Clean repository: organized structure and GitOps setup

- Organized root directory structure
- Moved orphan files to proper locations
- Updated .gitignore to ignore temporary files
- Set up Gitea Runner for GitOps automation
- Fixed Tailscale access issues
- Added workflow for automated Nomad deployment

deployment/ansible/playbooks/templates/consul-client.hcl.j2

@@ -0,0 +1,61 @@
+# Consul Client Configuration for {{ inventory_hostname }}
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "{{ inventory_hostname }}"
+bind_addr = "{{ hostvars[inventory_hostname]['tailscale_ip'] }}"
+
+# Client mode (not server)
+server = false
+
+# Connect to Consul servers (指向三节点集群)
+retry_join = [
+{% for server in consul_servers %}
+  "{{ server }}"{% if not loop.last %},{% endif %}
+{% endfor %}
+]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-{{ 'server' if 'server' in group_names else 'client' }}"
+}
+
+# UI disabled for clients
+ui_config {
+  enabled = false
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

deployment/ansible/playbooks/templates/nomad-server.hcl.j2

@@ -0,0 +1,106 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "{{ ansible_hostname }}"
+
+bind_addr = "0.0.0.0"
+
+addresses {
+  http = "{{ ansible_host }}"
+  rpc  = "{{ ansible_host }}"
+  serf = "{{ ansible_host }}"
+}
+
+advertise {
+  http = "{{ ansible_host }}:4646"
+  rpc  = "{{ ansible_host }}:4647"
+  serf = "{{ ansible_host }}:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ch2.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+{% if ansible_hostname == 'hcp1' %}
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647",
+    "hcp1.tailnet-68f9.ts.net:4647"
+  ]
+  
+  host_volume "traefik-certs" {
+    path      = "/opt/traefik/certs"
+    read_only = false
+  }
+  
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_client = "true"
+  }
+  
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+{% endif %}
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}