Clean repository: organized structure and GitOps setup

- Organized root directory structure
- Moved orphan files to proper locations
- Updated .gitignore to ignore temporary files
- Set up Gitea Runner for GitOps automation
- Fixed Tailscale access issues
- Added workflow for automated Nomad deployment

nomad-configs/README.md

@@ -0,0 +1,48 @@
+# Nomad配置管理
+
+## 目录结构
+```
+nomad-configs/
+├── templates/
+│   └── nomad-client.hcl.j2    # 配置模板
+├── nodes/
+│   ├── warden.hcl            # 各节点配置文件
+│   ├── hcp1.hcl
+│   ├── onecloud1.hcl
+│   ├── influxdb1.hcl
+│   ├── ash3c.hcl
+│   ├── ch4.hcl
+│   └── browser.hcl
+├── scripts/
+│   └── deploy.sh             # 部署脚本
+└── README.md
+```
+
+## 节点列表
+- onecloud1 (down)
+- hcp1 (down)
+- influxdb1 (ready)
+- ash3c (ready)
+- ch4 (ready)
+- warden (ready) - 成功模板
+- browser (ready)
+
+## 使用方法
+
+### 部署单个节点
+```bash
+cd /root/mgmt/nomad-configs
+./scripts/deploy.sh warden
+```
+
+### 部署所有节点
+```bash
+for node in onecloud1 hcp1 influxdb1 ash3c ch4 warden browser; do
+    ./scripts/deploy.sh $node
+done
+```
+
+## 配置说明
+- 基于warden的成功配置
+- 只替换节点名和FQDN
+- 保持配置一致性

nomad-configs/consul-onecloud1-server.hcl

@@ -0,0 +1,65 @@
+# Consul Server Configuration for onecloud1
+datacenter = "dc1"
+data_dir = "/opt/consul/data"
+log_level = "INFO"
+node_name = "onecloud1"
+bind_addr = "100.98.209.50"
+
+# Server mode
+server = true
+bootstrap_expect = 4
+
+# Join existing cluster
+retry_join = [
+  "100.117.106.136",  # ch4
+  "100.122.197.112",  # warden
+  "100.116.80.94"     # ash3c
+]
+
+# Performance optimization
+performance {
+  raft_multiplier = 5
+}
+
+# Ports configuration
+ports {
+  grpc = 8502
+  http = 8500
+  dns = 8600
+  server = 8300
+  serf_lan = 8301
+  serf_wan = 8302
+}
+
+# Enable Connect for service mesh
+connect {
+  enabled = true
+}
+
+# Cache configuration for performance
+cache {
+  entry_fetch_max_burst = 42
+  entry_fetch_rate = 30
+}
+
+# Node metadata
+node_meta = {
+  region = "unknown"
+  zone = "nomad-client"
+}
+
+# UI enabled for servers
+ui_config {
+  enabled = true
+}
+
+# ACL configuration (if needed)
+acl = {
+  enabled = false
+  default_policy = "allow"
+}
+
+# Logging
+log_file = "/var/log/consul/consul.log"
+log_rotate_duration = "24h"
+log_rotate_max_files = 7

nomad-configs/nodes/ash3c.hcl

@@ -0,0 +1,108 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "ash3c"
+
+bind_addr = "ash3c.tailnet-68f9.ts.net"
+
+addresses {
+  http = "ash3c.tailnet-68f9.ts.net"
+  rpc  = "ash3c.tailnet-68f9.ts.net"
+  serf = "ash3c.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "ash3c.tailnet-68f9.ts.net:4646"
+  rpc  = "ash3c.tailnet-68f9.ts.net:4647"
+  serf = "ash3c.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  enabled = false
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/nodes/browser.hcl

@@ -0,0 +1,108 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "browser"
+
+bind_addr = "browser.tailnet-68f9.ts.net"
+
+addresses {
+  http = "browser.tailnet-68f9.ts.net"
+  rpc  = "browser.tailnet-68f9.ts.net"
+  serf = "browser.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "browser.tailnet-68f9.ts.net:4646"
+  rpc  = "browser.tailnet-68f9.ts.net:4647"
+  serf = "browser.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://browser.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/nodes/ch4.hcl

@@ -0,0 +1,108 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "ch4"
+
+bind_addr = "ch4.tailnet-68f9.ts.net"
+
+addresses {
+  http = "ch4.tailnet-68f9.ts.net"
+  rpc  = "ch4.tailnet-68f9.ts.net"
+  serf = "ch4.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "ch4.tailnet-68f9.ts.net:4646"
+  rpc  = "ch4.tailnet-68f9.ts.net:4647"
+  serf = "ch4.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  enabled = false
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://ch4.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/nodes/hcp1.hcl

@@ -0,0 +1,118 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "hcp1"
+
+bind_addr = "hcp1.tailnet-68f9.ts.net"
+
+addresses {
+  http = "hcp1.tailnet-68f9.ts.net"
+  rpc  = "hcp1.tailnet-68f9.ts.net"
+  serf = "hcp1.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "hcp1.tailnet-68f9.ts.net:4646"
+  rpc  = "hcp1.tailnet-68f9.ts.net:4647"
+  serf = "hcp1.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+
+  host_volume "traefik-certs" {
+    path = "/opt/traefik/certs"
+    read_only = false
+  }
+
+  host_volume "waypoint-data" {
+    path = "/opt/waypoint"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://hcp1.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/nodes/influxdb1.hcl

@@ -0,0 +1,108 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "influxdb1"
+
+bind_addr = "influxdb1.tailnet-68f9.ts.net"
+
+addresses {
+  http = "influxdb1.tailnet-68f9.ts.net"
+  rpc  = "influxdb1.tailnet-68f9.ts.net"
+  serf = "influxdb1.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "influxdb1.tailnet-68f9.ts.net:4646"
+  rpc  = "influxdb1.tailnet-68f9.ts.net:4647"
+  serf = "influxdb1.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://influxdb1.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/nodes/onecloud1-dual.hcl

@@ -0,0 +1,130 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "onecloud1"
+
+bind_addr = "onecloud1.tailnet-68f9.ts.net"
+
+addresses {
+  http = "onecloud1.tailnet-68f9.ts.net"
+  rpc  = "onecloud1.tailnet-68f9.ts.net"
+  serf = "onecloud1.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "onecloud1.tailnet-68f9.ts.net:4646"
+  rpc  = "onecloud1.tailnet-68f9.ts.net:4647"
+  serf = "onecloud1.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648",
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ch2.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+client {
+\nconsul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  enabled = false
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://onecloud1.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/nodes/onecloud1.hcl

@@ -0,0 +1,109 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "onecloud1"
+
+bind_addr = "onecloud1.tailnet-68f9.ts.net"
+
+addresses {
+  http = "onecloud1.tailnet-68f9.ts.net"
+  rpc  = "onecloud1.tailnet-68f9.ts.net"
+  serf = "onecloud1.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "onecloud1.tailnet-68f9.ts.net:4646"
+  rpc  = "onecloud1.tailnet-68f9.ts.net:4647"
+  serf = "onecloud1.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://onecloud1.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}

nomad-configs/nodes/warden.hcl

@@ -0,0 +1,108 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "warden"
+
+bind_addr = "warden.tailnet-68f9.ts.net"
+
+addresses {
+  http = "warden.tailnet-68f9.ts.net"
+  rpc  = "warden.tailnet-68f9.ts.net"
+  serf = "warden.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "warden.tailnet-68f9.ts.net:4646"
+  rpc  = "warden.tailnet-68f9.ts.net:4647"
+  serf = "warden.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://warden.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/nomad-de-correct.hcl

@@ -0,0 +1,75 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "de"
+
+bind_addr = "0.0.0.0"
+
+addresses {
+  http = "de.tailnet-68f9.ts.net"
+  rpc  = "de.tailnet-68f9.ts.net"
+  serf = "de.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "de.tailnet-68f9.ts.net:4646"
+  rpc  = "de.tailnet-68f9.ts.net:4647"
+  serf = "de.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ch2.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+client {
+  enabled = true
+  servers = [
+    "ch3.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "hcp1.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647",
+    "semaphore.tailnet-68f9.ts.net:4647"
+  ]
+  network_interface = "tailscale0"
+  cgroup_parent = ""
+}
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/nomad-de.hcl

@@ -0,0 +1,73 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "de"
+
+bind_addr = "100.120.225.29"
+
+addresses {
+  http = "100.120.225.29"
+  rpc  = "100.120.225.29"
+  serf = "100.120.225.29"
+}
+
+advertise {
+  http = "de.tailnet-68f9.ts.net:4646"
+  rpc  = "de.tailnet-68f9.ts.net:4647"
+  serf = "de.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ch2.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+client {
+  enabled = true
+  servers = [
+    "ch3.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "hcp1.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647",
+    "semaphore.tailnet-68f9.ts.net:4647"
+  ]
+}
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/scripts/cleanup_backups.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# 清理所有节点的Nomad配置备份文件
+NODES=("hcp1" "influxdb1" "ash3c" "ch4" "warden" "browser" "ash1d" "ash2e" "ch2" "ch3" "de" "semaphore" "onecloud1")
+
+for NODE_NAME in "${NODES[@]}"; do
+  echo "清理节点 ${NODE_NAME} 的备份配置文件"
+  ssh ben@${NODE_NAME} "echo '3131' | sudo -S find /etc/nomad.d/ -name '*.bak' -o -name '*.backup' -o -name '*.~' -o -name '*.broken' | xargs -r sudo rm -f"
+  echo "节点 ${NODE_NAME} 清理完成"
+  echo "---"
+done
+
+echo "所有节点备份配置文件清理完成！"

nomad-configs/scripts/deploy-all.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# 批量部署所有节点配置
+# 用法: ./deploy-all.sh
+
+NODES=("influxdb1" "ash3c" "ch4" "browser")
+
+echo "开始批量部署Nomad配置..."
+
+for node in "${NODES[@]}"; do
+    echo "部署配置到节点: $node"
+    
+    # 下载配置文件
+    ssh ben@$node.tailnet-68f9.ts.net "curl -s 'https://gitea.tailnet-68f9.ts.net/ben/mgmt/raw/branch/main/nomad-configs/nodes/${node}.hcl' > /tmp/${node}.hcl && echo '3131' | sudo -S cp /tmp/${node}.hcl /etc/nomad.d/nomad.hcl"
+    
+    # 创建必要的目录
+    ssh ben@$node.tailnet-68f9.ts.net "echo '3131' | sudo -S mkdir -p /opt/nomad/data/vault-storage"
+    
+    # 重启Nomad服务
+    ssh ben@$node.tailnet-68f9.ts.net "echo '3131' | sudo -S systemctl restart nomad"
+    
+    echo "节点 $node 部署完成"
+    echo "---"
+done
+
+echo "所有节点部署完成！"

nomad-configs/scripts/deploy.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Nomad配置部署脚本
+# 用法: ./deploy.sh <node_name>
+
+NODE_NAME=$1
+NODE_FQDN="${NODE_NAME}.tailnet-68f9.ts.net"
+
+if [ -z "$NODE_NAME" ]; then
+    echo "用法: $0 <node_name>"
+    echo "可用节点: onecloud1, hcp1, influxdb1, ash3c, ch4, warden, browser"
+    exit 1
+fi
+
+echo "部署配置到节点: $NODE_NAME ($NODE_FQDN)"
+
+# 生成配置文件
+sed "s/warden\.tailnet-68f9\.ts\.net/$NODE_FQDN/g" templates/nomad-client.hcl.j2 | \
+sed "s/name = \"warden\"/name = \"$NODE_NAME\"/" > nodes/${NODE_NAME}.hcl
+
+echo "配置文件已生成: nodes/${NODE_NAME}.hcl"
+
+# 部署到节点
+echo "部署到节点..."
+ssh ben@$NODE_FQDN "echo '3131' | sudo -S tee /etc/nomad.d/nomad.hcl" < nodes/${NODE_NAME}.hcl
+
+# 重启服务
+echo "重启Nomad服务..."
+ssh ben@$NODE_FQDN "echo '3131' | sudo -S systemctl restart nomad"
+
+echo "部署完成！"

nomad-configs/scripts/deploy_servers.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+SERVERS=("ash1d" "ash2e" "ch2" "ch3" "de" "semaphore" "hcp1" "onecloud1")
+REPO_URL="https://gitea.tailnet-68f9.ts.net/ben/mgmt/raw/branch/main/nomad-configs/servers"
+
+for SERVER_NAME in "${SERVERS[@]}"; do
+  echo "部署服务器配置到: ${SERVER_NAME}"
+  ssh ben@${SERVER_NAME} "curl -s \"${REPO_URL}/${SERVER_NAME}.hcl\" > /tmp/${SERVER_NAME}.hcl && echo '3131' | sudo -S cp /tmp/${SERVER_NAME}.hcl /etc/nomad.d/nomad.hcl && echo '3131' | sudo -S systemctl restart nomad"
+  echo "服务器 ${SERVER_NAME} 部署完成"
+  echo "---"
+done
+
+echo "所有Nomad服务器配置部署完成！"

nomad-configs/servers/ash1d.hcl

@@ -0,0 +1,60 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "ash1d"
+
+bind_addr = "0.0.0.0"
+
+addresses {
+  http = "ash1d.tailnet-68f9.ts.net"
+  rpc  = "ash1d.tailnet-68f9.ts.net"
+  serf = "ash1d.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "ash1d.tailnet-68f9.ts.net:4646"
+  rpc  = "ash1d.tailnet-68f9.ts.net:4647"
+  serf = "ash1d.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/servers/ash2e.hcl

@@ -0,0 +1,60 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "ash2e"
+
+bind_addr = "0.0.0.0"
+
+addresses {
+  http = "ash2e.tailnet-68f9.ts.net"
+  rpc  = "ash2e.tailnet-68f9.ts.net"
+  serf = "ash2e.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "ash2e.tailnet-68f9.ts.net:4646"
+  rpc  = "ash2e.tailnet-68f9.ts.net:4647"
+  serf = "ash2e.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/servers/ch2.hcl

@@ -0,0 +1,60 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "ch2"
+
+bind_addr = "0.0.0.0"
+
+addresses {
+  http = "ch2.tailnet-68f9.ts.net"
+  rpc  = "ch2.tailnet-68f9.ts.net"
+  serf = "ch2.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "ch2.tailnet-68f9.ts.net:4646"
+  rpc  = "ch2.tailnet-68f9.ts.net:4647"
+  serf = "ch2.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ch2.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/servers/ch3.hcl

@@ -0,0 +1,60 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "ch3"
+
+bind_addr = "0.0.0.0"
+
+addresses {
+  http = "ch3.tailnet-68f9.ts.net"
+  rpc  = "ch3.tailnet-68f9.ts.net"
+  serf = "ch3.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "ch3.tailnet-68f9.ts.net:4646"
+  rpc  = "ch3.tailnet-68f9.ts.net:4647"
+  serf = "ch3.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/servers/de.hcl

@@ -0,0 +1,60 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "de"
+
+bind_addr = "0.0.0.0"
+
+addresses {
+  http = "de.tailnet-68f9.ts.net"
+  rpc  = "de.tailnet-68f9.ts.net"
+  serf = "de.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "de.tailnet-68f9.ts.net:4646"
+  rpc  = "de.tailnet-68f9.ts.net:4647"
+  serf = "de.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/servers/hcp1.hcl

@@ -0,0 +1,60 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "hcp1"
+
+bind_addr = "0.0.0.0"
+
+addresses {
+  http = "hcp1.tailnet-68f9.ts.net"
+  rpc  = "hcp1.tailnet-68f9.ts.net"
+  serf = "hcp1.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "hcp1.tailnet-68f9.ts.net:4646"
+  rpc  = "hcp1.tailnet-68f9.ts.net:4647"
+  serf = "hcp1.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/servers/onecloud1.hcl

@@ -0,0 +1,60 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "onecloud1"
+
+bind_addr = "onecloud1.tailnet-68f9.ts.net"
+
+addresses {
+  http = "onecloud1.tailnet-68f9.ts.net"
+  rpc  = "onecloud1.tailnet-68f9.ts.net"
+  serf = "onecloud1.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "onecloud1.tailnet-68f9.ts.net:4646"
+  rpc  = "onecloud1.tailnet-68f9.ts.net:4647"
+  serf = "onecloud1.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "ch2.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/servers/semaphore.hcl

@@ -0,0 +1,60 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "semaphore"
+
+bind_addr = "0.0.0.0"
+
+addresses {
+  http = "semaphore.tailnet-68f9.ts.net"
+  rpc  = "semaphore.tailnet-68f9.ts.net"
+  serf = "semaphore.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "semaphore.tailnet-68f9.ts.net:4646"
+  rpc  = "semaphore.tailnet-68f9.ts.net:4647"
+  serf = "semaphore.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ash1d.tailnet-68f9.ts.net:4648", 
+      "ash2e.tailnet-68f9.ts.net:4648",
+      "semaphore.tailnet-68f9.ts.net:4648",
+      "ch3.tailnet-68f9.ts.net:4648",
+      "onecloud1.tailnet-68f9.ts.net:4648",
+      "de.tailnet-68f9.ts.net:4648",
+      "hcp1.tailnet-68f9.ts.net:4648"
+    ]
+  }
+}
+
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = false
+  client_auto_join = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs/templates/nomad-client.hcl.j2

@@ -0,0 +1,108 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "warden"
+
+bind_addr = "warden.tailnet-68f9.ts.net"
+
+addresses {
+  http = "warden.tailnet-68f9.ts.net"
+  rpc  = "warden.tailnet-68f9.ts.net"
+  serf = "warden.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "warden.tailnet-68f9.ts.net:4646"
+  rpc  = "warden.tailnet-68f9.ts.net:4647"
+  serf = "warden.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
+  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "onecloud1.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 配置host volumes
+  host_volume "fnsync" {
+    path = "/mnt/fnsync"
+    read_only = false
+  }
+  
+  host_volume "vault-storage" {
+    path = "/opt/nomad/data/vault-storage"
+    read_only = false
+  }
+  
+  # 禁用Docker驱动，只使用Podman
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 配置节点元数据
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+    consul_server = "true"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  enabled = false
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://warden.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}