ananke/configs/hecate.example.yaml

# /etc/hecate/hecate.yaml
kubeconfig: /etc/hecate/kubeconfig
ssh_user: atlas
ssh_port: 2277
ssh_config_file: ""
ssh_identity_file: /home/atlas/.ssh/id_ed25519
ssh_node_hosts: {}
ssh_node_users: {}
ssh_managed_nodes: []
ssh_jump_host: ""
ssh_jump_user: ""
iac_repo_path: /opt/titan-iac
expected_flux_branch: main
control_planes:
  - titan-0a
  - titan-0b
  - titan-0c
workers: []
local_bootstrap_paths:
  - infrastructure/core
  - clusters/atlas/flux-system
  - infrastructure/sources/helm
  - infrastructure/metallb
  - infrastructure/traefik
  - infrastructure/cert-manager
  - infrastructure/vault-csi
  - infrastructure/vault-injector
  - services/vault
  - infrastructure/postgres
  - services/gitea
  - services/keycloak
  - services/oauth2-proxy
excluded_namespaces:
  - kube-system
  - kube-public
  - kube-node-lease
  - flux-system
  - traefik
  - metallb-system
  - cert-manager
  - longhorn-system
  - vault
  - postgres
  - maintenance
startup:
  api_wait_seconds: 1200
  api_poll_seconds: 2
  require_time_sync: true
  time_sync_wait_seconds: 240
  time_sync_poll_seconds: 5
  time_sync_mode: quorum
  time_sync_quorum: 2
  reconcile_access_on_boot: true
  auto_etcd_restore_on_api_failure: true
  etcd_restore_control_plane: titan-0a
  require_storage_ready: true
  storage_ready_wait_seconds: 420
  storage_ready_poll_seconds: 5
  storage_min_ready_nodes: 2
  storage_critical_pvcs:
    - vault/data-vault-0
    - postgres/postgres-data-postgres-0
    - gitea/gitea-data
    - sso/keycloak-data
  require_post_start_probes: true
  post_start_probe_wait_seconds: 240
  post_start_probe_poll_seconds: 5
  post_start_probes:
    - https://sso.bstein.dev/realms/atlas/.well-known/openid-configuration
    - https://scm.bstein.dev/user/login
    - https://metrics.bstein.dev/login
  vault_unseal_key_file: /var/lib/hecate/vault-unseal.key
shutdown:
  default_budget_seconds: 1380
  history_min_samples: 3
  emergency_budget_seconds: 420
  emergency_history_min_samples: 3
  emergency_skip_etcd_snapshot: true
  emergency_skip_drain: true
  skip_etcd_snapshot: false
  skip_drain: false
  drain_parallelism: 6
  scale_parallelism: 8
  ssh_parallelism: 8
  poweroff_enabled: true
  poweroff_delay_seconds: 25
  poweroff_local_host: true
  extra_poweroff_hosts:
    - titan-db
ups:
  enabled: true
  provider: nut
  target: pyrphoros@localhost
  targets:
    - name: Pyrphoros
      target: pyrphoros@localhost
  poll_seconds: 5
  runtime_safety_factor: 1.25
  debounce_count: 3
  telemetry_timeout_seconds: 90
coordination:
  forward_shutdown_host: ""
  forward_shutdown_user: atlas
  forward_shutdown_config: /etc/hecate/hecate.yaml
  fallback_local_shutdown: true
  command_timeout_seconds: 25
  startup_guard_max_age_seconds: 900
  role: coordinator
  allow_startup_on_battery: false
metrics:
  enabled: true
  bind_addr: 0.0.0.0:9560
  path: /metrics
state:
  dir: /var/lib/hecate
  run_history_path: /var/lib/hecate/runs.json
  lock_path: /var/lib/hecate/hecate.lock
  intent_path: /var/lib/hecate/intent.json
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`# /etc/hecate/hecate.yaml`
hecate(startup): add coordinated intent guards and resilient recovery ssh 2026-04-04 12:44:15 -03:00			`kubeconfig: /etc/hecate/kubeconfig`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`ssh_user: atlas`
hecate(startup): add coordinated intent guards and resilient recovery ssh 2026-04-04 12:44:15 -03:00			`ssh_port: 2277`
hecate(ssh): add config/key fallback and scoped node orchestration 2026-04-04 12:56:58 -03:00			`ssh_config_file: ""`
hecate(startup): add coordinated intent guards and resilient recovery ssh 2026-04-04 12:44:15 -03:00			`ssh_identity_file: /home/atlas/.ssh/id_ed25519`
			`ssh_node_hosts: {}`
			`ssh_node_users: {}`
			`ssh_managed_nodes: []`
			`ssh_jump_host: ""`
			`ssh_jump_user: ""`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`iac_repo_path: /opt/titan-iac`
			`expected_flux_branch: main`
			`control_planes:`
			`- titan-0a`
			`- titan-0b`
			`- titan-0c`
			`workers: []`
			`local_bootstrap_paths:`
			`- infrastructure/core`
hecate(startup): add coordinated intent guards and resilient recovery ssh 2026-04-04 12:44:15 -03:00			`- clusters/atlas/flux-system`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`- infrastructure/sources/helm`
			`- infrastructure/metallb`
			`- infrastructure/traefik`
hecate: harden emergency thresholds and bootstrap branch handling 2026-04-05 00:15:09 -03:00			`- infrastructure/cert-manager`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`- infrastructure/vault-csi`
			`- infrastructure/vault-injector`
			`- services/vault`
			`- infrastructure/postgres`
			`- services/gitea`
hecate: harden emergency thresholds and bootstrap branch handling 2026-04-05 00:15:09 -03:00			`- services/keycloak`
			`- services/oauth2-proxy`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`excluded_namespaces:`
			`- kube-system`
			`- kube-public`
			`- kube-node-lease`
			`- flux-system`
			`- traefik`
			`- metallb-system`
			`- cert-manager`
			`- longhorn-system`
			`- vault`
			`- postgres`
			`- maintenance`
hecate(startup): add coordinated intent guards and resilient recovery ssh 2026-04-04 12:44:15 -03:00			`startup:`
			`api_wait_seconds: 1200`
			`api_poll_seconds: 2`
hecate: harden startup recovery and ssh/state self-heal 2026-04-04 22:24:56 -03:00			`require_time_sync: true`
			`time_sync_wait_seconds: 240`
			`time_sync_poll_seconds: 5`
hecate: harden startup with storage gates and fallback cache 2026-04-05 01:55:56 -03:00			`time_sync_mode: quorum`
			`time_sync_quorum: 2`
hecate: harden startup recovery and ssh/state self-heal 2026-04-04 22:24:56 -03:00			`reconcile_access_on_boot: true`
hecate: harden outage recovery startup and etcd restore 2026-04-04 20:50:58 -03:00			`auto_etcd_restore_on_api_failure: true`
			`etcd_restore_control_plane: titan-0a`
hecate: harden startup with storage gates and fallback cache 2026-04-05 01:55:56 -03:00			`require_storage_ready: true`
			`storage_ready_wait_seconds: 420`
			`storage_ready_poll_seconds: 5`
			`storage_min_ready_nodes: 2`
			`storage_critical_pvcs:`
			`- vault/data-vault-0`
			`- postgres/postgres-data-postgres-0`
			`- gitea/gitea-data`
			`- sso/keycloak-data`
			`require_post_start_probes: true`
			`post_start_probe_wait_seconds: 240`
			`post_start_probe_poll_seconds: 5`
			`post_start_probes:`
			`- https://sso.bstein.dev/realms/atlas/.well-known/openid-configuration`
			`- https://scm.bstein.dev/user/login`
			`- https://metrics.bstein.dev/login`
			`vault_unseal_key_file: /var/lib/hecate/vault-unseal.key`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`shutdown:`
hecate: harden peer bootstrap failover and worker fallback 2026-04-04 18:34:50 -03:00			`default_budget_seconds: 1380`
hecate: harden emergency thresholds and bootstrap branch handling 2026-04-05 00:15:09 -03:00			`history_min_samples: 3`
			`emergency_budget_seconds: 420`
			`emergency_history_min_samples: 3`
			`emergency_skip_etcd_snapshot: true`
			`emergency_skip_drain: true`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`skip_etcd_snapshot: false`
			`skip_drain: false`
shutdown: parallelize drain and restore scaled workloads 2026-04-04 15:15:34 -03:00			`drain_parallelism: 6`
			`scale_parallelism: 8`
			`ssh_parallelism: 8`
hecate: add multi-ups coordination, poweroff, metrics, and declarative self-update install 2026-04-03 14:46:03 -03:00			`poweroff_enabled: true`
			`poweroff_delay_seconds: 25`
			`poweroff_local_host: true`
			`extra_poweroff_hosts:`
			`- titan-db`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`ups:`
			`enabled: true`
			`provider: nut`
hecate: add layered startup drills and rename UPS peers 2026-04-04 05:50:38 -03:00			`target: pyrphoros@localhost`
hecate: add multi-ups coordination, poweroff, metrics, and declarative self-update install 2026-04-03 14:46:03 -03:00			`targets:`
hecate: add layered startup drills and rename UPS peers 2026-04-04 05:50:38 -03:00			`- name: Pyrphoros`
			`target: pyrphoros@localhost`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`poll_seconds: 5`
hecate: harden peer bootstrap failover and worker fallback 2026-04-04 18:34:50 -03:00			`runtime_safety_factor: 1.25`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`debounce_count: 3`
			`telemetry_timeout_seconds: 90`
hecate: add multi-ups coordination, poweroff, metrics, and declarative self-update install 2026-04-03 14:46:03 -03:00			`coordination:`
			`forward_shutdown_host: ""`
			`forward_shutdown_user: atlas`
			`forward_shutdown_config: /etc/hecate/hecate.yaml`
			`fallback_local_shutdown: true`
			`command_timeout_seconds: 25`
hecate: harden outage recovery startup and etcd restore 2026-04-04 20:50:58 -03:00			`startup_guard_max_age_seconds: 900`
hecate(startup): add coordinated intent guards and resilient recovery ssh 2026-04-04 12:44:15 -03:00			`role: coordinator`
			`allow_startup_on_battery: false`
hecate: add multi-ups coordination, poweroff, metrics, and declarative self-update install 2026-04-03 14:46:03 -03:00			`metrics:`
			`enabled: true`
			`bind_addr: 0.0.0.0:9560`
			`path: /metrics`
bootstrap: scaffold hecate startup/shutdown service 2026-04-03 01:43:16 -03:00			`state:`
			`dir: /var/lib/hecate`
			`run_history_path: /var/lib/hecate/runs.json`
			`lock_path: /var/lib/hecate/hecate.lock`
hecate(startup): add coordinated intent guards and resilient recovery ssh 2026-04-04 12:44:15 -03:00			`intent_path: /var/lib/hecate/intent.json`