbound" | "bidirectional"\n```\n\n## Custom Taskserv Development\n\n### Company-Specific Application Taskserv\n\n#### Example: Legacy ERP System Integration\n\n```\n# Create company-specific taskserv\nmkdir -p extensions/taskservs/company-specific/legacy-erp/nickel\ncd extensions/taskservs/company-specific/legacy-erp/nickel\n```\n\nCreate `legacy-erp.ncl`:\n\n```\n"""\nLegacy ERP System Taskserv\nHandles deployment and management of company's legacy ERP system\n"""\n\nimport provisioning.lib as lib\nimport provisioning.dependencies as deps\nimport provisioning.defaults as defaults\n\n# ERP system configuration\nschema LegacyERPConfig:\n """Configuration for legacy ERP system"""\n\n # Application settings\n erp_version: str = "12.2.0"\n installation_mode: "standalone" | "cluster" | "ha" = "ha"\n\n # Database configuration\n database_type: "oracle" | "sqlserver" = "oracle"\n database_version: str = "19c"\n database_size: str = "500Gi"\n database_backup_retention: int = 30\n\n # Network configuration\n erp_port: int = 8080\n database_port: int = 1521\n ssl_enabled: bool = True\n internal_network_only: bool = True\n\n # Integration settings\n ldap_server: str\n file_share_path: str\n email_server: str\n\n # Compliance settings\n audit_logging: bool = True\n encryption_at_rest: bool = True\n encryption_in_transit: bool = True\n data_retention_years: int = 7\n\n # Resource allocation\n app_server_resources: ERPResourceConfig\n database_resources: ERPResourceConfig\n\n # Backup configuration\n backup_schedule: str = "0 2 * * *" # Daily at 2 AM\n backup_retention_policy: BackupRetentionPolicy\n\n check:\n erp_port > 0 and erp_port < 65536, "ERP port must be valid"\n database_port > 0 and database_port < 65536, "Database port must be valid"\n data_retention_years > 0, "Data retention must be positive"\n len(ldap_server) > 0, "LDAP server required"\n\nschema ERPResourceConfig:\n """Resource configuration for ERP components"""\n cpu_request: str\n memory_request: str\n cpu_limit: str\n memory_limit: str\n storage_size: str\n storage_class: str = "fast-ssd"\n\nschema BackupRetentionPolicy:\n """Backup retention policy for ERP system"""\n daily_backups: int = 7\n weekly_backups: int = 4\n monthly_backups: int = 12\n yearly_backups: int = 7\n\n# Environment-specific resource configurations\nerp_resource_profiles = {\n "development": {\n app_server_resources = {\n cpu_request = "1"\n memory_request = "4Gi"\n cpu_limit = "2"\n memory_limit = "8Gi"\n storage_size = "50Gi"\n storage_class = "standard"\n }\n database_resources = {\n cpu_request = "2"\n memory_request = "8Gi"\n cpu_limit = "4"\n memory_limit = "16Gi"\n storage_size = "100Gi"\n storage_class = "standard"\n }\n },\n "production": {\n app_server_resources = {\n cpu_request = "4"\n memory_request = "16Gi"\n cpu_limit = "8"\n memory_limit = "32Gi"\n storage_size = "200Gi"\n storage_class = "fast-ssd"\n }\n database_resources = {\n cpu_request = "8"\n memory_request = "32Gi"\n cpu_limit = "16"\n memory_limit = "64Gi"\n storage_size = "2Ti"\n storage_class = "fast-ssd"\n }\n }\n}\n\n# Taskserv definition\nschema LegacyERPTaskserv(lib.TaskServDef):\n """Legacy ERP Taskserv Definition"""\n name: str = "legacy-erp"\n config: LegacyERPConfig\n environment: "development" | "staging" | "production"\n\n# Dependencies for legacy ERP\nlegacy_erp_dependencies: deps.TaskservDependencies = {\n name = "legacy-erp"\n\n # Infrastructure dependencies\n requires = ["kubernetes", "storage-class"]\n optional = ["monitoring", "backup-agent", "log-aggregator"]\n conflicts = ["modern-erp"]\n\n # Services provided\n provides = ["erp-api", "erp-ui", "erp-reports", "erp-integration"]\n\n # Resource requirements\n resources = {\n cpu = "8"\n memory = "32Gi"\n disk = "2Ti"\n network = True\n privileged = True # Legacy systems often need privileged access\n }\n\n # Health checks\n health_checks = [\n {\n command = "curl -k https://localhost:9090/health"\n interval = 60\n timeout = 30\n retries = 3\n },\n {\n command = "sqlplus system/password@localhost:1521/XE <<< 'SELECT 1 FROM DUAL;'"\n interval = 300\n timeout = 60\n retries = 2\n }\n ]\n\n # Installation phases\n phases = [\n {\n name = "pre-install"\n order = 1\n parallel = False\n required = True\n },\n {\n name = "database-setup"\n order = 2\n parallel = False\n required = True\n },\n {\n name = "application-install"\n order = 3\n parallel = False\n required = True\n },\n {\n name = "integration-setup"\n order = 4\n parallel = True\n required = False\n },\n {\n name = "compliance-validation"\n order = 5\n parallel = False\n required = True\n }\n ]\n\n # Compatibility\n os_support = ["linux"]\n arch_support = ["amd64"]\n timeout = 3600 # 1 hour for legacy system deployment\n}\n\n# Default configuration\nlegacy_erp_default: LegacyERPTaskserv = {\n name = "legacy-erp"\n environment = "production"\n config = {\n erp_version = "12.2.0"\n installation_mode = "ha"\n\n database_type = "oracle"\n database_version = "19c"\n database_size = "1Ti"\n database_backup_retention = 30\n\n erp_port = 8080\n database_port = 1521\n ssl_enabled = True\n internal_network_only = True\n\n # Company-specific settings\n ldap_server = "ldap.company.com"\n file_share_path = "/mnt/company-files"\n email_server = "smtp.company.com"\n\n # Compliance settings\n audit_logging = True\n encryption_at_rest = True\n encryption_in_transit = True\n data_retention_years = 7\n\n # Production resources\n app_server_resources = erp_resource_profiles.production.app_server_resources\n database_resources = erp_resource_profiles.production.database_resources\n\n backup_schedule = "0 2 * * *"\n backup_retention_policy = {\n daily_backups = 7\n weekly_backups = 4\n monthly_backups = 12\n yearly_backups = 7\n }\n }\n}\n\n# Export for provisioning system\n{\n config: legacy_erp_default,\n dependencies: legacy_erp_dependencies,\n profiles: erp_resource_profiles\n}\n```\n\n### Compliance-Focused Taskserv\n\nCreate `compliance-monitor.ncl`:\n\n```\n"""\nCompliance Monitoring Taskserv\nAutomated compliance checking and reporting for regulated environments\n"""\n\nimport provisioning.lib as lib\nimport provisioning.dependencies as deps\n\nschema ComplianceMonitorConfig:\n """Configuration for compliance monitoring system"""\n\n # Compliance frameworks\n enabled_frameworks: [ComplianceFramework]\n\n # Monitoring settings\n scan_frequency: str = "0 0 * * *" # Daily\n real_time_monitoring: bool = True\n\n # Reporting settings\n report_frequency: str = "0 0 * * 0" # Weekly\n report_recipients: [str]\n report_format: "pdf" | "html" | "json" = "pdf"\n\n # Alerting configuration\n alert_severity_threshold: "low" | "medium" | "high" = "medium"\n alert_channels: [AlertChannel]\n\n # Data retention\n audit_log_retention_days: int = 2555 # 7 years\n report_retention_days: int = 365\n\n # Integration settings\n siem_integration: bool = True\n siem_endpoint?: str\n\n check:\n audit_log_retention_days >= 2555, "Audit logs must be retained for at least 7 years"\n len(report_recipients) > 0, "At least one report recipient required"\n\nschema ComplianceFramework:\n """Compliance framework configuration"""\n name: "pci-dss" | "sox" | "gdpr" | "hipaa" | "iso27001" | "nist"\n version: str\n enabled: bool = True\n custom_controls?: [ComplianceControl]\n\nschema ComplianceControl:\n """Custom compliance control"""\n id: str\n description: str\n check_command: str\n severity: "low" | "medium" | "high" | "critical"\n remediation_guidance: str\n\nschema AlertChannel:\n """Alert channel configuration"""\n type: "email" | "slack" | "teams" | "webhook" | "sms"\n endpoint: str\n severity_filter: ["low", "medium", "high", "critical"]\n\n# Taskserv definition\nschema ComplianceMonitorTaskserv(lib.TaskServDef):\n """Compliance Monitor Taskserv Definition"""\n name: str = "compliance-monitor"\n config: ComplianceMonitorConfig\n\n# Dependencies\ncompliance_monitor_dependencies: deps.TaskservDependencies = {\n name = "compliance-monitor"\n\n # Dependencies\n requires = ["kubernetes"]\n optional = ["monitoring", "logging", "backup"]\n provides = ["compliance-reports", "audit-logs", "compliance-api"]\n\n # Resource requirements\n resources = {\n cpu = "500m"\n memory = "1Gi"\n disk = "50Gi"\n network = True\n privileged = False\n }\n\n # Health checks\n health_checks = [\n {\n command = "curl -f http://localhost:9090/health"\n interval = 30\n timeout = 10\n retries = 3\n },\n {\n command = "compliance-check --dry-run"\n interval = 300\n timeout = 60\n retries = 1\n }\n ]\n\n # Compatibility\n os_support = ["linux"]\n arch_support = ["amd64", "arm64"]\n}\n\n# Default configuration with common compliance frameworks\ncompliance_monitor_default: ComplianceMonitorTaskserv = {\n name = "compliance-monitor"\n config = {\n enabled_frameworks = [\n {\n name = "pci-dss"\n version = "3.2.1"\n enabled = True\n },\n {\n name = "sox"\n version = "2002"\n enabled = True\n },\n {\n name = "gdpr"\n version = "2018"\n enabled = True\n }\n ]\n\n scan_frequency = "0 */6 * * *" # Every 6 hours\n real_time_monitoring = True\n\n report_frequency = "0 0 * * 1" # Weekly on Monday\n report_recipients = ["compliance@company.com", "security@company.com"]\n report_format = "pdf"\n\n alert_severity_threshold = "medium"\n alert_channels = [\n {\n type = "email"\n endpoint = "security-alerts@company.com"\n severity_filter = ["medium", "high", "critical"]\n },\n {\n type = "slack"\n endpoint = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"\n severity_filter = ["high", "critical"]\n }\n ]\n\n audit_log_retention_days = 2555\n report_retention_days = 365\n\n siem_integration = True\n siem_endpoint = "https://siem.company.com/api/events"\n }\n}\n\n# Export configuration\n{\n config: compliance_monitor_default,\n dependencies: compliance_monitor_dependencies\n}\n```\n\n## Provider-Specific Extensions\n\n### Custom Cloud Provider Integration\n\nWhen working with specialized or private cloud providers:\n\n```\n# Create custom provider extension\nmkdir -p extensions/providers/company-private-cloud/nickel\ncd extensions/providers/company-private-cloud/nickel\n```\n\nCreate `provision_company-private-cloud.ncl`:\n\n```\n"""\nCompany Private Cloud Provider\nIntegration with company's private cloud infrastructure\n"""\n\nimport provisioning.defaults as defaults\nimport provisioning.server as server\n\nschema CompanyPrivateCloudConfig:\n """Company private cloud configuration"""\n\n # API configuration\n api_endpoint: str = "https://cloud-api.company.com"\n api_version: str = "v2"\n auth_token: str\n\n # Network configuration\n management_network: str = "10.0.0.0/24"\n production_network: str = "10.1.0.0/16"\n dmz_network: str = "10.2.0.0/24"\n\n # Resource pools\n compute_cluster: str = "production-cluster"\n storage_cluster: str = "storage-cluster"\n\n # Compliance settings\n encryption_required: bool = True\n audit_all_operations: bool = True\n\n # Company-specific settings\n cost_center: str\n department: str\n project_code: str\n\n check:\n len(api_endpoint) > 0, "API endpoint required"\n len(auth_token) > 0, "Authentication token required"\n len(cost_center) > 0, "Cost center required for billing"\n\nschema CompanyPrivateCloudServer(server.Server):\n """Server configuration for company private cloud"""\n\n # Instance configuration\n instance_class: "standard" | "compute-optimized" | "memory-optimized" | "storage-optimized" = "standard"\n instance_size: "small" | "medium" | "large" | "xlarge" | "2xlarge" = "medium"\n\n # Storage configuration\n root_disk_type: "ssd" | "nvme" | "spinning" = "ssd"\n root_disk_size: int = 50\n additional_storage?: [CompanyCloudStorage]\n\n # Network configuration\n network_segment: "management" | "production" | "dmz" = "production"\n security_groups: [str] = ["default"]\n\n # Compliance settings\n encrypted_storage: bool = True\n backup_enabled: bool = True\n monitoring_enabled: bool = True\n\n # Company metadata\n cost_center: str\n department: str\n project_code: str\n environment: "dev" | "test" | "staging" | "prod" = "prod"\n\n check:\n root_disk_size >= 20, "Root disk must be at least 20 GB"\n len(cost_center) > 0, "Cost center required"\n len(department) > 0, "Department required"\n\nschema CompanyCloudStorage:\n """Additional storage configuration"""\n size: int\n type: "ssd" | "nvme" | "spinning" | "archive" = "ssd"\n mount_point: str\n encrypted: bool = True\n backup_enabled: bool = True\n\n# Instance size configurations\ninstance_specs = {\n "small": {\n vcpus = 2\n memory_gb = 4\n network_performance = "moderate"\n },\n "medium": {\n vcpus = 4\n memory_gb = 8\n network_performance = "good"\n },\n "large": {\n vcpus = 8\n memory_gb = 16\n network_performance = "high"\n },\n "xlarge": {\n vcpus = 16\n memory_gb = 32\n network_performance = "high"\n },\n "2xlarge": {\n vcpus = 32\n memory_gb = 64\n network_performance = "very-high"\n }\n}\n\n# Provider defaults\ncompany_private_cloud_defaults: defaults.ServerDefaults = {\n lock = False\n time_zone = "UTC"\n running_wait = 20\n running_timeout = 600 # Private cloud may be slower\n\n # Company-specific OS image\n storage_os_find = "name: company-ubuntu-20.04-hardened | arch: x86_64"\n\n # Network settings\n network_utility_ipv4 = True\n network_public_ipv4 = False # Private cloud, no public IPs\n\n # Security settings\n user = "company-admin"\n user_ssh_port = 22\n fix_local_hosts = True\n\n # Company metadata\n labels = "provider: company-private-cloud, compliance: required"\n}\n\n# Export provider configuration\n{\n config: CompanyPrivateCloudConfig,\n server: CompanyPrivateCloudServer,\n defaults: company_private_cloud_defaults,\n instance_specs: instance_specs\n}\n```\n\n## Multi-Environment Management\n\n### Environment-Specific Configuration Management\n\nCreate environment-specific extensions that handle different deployment patterns:\n\n```\n# Create environment management extension\nmkdir -p extensions/clusters/company-environments/nickel\ncd extensions/clusters/company-environments/nickel\n```\n\nCreate `company-environments.ncl`:\n\n```\n"""\nCompany Environment Management\nStandardized environment configurations for different deployment stages\n"""\n\nimport provisioning.cluster as cluster\nimport provisioning.server as server\n\nschema CompanyEnvironment:\n """Standard company environment configuration"""\n\n # Environment metadata\n name: str\n type: "development" | "testing" | "staging" | "production" | "disaster-recovery"\n region: str\n availability_zones: [str]\n\n # Network configuration\n vpc_cidr: str\n subnet_configuration: SubnetConfiguration\n\n # Security configuration\n security_profile: SecurityProfile\n\n # Compliance requirements\n compliance_level: "basic" | "standard" | "high" | "critical"\n data_classification: "public" | "internal" | "confidential" | "restricted"\n\n # Resource constraints\n resource_limits: ResourceLimits\n\n # Backup and DR configuration\n backup_configuration: BackupConfiguration\n disaster_recovery_configuration?: DRConfiguration\n\n # Monitoring and alerting\n monitoring_level: "basic" | "standard" | "enhanced"\n alert_routing: AlertRouting\n\nschema SubnetConfiguration:\n """Network subnet configuration"""\n public_subnets: [str]\n private_subnets: [str]\n database_subnets: [str]\n management_subnets: [str]\n\nschema SecurityProfile:\n """Security configuration profile"""\n encryption_at_rest: bool\n encryption_in_transit: bool\n network_isolation: bool\n access_logging: bool\n vulnerability_scanning: bool\n\n # Access control\n multi_factor_auth: bool\n privileged_access_management: bool\n network_segmentation: bool\n\n # Compliance controls\n audit_logging: bool\n data_loss_prevention: bool\n endpoint_protection: bool\n\nschema ResourceLimits:\n """Resource allocation limits for environment"""\n max_cpu_cores: int\n max_memory_gb: int\n max_storage_tb: int\n max_instances: int\n\n # Cost controls\n max_monthly_cost: int\n cost_alerts_enabled: bool\n\nschema BackupConfiguration:\n """Backup configuration for environment"""\n backup_frequency: str\n retention_policy: {str: int}\n cross_region_backup: bool\n encryption_enabled: bool\n\nschema DRConfiguration:\n """Disaster recovery configuration"""\n dr_region: str\n rto_minutes: int # Recovery Time Objective\n rpo_minutes: int # Recovery Point Objective\n automated_failover: bool\n\nschema AlertRouting:\n """Alert routing configuration"""\n business_hours_contacts: [str]\n after_hours_contacts: [str]\n escalation_policy: [EscalationLevel]\n\nschema EscalationLevel:\n """Alert escalation level"""\n level: int\n delay_minutes: int\n contacts: [str]\n\n# Environment templates\nenvironment_templates = {\n "development": {\n type = "development"\n compliance_level = "basic"\n data_classification = "internal"\n security_profile = {\n encryption_at_rest = False\n encryption_in_transit = False\n network_isolation = False\n access_logging = True\n vulnerability_scanning = False\n multi_factor_auth = False\n privileged_access_management = False\n network_segmentation = False\n audit_logging = False\n data_loss_prevention = False\n endpoint_protection = False\n }\n resource_limits = {\n max_cpu_cores = 50\n max_memory_gb = 200\n max_storage_tb = 10\n max_instances = 20\n max_monthly_cost = 5000\n cost_alerts_enabled = True\n }\n monitoring_level = "basic"\n },\n\n "production": {\n type = "production"\n compliance_level = "critical"\n data_classification = "confidential"\n security_profile = {\n encryption_at_rest = True\n encryption_in_transit = True\n network_isolation = True\n access_logging = True\n vulnerability_scanning = True\n multi_factor_auth = True\n privileged_access_management = True\n network_segmentation = True\n audit_logging = True\n data_loss_prevention = True\n endpoint_protection = True\n }\n resource_limits = {\n max_cpu_cores = 1000\n max_memory_gb = 4000\n max_storage_tb = 500\n max_instances = 200\n max_monthly_cost = 100000\n cost_alerts_enabled = True\n }\n monitoring_level = "enhanced"\n disaster_recovery_configuration = {\n dr_region = "us-west-2"\n rto_minutes = 60\n rpo_minutes = 15\n automated_failover = True\n }\n }\n}\n\n# Export environment templates\n{\n templates: environment_templates,\n schema: CompanyEnvironment\n}\n```\n\n## Integration Patterns\n\n### Legacy System Integration\n\nCreate integration patterns for common legacy system scenarios:\n\n```\n# Create integration patterns\nmkdir -p extensions/taskservs/integrations/legacy-bridge/nickel\ncd extensions/taskservs/integrations/legacy-bridge/nickel\n```\n\nCreate `legacy-bridge.ncl`:\n\n```\n"""\nLegacy System Integration Bridge\nProvides standardized integration patterns for legacy systems\n"""\n\nimport provisioning.lib as lib\nimport provisioning.dependencies as deps\n\nschema LegacyBridgeConfig:\n """Configuration for legacy system integration bridge"""\n\n # Bridge configuration\n bridge_name: str\n integration_type: "api" | "database" | "file" | "message-queue" | "etl"\n\n # Legacy system details\n legacy_system: LegacySystemInfo\n\n # Modern system details\n modern_system: ModernSystemInfo\n\n # Data transformation configuration\n data_transformation: DataTransformationConfig\n\n # Security configuration\n security_config: IntegrationSecurityConfig\n\n # Monitoring and alerting\n monitoring_config: IntegrationMonitoringConfig\n\nschema LegacySystemInfo:\n """Legacy system information"""\n name: str\n type: "mainframe" | "as400" | "unix" | "windows" | "database" | "file-system"\n version: str\n\n # Connection details\n connection_method: "direct" | "vpn" | "dedicated-line" | "api-gateway"\n endpoint: str\n port?: int\n\n # Authentication\n auth_method: "password" | "certificate" | "kerberos" | "ldap" | "token"\n credentials_source: "vault" | "config" | "environment"\n\n # Data characteristics\n data_format: "fixed-width" | "csv" | "xml" | "json" | "binary" | "proprietary"\n character_encoding: str = "utf-8"\n\n # Operational characteristics\n availability_hours: str = "24/7"\n maintenance_windows: [MaintenanceWindow]\n\nschema ModernSystemInfo:\n """Modern system information"""\n name: str\n type: "microservice" | "api" | "database" | "event-stream" | "file-store"\n\n # Connection details\n endpoint: str\n api_version?: str\n\n # Data format\n data_format: "json" | "xml" | "avro" | "protobuf"\n\n # Authentication\n auth_method: "oauth2" | "jwt" | "api-key" | "mutual-tls"\n\nschema DataTransformationConfig:\n """Data transformation configuration"""\n transformation_rules: [TransformationRule]\n error_handling: ErrorHandlingConfig\n data_validation: DataValidationConfig\n\nschema TransformationRule:\n """Individual data transformation rule"""\n source_field: str\n target_field: str\n transformation_type: "direct" | "calculated" | "lookup" | "conditional"\n transformation_expression?: str\n\nschema ErrorHandlingConfig:\n """Error handling configuration"""\n retry_policy: RetryPolicy\n dead_letter_queue: bool = True\n error_notification: bool = True\n\nschema RetryPolicy:\n """Retry policy configuration"""\n max_attempts: int = 3\n initial_delay_seconds: int = 5\n backoff_multiplier: float = 2.0\n max_delay_seconds: int = 300\n\nschema DataValidationConfig:\n """Data validation configuration"""\n schema_validation: bool = True\n business_rules_validation: bool = True\n data_quality_checks: [DataQualityCheck]\n\nschema DataQualityCheck:\n """Data quality check definition"""\n name: str\n check_type: "completeness" | "uniqueness" | "validity" | "consistency"\n threshold: float = 0.95\n action_on_failure: "warn" | "stop" | "quarantine"\n\nschema IntegrationSecurityConfig:\n """Security configuration for integration"""\n encryption_in_transit: bool = True\n encryption_at_rest: bool = True\n\n # Access control\n source_ip_whitelist?: [str]\n api_rate_limiting: bool = True\n\n # Audit and compliance\n audit_all_transactions: bool = True\n pii_data_handling: PIIHandlingConfig\n\nschema PIIHandlingConfig:\n """PII data handling configuration"""\n pii_fields: [str]\n anonymization_enabled: bool = True\n retention_policy_days: int = 365\n\nschema IntegrationMonitoringConfig:\n """Monitoring configuration for integration"""\n metrics_collection: bool = True\n performance_monitoring: bool = True\n\n # SLA monitoring\n sla_targets: SLATargets\n\n # Alerting\n alert_on_failures: bool = True\n alert_on_performance_degradation: bool = True\n\nschema SLATargets:\n """SLA targets for integration"""\n max_latency_ms: int = 5000\n min_availability_percent: float = 99.9\n max_error_rate_percent: float = 0.1\n\nschema MaintenanceWindow:\n """Maintenance window definition"""\n day_of_week: int # 0=Sunday, 6=Saturday\n start_time: str # HH:MM format\n duration_hours: int\n\n# Taskserv definition\nschema LegacyBridgeTaskserv(lib.TaskServDef):\n """Legacy Bridge Taskserv Definition"""\n name: str = "legacy-bridge"\n config: LegacyBridgeConfig\n\n# Dependencies\nlegacy_bridge_dependencies: deps.TaskservDependencies = {\n name = "legacy-bridge"\n\n requires = ["kubernetes"]\n optional = ["monitoring", "logging", "vault"]\n provides = ["legacy-integration", "data-bridge"]\n\n resources = {\n cpu = "500m"\n memory = "1Gi"\n disk = "10Gi"\n network = True\n privileged = False\n }\n\n health_checks = [\n {\n command = "curl -f http://localhost:9090/health"\n interval = 30\n timeout = 10\n retries = 3\n },\n {\n command = "integration-test --quick"\n interval = 300\n timeout = 120\n retries = 1\n }\n ]\n\n os_support = ["linux"]\n arch_support = ["amd64", "arm64"]\n}\n\n# Export configuration\n{\n config: LegacyBridgeTaskserv,\n dependencies: legacy_bridge_dependencies\n}\n```\n\n## Real-World Examples\n\n### Example 1: Financial Services Company\n\n```\n# Financial services specific extensions\nmkdir -p extensions/taskservs/financial-services/{trading-system,risk-engine,compliance-reporter}/nickel\n```\n\n### Example 2: Healthcare Organization\n\n```\n# Healthcare specific extensions\nmkdir -p extensions/taskservs/healthcare/{hl7-processor,dicom-storage,hipaa-audit}/nickel\n```\n\n### Example 3: Manufacturing Company\n\n```\n# Manufacturing specific extensions\nmkdir -p extensions/taskservs/manufacturing/{iot-gateway,scada-bridge,quality-system}/nickel\n```\n\n### Usage Examples\n\n#### Loading Infrastructure-Specific Extensions\n\n```\n# Load company-specific extensions\ncd workspace/infra/production\nmodule-loader load taskservs . [legacy-erp, compliance-monitor, legacy-bridge]\nmodule-loader load providers . [company-private-cloud]\nmodule-loader load clusters . [company-environments]\n\n# Verify loading\nmodule-loader list taskservs .\nmodule-loader validate .\n```\n\n#### Using in Server Configuration\n\n```\n# Import loaded extensions\nimport .taskservs.legacy-erp.legacy-erp as erp\nimport .taskservs.compliance-monitor.compliance-monitor as compliance\nimport .providers.company-private-cloud as private_cloud\n\n# Configure servers with company-specific extensions\ncompany_servers: [server.Server] = [\n {\n hostname = "erp-prod-01"\n title = "Production ERP Server"\n\n # Use company private cloud\n # Provider-specific configuration goes here\n\n taskservs = [\n {\n name = "legacy-erp"\n profile = "production"\n },\n {\n name = "compliance-monitor"\n profile = "default"\n }\n ]\n }\n]\n```\n\nThis comprehensive guide covers all aspects of creating infrastructure-specific extensions, from assessment and planning to implementation and deployment.