Clean repository: organized structure and GitOps setup

- Organized root directory structure - Moved orphan files to proper locations - Updated .gitignore to ignore temporary files - Set up Gitea Runner for GitOps automation - Fixed Tailscale access issues - Added workflow for automated Nomad deployment
2025-10-09 06:13:45 +00:00
commit 89ee6f7967
306 changed files with 30781 additions and 0 deletions
--- a/components/traefik/config/dynamic.yml
+++ b/components/traefik/config/dynamic.yml
@@ -0,0 +1,123 @@
+http:
+  serversTransports:
+    waypoint-insecure:
+      insecureSkipVerify: true
+    authentik-insecure:
+      insecureSkipVerify: true
+  
+  middlewares:
+    consul-stripprefix:
+      stripPrefix:
+        prefixes:
+          - "/consul"
+    waypoint-auth:
+      replacePathRegex:
+        regex: "^/auth/token(.*)$"
+        replacement: "/auth/token$1"
+
+  services:
+    consul-cluster:
+      loadBalancer:
+        servers:
+          - url: "http://ch4.tailnet-68f9.ts.net:8500"     # 韩国，Leader
+          - url: "http://warden.tailnet-68f9.ts.net:8500"  # 北京，Follower
+          - url: "http://ash3c.tailnet-68f9.ts.net:8500"   # 美国，Follower
+        healthCheck:
+          path: "/v1/status/leader"
+          interval: "30s"
+          timeout: "15s"
+
+    nomad-cluster:
+      loadBalancer:
+        servers:
+          - url: "http://ch2.tailnet-68f9.ts.net:4646"     # 韩国，Leader
+          - url: "http://warden.tailnet-68f9.ts.net:4646"  # 北京，Follower
+          - url: "http://ash3c.tailnet-68f9.ts.net:4646"   # 美国，Follower
+        healthCheck:
+          path: "/v1/status/leader"
+          interval: "30s"
+          timeout: "15s"
+
+    waypoint-cluster:
+      loadBalancer:
+        servers:
+          - url: "https://hcp1.tailnet-68f9.ts.net:9701"  # hcp1 节点 HTTPS API
+        serversTransport: waypoint-insecure
+
+    vault-cluster:
+      loadBalancer:
+        servers:
+          - url: "http://warden.tailnet-68f9.ts.net:8200"  # 北京，单节点
+        healthCheck:
+          path: "/ui/"
+          interval: "30s"
+          timeout: "15s"
+
+    authentik-cluster:
+      loadBalancer:
+        servers:
+          - url: "https://authentik.tailnet-68f9.ts.net:9443"  # Authentik容器HTTPS端口
+        serversTransport: authentik-insecure
+        healthCheck:
+          path: "/flows/-/default/authentication/"
+          interval: "30s"
+          timeout: "15s"
+
+  routers:
+    consul-api:
+      rule: "Host(`consul.git4ta.tech`)"
+      service: consul-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare
+      middlewares:
+        - consul-stripprefix
+
+    consul-ui:
+      rule: "Host(`consul.git-4ta.live`) && PathPrefix(`/ui`)"
+      service: consul-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare
+
+    nomad-api:
+      rule: "Host(`nomad.git-4ta.live`)"
+      service: nomad-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare
+
+    nomad-ui:
+      rule: "Host(`nomad.git-4ta.live`) && PathPrefix(`/ui`)"
+      service: nomad-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare
+
+    waypoint-ui:
+      rule: "Host(`waypoint.git-4ta.live`)"
+      service: waypoint-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare
+
+    vault-ui:
+      rule: "Host(`vault.git-4ta.live`)"
+      service: vault-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare
+
+    authentik-ui:
+      rule: "Host(`authentik1.git-4ta.live`)"
+      service: authentik-cluster
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: cloudflare