feat: 重构基础设施配置与安全凭证管理

- 新增多个云服务商配置文件(OCI、阿里云)
- 重构Vault、Consul、Nomad等服务的部署配置
- 新增备份与恢复完美状态的脚本
- 更新安全凭证管理文档
- 优化Traefik动态配置
- 删除过时的脚本和配置文件

重构后的配置支持多区域部署，优化了服务发现和负载均衡机制，并完善了安全凭证的备份与恢复流程。

infrastructure/traefik/dynamic/authentik-cluster.yml

@@ -0,0 +1,24 @@
+http:
+  services:
+    authentik-cluster:
+      loadBalancer:
+        servers:
+          - url: "https://authentik.tailnet-68f9.ts.net:9443"  # Authentik Tailscale地址
+        serversTransport: authentik-insecure
+        healthCheck:
+          path: "/flows/-/default/authentication/"
+          interval: "30s"
+          timeout: "15s"
+
+  serversTransports:
+    authentik-insecure:
+      insecureSkipVerify: true
+
+  routers:
+    authentik-ui:
+      rule: "Host(`authentik.git-4ta.live`)"
+      service: authentik-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare

infrastructure/traefik/dynamic/consul-cluster.yml

@@ -0,0 +1,29 @@
+http:
+  middlewares:
+    consul-stripprefix:
+      stripPrefix:
+        prefixes:
+          - "/consul"
+
+  services:
+    consul-cluster:
+      loadBalancer:
+        servers:
+          - url: "http://ch4.tailnet-68f9.ts.net:8500"     # 韩国，Leader
+          - url: "http://warden.tailnet-68f9.ts.net:8500"  # 北京，Follower
+          - url: "http://ash3c.tailnet-68f9.ts.net:8500"   # 美国，Follower
+        healthCheck:
+          path: "/v1/status/leader"
+          interval: "30s"
+          timeout: "15s"
+
+  routers:
+    consul-api:
+      rule: "Host(`consul.git-4ta.live`)"
+      service: consul-cluster
+      middlewares:
+        - consul-stripprefix
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare

infrastructure/traefik/dynamic/grafana-cluster.yml

@@ -0,0 +1,19 @@
+http:
+  services:
+    grafana-cluster:
+      loadBalancer:
+        servers:
+          - url: "http://100.100.7.4:3000"  # Grafana 服务地址
+        healthCheck:
+          path: "/api/health"
+          interval: "30s"
+          timeout: "10s"
+
+  routers:
+    grafana-ui:
+      rule: "Host(`grafana.git-4ta.live`)"
+      service: grafana-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare

infrastructure/traefik/dynamic/nomad-cluster.yml

@@ -0,0 +1,20 @@
+http:
+  services:
+    nomad-cluster:
+      loadBalancer:
+        servers:
+          - url: "http://ch2.tailnet-68f9.ts.net:4646"     # 韩国，Leader
+          - url: "http://ash3c.tailnet-68f9.ts.net:4646"   # 美国，Follower
+        healthCheck:
+          path: "/v1/status/leader"
+          interval: "30s"
+          timeout: "15s"
+
+  routers:
+    nomad-ui:
+      rule: "Host(`nomad.git-4ta.live`)"
+      service: nomad-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare

infrastructure/traefik/dynamic/traefik-dashboard.yml

@@ -0,0 +1,19 @@
+http:
+  services:
+    traefik-dashboard:
+      loadBalancer:
+        servers:
+          - url: "http://127.0.0.1:8080"  # Traefik 内部 dashboard
+        healthCheck:
+          path: "/api/rawdata"
+          interval: "30s"
+          timeout: "10s"
+
+  routers:
+    traefik-dashboard:
+      rule: "Host(`traefik.git-4ta.live`)"
+      service: traefik-dashboard
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare

infrastructure/traefik/dynamic/vault-cluster.yml

@@ -0,0 +1,21 @@
+http:
+  services:
+    vault-cluster:
+      loadBalancer:
+        servers:
+          - url: "http://warden.tailnet-68f9.ts.net:8200"  # 北京，Leader
+          - url: "http://ch4.tailnet-68f9.ts.net:8200"     # 韩国，Follower
+          - url: "http://ash3c.tailnet-68f9.ts.net:8200"   # 美国，Follower
+        healthCheck:
+          path: "/v1/sys/health"
+          interval: "30s"
+          timeout: "15s"
+
+  routers:
+    vault-ui:
+      rule: "Host(`vault.git-4ta.live`)"
+      service: vault-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare