From 56fda79bd674246912c8f10f0202b5c417fe5cb3 Mon Sep 17 00:00:00 2001
From: Houzhong Xu <houzhongxu@seekkey.tech>
Date: Thu, 9 Oct 2025 03:40:32 +0000
Subject: [PATCH] Fix hcp1 config with proper traefik-certs host volume

---
 nomad-configs/nodes/hcp1.hcl | 145 ++++++++++++-----------------------
 1 file changed, 51 insertions(+), 94 deletions(-)

diff --git a/nomad-configs/nodes/hcp1.hcl b/nomad-configs/nodes/hcp1.hcl
index 752cb95..8a53284 100644
--- a/nomad-configs/nodes/hcp1.hcl
+++ b/nomad-configs/nodes/hcp1.hcl
@@ -18,11 +18,27 @@ advertise {
   serf = "hcp1.tailnet-68f9.ts.net:4648"
 }
 
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
 client {
   enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
   servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
     "ch2.tailnet-68f9.ts.net:4647",
-    "ash3c.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
     "onecloud1.tailnet-68f9.ts.net:4647",
     "de.tailnet-68f9.ts.net:4647"
   ]
@@ -37,7 +53,7 @@ client {
     path = "/opt/nomad/data/vault-storage"
     read_only = false
   }
-  
+
   host_volume "traefik-certs" {
     path = "/opt/traefik/certs"
     read_only = false
@@ -60,97 +76,38 @@ client {
   gc_interval = "5m"
   gc_disk_usage_threshold = 80
   gc_inode_usage_threshold = 70
-  gc_max_allocs = 50
-  
-  # 网络配置
-  network_interface = "tailscale0"
-  
-  # 资源限制
-  cpu_total_compute = 4000
-  memory_total_mb = 8192
-  
-  # 任务限制
-  max_kill_timeout = "30s"
-  
-  # 日志配置
-  logging {
-    level = "INFO"
-    format = "json"
-    enable_syslog = true
-    syslog_facility = "LOCAL0"
-  }
-  
-  # 插件配置
-  plugin_dir = "/opt/nomad/plugins"
-  
-  # 状态同步
-  state_dir = "/opt/nomad/data/client"
-  alloc_dir = "/opt/nomad/data/alloc"
-  
-  # 任务驱动配置
-  task_drivers = ["exec", "raw_exec"]
-  
-  # 网络指纹
-  network_interface = "tailscale0"
-  
-  # 存储配置
-  disk_free_threshold = "10%"
-  disk_usage_threshold = "90%"
-  
-  # 任务限制
-  max_kill_timeout = "30s"
-  
-  # 健康检查
-  health_check_grace_period = "30s"
-  
-  # 任务重启策略
-  restart_policy {
-    interval = "5m"
-    attempts = 3
-    delay = "15s"
-    mode = "fail"
-  }
-  
-  # 任务清理
-  cleanup_interval = "5m"
-  
-  # 任务监控
-  enable_monitoring = true
-  
-  # 任务日志
-  log_config {
-    enabled = true
-    max_file_size = "10MB"
-    max_files = 10
-  }
-  
-  # 任务资源
-  resource_limits {
-    cpu_total_compute = 4000
-    memory_total_mb = 8192
-  }
-  
-  # 任务网络
-  network_config {
-    interface = "tailscale0"
-    port_range = "20000-30000"
-  }
-  
-  # 任务存储
-  storage_config {
-    disk_free_threshold = "10%"
-    disk_usage_threshold = "90%"
-  }
-  
-  # 任务安全
-  security_config {
-    enable_tls = false
-    verify_server_hostname = false
-  }
-  
-  # 任务调试
-  debug_config {
-    enabled = false
-    log_level = "INFO"
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
   }
 }
+
+consul {
+  enabled = false
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://hcp1.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}
\ No newline at end of file