job "install-podman-driver" {
  datacenters = ["dc1"]
  type = "system"  # 在所有节点上运行

  group "install" {
    task "install-podman" {
      driver = "exec"
      
      config {
        command = "bash"
        args = [
          "-c",
          <<-EOF
            set -euo pipefail
            export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"

            # 依赖工具
            if ! command -v jq >/dev/null 2>&1 || ! command -v unzip >/dev/null 2>&1 || ! command -v wget >/dev/null 2>&1; then
              echo "Installing dependencies (jq unzip wget)..."
              sudo -n apt update -y || true
              sudo -n apt install -y jq unzip wget || true
            fi

            # 安装 Podman（若未安装）
            if ! command -v podman >/dev/null 2>&1; then
              echo "Installing Podman..."
              sudo -n apt update -y || true
              sudo -n apt install -y podman || true
              sudo -n systemctl enable podman || true
            else
              echo "Podman already installed"
            fi

            # 启用并启动 podman.socket，确保 Nomad 可访问
            sudo -n systemctl enable --now podman.socket || true
            if getent group podman >/dev/null 2>&1; then
              sudo -n usermod -aG podman nomad || true
            fi

            # 安装 Nomad Podman 驱动插件（始终确保存在）
            PODMAN_DRIVER_VERSION="0.6.1"
            PLUGIN_DIR="/opt/nomad/data/plugins"
            sudo -n mkdir -p "${PLUGIN_DIR}" || true
            cd /tmp
            if [ ! -x "${PLUGIN_DIR}/nomad-driver-podman" ]; then
              echo "Installing nomad-driver-podman ${PODMAN_DRIVER_VERSION}..."
              wget -q "https://releases.hashicorp.com/nomad-driver-podman/${PODMAN_DRIVER_VERSION}/nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
              unzip -o "nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
              sudo -n mv -f nomad-driver-podman "${PLUGIN_DIR}/"
              sudo -n chmod +x "${PLUGIN_DIR}/nomad-driver-podman"
              sudo -n chown -R nomad:nomad "${PLUGIN_DIR}"
              rm -f "nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
            else
              echo "nomad-driver-podman already present in ${PLUGIN_DIR}"
            fi

            # 更新 /etc/nomad.d/nomad.hcl 的 plugin_dir 设置
            if [ -f /etc/nomad.d/nomad.hcl ]; then
              if grep -q "^plugin_dir\s*=\s*\"" /etc/nomad.d/nomad.hcl; then
                sudo -n sed -i 's#^plugin_dir\s*=\s*\".*\"#plugin_dir = "/opt/nomad/data/plugins"#' /etc/nomad.d/nomad.hcl || true
              else
                echo 'plugin_dir = "/opt/nomad/data/plugins"' | sudo -n tee -a /etc/nomad.d/nomad.hcl >/dev/null || true
              fi
            fi

            # 重启 Nomad 服务以加载插件
            sudo -n systemctl restart nomad || true
            echo "Waiting for Nomad to restart..."
            sleep 15

            # 检查 Podman 驱动是否被 Nomad 检测到
            if /usr/local/bin/nomad node status -self -json 2>/dev/null | jq -r '.Drivers.podman.Detected' | grep -q "true"; then
              echo "Podman driver successfully loaded"
              exit 0
            fi

            echo "Podman driver not detected yet, retrying once after socket restart..."
            sudo -n systemctl restart podman.socket || true
            sleep 5
            if /usr/local/bin/nomad node status -self -json 2>/dev/null | jq -r '.Drivers.podman.Detected' | grep -q "true"; then
              echo "Podman driver successfully loaded after socket restart"
              exit 0
            else
              echo "Podman driver still not detected; manual investigation may be required"
              exit 1
            fi
          EOF
        ]
      }
      
      resources {
        cpu = 200
        memory = 256
      }
      
      // 以root权限运行
      // user = "root"
      # 使用 nomad 用户运行任务，避免客户端策略禁止 root
      user = "nomad"
      
      # 确保任务成功完成
      restart {
        attempts = 1
        interval = "24h"
        delay = "60s"
        mode = "fail"
      }
    }
  }
}