# /etc/hecate/hecate.yaml
kubeconfig: /etc/hecate/kubeconfig
ssh_user: atlas
ssh_port: 2277
ssh_config_file: ""
ssh_identity_file: /home/atlas/.ssh/id_ed25519
ssh_node_hosts: {}
ssh_node_users: {}
ssh_managed_nodes: []
ssh_jump_host: ""
ssh_jump_user: ""
iac_repo_path: /opt/titan-iac
expected_flux_branch: main
control_planes:
  - titan-0a
  - titan-0b
  - titan-0c
workers: []
local_bootstrap_paths:
  - infrastructure/core
  - clusters/atlas/flux-system
  - infrastructure/sources/helm
  - infrastructure/metallb
  - infrastructure/traefik
  - infrastructure/cert-manager
  - infrastructure/vault-csi
  - infrastructure/vault-injector
  - services/vault
  - infrastructure/postgres
  - services/gitea
  - services/keycloak
  - services/oauth2-proxy
excluded_namespaces:
  - kube-system
  - kube-public
  - kube-node-lease
  - flux-system
  - traefik
  - metallb-system
  - cert-manager
  - longhorn-system
  - vault
  - postgres
  - maintenance
startup:
  api_wait_seconds: 1200
  api_poll_seconds: 2
  require_time_sync: true
  time_sync_wait_seconds: 240
  time_sync_poll_seconds: 5
  time_sync_mode: quorum
  time_sync_quorum: 2
  reconcile_access_on_boot: true
  auto_etcd_restore_on_api_failure: true
  etcd_restore_control_plane: titan-0a
  require_storage_ready: true
  storage_ready_wait_seconds: 420
  storage_ready_poll_seconds: 5
  storage_min_ready_nodes: 2
  storage_critical_pvcs:
    - vault/data-vault-0
    - postgres/postgres-data-postgres-0
    - gitea/gitea-data
    - sso/keycloak-data
  require_post_start_probes: true
  post_start_probe_wait_seconds: 240
  post_start_probe_poll_seconds: 5
  post_start_probes:
    - https://sso.bstein.dev/realms/atlas/.well-known/openid-configuration
    - https://scm.bstein.dev/user/login
    - https://metrics.bstein.dev/login
  vault_unseal_key_file: /var/lib/hecate/vault-unseal.key
shutdown:
  default_budget_seconds: 1380
  history_min_samples: 3
  emergency_budget_seconds: 420
  emergency_history_min_samples: 3
  emergency_skip_etcd_snapshot: true
  emergency_skip_drain: true
  skip_etcd_snapshot: false
  skip_drain: false
  drain_parallelism: 6
  scale_parallelism: 8
  ssh_parallelism: 8
  poweroff_enabled: true
  poweroff_delay_seconds: 25
  poweroff_local_host: true
  extra_poweroff_hosts:
    - titan-db
ups:
  enabled: true
  provider: nut
  target: pyrphoros@localhost
  targets:
    - name: Pyrphoros
      target: pyrphoros@localhost
  poll_seconds: 5
  runtime_safety_factor: 1.25
  debounce_count: 3
  telemetry_timeout_seconds: 90
coordination:
  forward_shutdown_host: ""
  forward_shutdown_user: atlas
  forward_shutdown_config: /etc/hecate/hecate.yaml
  fallback_local_shutdown: true
  command_timeout_seconds: 25
  startup_guard_max_age_seconds: 900
  role: coordinator
  allow_startup_on_battery: false
metrics:
  enabled: true
  bind_addr: 0.0.0.0:9560
  path: /metrics
state:
  dir: /var/lib/hecate
  run_history_path: /var/lib/hecate/runs.json
  lock_path: /var/lib/hecate/hecate.lock
  intent_path: /var/lib/hecate/intent.json