swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
echo 'UserIP=$(who -u am i | cut -d"(" -f 2 | sed -e "s/[()]//g")' | sudo tee -a /etc/profile
echo 'export HISTTIMEFORMAT="[%F %T] [${UserIP}] "' | sudo tee -a /etc/profile
#echo 'TMOUT=1800'|sudo tee -a /etc/profile

adduser --disabled-password --gecos "" jump
echo 'jump:O2gff2KST@!mNTm$' | chpasswd
echo 'jump ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers.d/nopasswd
echo 'root:Cptbtptp999gml' | chpasswd

cat <<EOF >/etc/apt/sources.list
deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse

# deb https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
EOF

add-apt-repository universe
add-apt-repository multiverse
apt update
apt install -y apt-transport-https ca-certificates curl software-properties-common
apt install -y ipvsadm ipset conntrack libseccomp2 wget jq psmisc vim net-tools telnet unzip zip git lrzsz apparmor-utils
apt install -y thin-provisioning-tools

systemctl enable chronyd
sed -i '/^server/s/^/#/g' /etc/chrony.conf
sed -i  '/Please consider/a\server ntp.aliyun.com iburst\nserver ntp1.aliyun.com iburst\nserver ntp2.aliyun.com iburst\nserver ntp3.aliyun.com iburst'  /etc/chrony.conf
systemctl restart chronyd
chronyc sources -v
chronyc tracking
hwclock -w

sed -i '/AddressFamily/iPort 22' /etc/ssh/sshd_config
sed -i '/AddressFamily/iPort 5837' /etc/ssh/sshd_config
systemctl restart sshd

mkdir -p /root/.ssh
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCXEni+ljY1ve8vG4pQN8sqUz9Bn75MJQTrPlbj6m0m/hwtg50IAO8L2aUKaih9kDgdBD8F0kUPOnqe915N5w/QJXU71GF5M8ds7JGWh3alLssmdEvHyji2E8K+4LlDCIAvPNImCQ4syH3tny8l7sdIOtCxcvgXG60CEmVAmMCqWwkxTPUW0Xk3oa4Roz2BIXW/fcAY1tE+3TJlTAUK3yD9wbBAOHjZD1gqKNXLxHIUhEl6jtSfCQbXOt5kC8Xasa8o0qmRFIWo377jT/5/clHkYikbKb4ae3uXW3Fl83PviDV+/dAouS/8IrqCxLcjFxeVPwh8hwjUjMpCguMV8s3hLktp51wJZd1Rj3s1P5KJC4IOH3IiYeau6ZFEfqn529y+POQelLRcY+RXzd/yl14e3tKf1Crbhpqh2Y+wqHQhKaFWztGY0lLXY7ZDjsdHiRRI0jOaxv6gTg8UhCvFAs12dUn2D+RXOGO5rrnob6rejXmKA1B39ed7EG9CTbtVm5MNBs9NLJGvrXvcevnX/N9MjZn1RRFB/e+WU+cIihPR4M19qoL8owjFIxojyYLVxJKcwfQ3cdkGJA3wgrFXiaEgWdTyGfRridF9LjaA/IFMWCW3XB8vsooNBhdklAP+galAos9zMfYk0AFctsactQ/j3e9Cy/9ncogbrB8XMhA9sQ== root@jump' >>/root/.ssh/authorized_keys

cat <<EOF >/etc/systemd/system/disable-thp.service
[Unit]
Description=Disable Transparent Huge Pages
DefaultDependencies=no
After=local-fs.target

[Service]
Type=oneshot
ExecStart=/bin/sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled'
ExecStart=/bin/sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag'

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable disable-thp.service
systemctl start disable-thp.service

ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*" >/etc/modules-load.d/modules.conf
echo 'overlay
br_netfilter
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack' >/etc/modules-load.d/k8s.conf
modprobe overlay
modprobe br_netfilter
systemctl enable --now systemd-modules-load.service
systemctl restart systemd-modules-load.service

cat <<EOF > /etc/sysctl.d/k8s.conf
# 网络桥接流量调用 iptables
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-arptables = 1

# 内存与交换
vm.swappiness = 0

# 文件监控
fs.inotify.max_user_watches = 524288
fs.file-max = 52706963

# 网络连接优化
net.core.somaxconn = 32768
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.neigh.default.gc_thresh1 = 4096
net.ipv4.neigh.default.gc_thresh2 = 8192
net.ipv4.neigh.default.gc_thresh3 = 16384

# 允许转发 (如果需要)
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

# 注意：不要随意禁用 IPv6，除非你确定不需要
# 不要设置 user.max_user_namespaces=0，这会搞挂容器！
EOF
sysctl -p /etc/sysctl.conf
sysctl -p /etc/sysctl.d/k8s.conf
sysctl --system