# Nomad 客户端安全配置模板 datacenter = "dc1" data_dir = "/opt/nomad/data" plugin_dir = "/opt/nomad/plugins" log_level = "INFO" name = "{{ inventory_hostname }}" # 安全绑定 - 只绑定到 Tailscale 接口 {% if inventory_hostname == 'influxdb' %} bind_addr = "influxdb1.tailnet-68f9.ts.net" addresses { http = "influxdb1.tailnet-68f9.ts.net" rpc = "influxdb1.tailnet-68f9.ts.net" serf = "influxdb1.tailnet-68f9.ts.net" } advertise { http = "influxdb1.tailnet-68f9.ts.net:4646" rpc = "influxdb1.tailnet-68f9.ts.net:4647" serf = "influxdb1.tailnet-68f9.ts.net:4648" } {% else %} bind_addr = "{{ inventory_hostname }}.tailnet-68f9.ts.net" addresses { http = "{{ inventory_hostname }}.tailnet-68f9.ts.net" rpc = "{{ inventory_hostname }}.tailnet-68f9.ts.net" serf = "{{ inventory_hostname }}.tailnet-68f9.ts.net" } advertise { http = "{{ inventory_hostname }}.tailnet-68f9.ts.net:4646" rpc = "{{ inventory_hostname }}.tailnet-68f9.ts.net:4647" serf = "{{ inventory_hostname }}.tailnet-68f9.ts.net:4648" } {% endif %} ports { http = 4646 rpc = 4647 serf = 4648 } # 纯客户端模式 server { enabled = false } client { enabled = true network_interface = "tailscale0" # 连接到当前活跃的服务器节点 servers = [ "ch2.tailnet-68f9.ts.net:4647", "ch3.tailnet-68f9.ts.net:4647", "de.tailnet-68f9.ts.net:4647", "semaphore.tailnet-68f9.ts.net:4647" ] # 基本驱动 options { "driver.raw_exec.enable" = "1" "driver.exec.enable" = "1" } # 激进的垃圾清理策略 gc_interval = "5m" gc_disk_usage_threshold = 80 gc_inode_usage_threshold = 70 } # Podman 插件配置 plugin "nomad-driver-podman" { config { socket_path = "unix:///run/podman/podman.sock" volumes { enabled = true } } } # 安全的 Consul 配置 - 指向本地客户端 consul { address = "127.0.0.1:8500" server_service_name = "nomad" client_service_name = "nomad-client" auto_advertise = true server_auto_join = true client_auto_join = true } # 禁用 Vault - 暂时 vault { enabled = false } # 遥测配置 telemetry { collection_interval = "1s" disable_hostname = false prometheus_metrics = true publish_allocation_metrics = true publish_node_metrics = true }