---
# Ansible 批量修复所有服务器节点的安全配置
- name: 修复所有 Nomad 服务器节点的安全配置
  hosts: ash1d,ash2e,onecloud1
  gather_facts: no
  vars:
    nomad_servers:
      - "semaphore.tailnet-68f9.ts.net:4647"
      - "ash1d.tailnet-68f9.ts.net:4647"
      - "ash2e.tailnet-68f9.ts.net:4647"
      - "ch2.tailnet-68f9.ts.net:4647"
      - "ch3.tailnet-68f9.ts.net:4647"
      - "onecloud1.tailnet-68f9.ts.net:4647"
      - "de.tailnet-68f9.ts.net:4647"
  
  tasks:
    - name: 生成安全的 Nomad 服务器配置
      template:
        src: server-secure.hcl.j2
        dest: /tmp/nomad-secure.hcl
        mode: '0644'
    
    - name: 停止 Nomad 服务
      systemd:
        name: nomad
        state: stopped
      become: yes
    
    - name: 备份当前配置
      copy:
        src: /etc/nomad.d/nomad.hcl
        dest: "/etc/nomad.d/nomad.hcl.backup.{{ ansible_date_time.epoch }}"
        remote_src: yes
      become: yes
      ignore_errors: yes
    
    - name: 部署安全配置
      copy:
        src: /tmp/nomad-secure.hcl
        dest: /etc/nomad.d/nomad.hcl
        remote_src: yes
      become: yes
    
    - name: 清理 Raft 数据以重新加入集群
      file:
        path: /opt/nomad/data/server/raft/
        state: absent
      become: yes
    
    - name: 启动 Nomad 服务
      systemd:
        name: nomad
        state: started
        enabled: yes
      become: yes
    
    - name: 等待服务启动
      wait_for:
        port: 4646
        host: "{{ inventory_hostname }}.tailnet-68f9.ts.net"
        delay: 10
        timeout: 60