#!/bin/sh /etc/rc.common
# Copyright (C) 2021-2022 Gerald Kerma <gandalf@gk2.net>

START=99
USE_PROCD=1
NAME=crowdsec-firewall-bouncer
PROG=/usr/bin/cs-firewall-bouncer
CONFIG=/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
BACKEND=iptables
VARCONFIGDIR=/var/etc/crowdsec/bouncers
VARCONFIG=/var/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
FW_BACKEND="iptables"

service_triggers() {
	procd_add_reload_trigger crowdsec-firewall-bouncer
}

init_config() {
	## CheckFirewall
	iptables="true"
	which iptables > /dev/null
	FW_BACKEND=""
	if [[ $? != 0 ]]; then
	  echo "iptables is not present"
	  iptables="false"
	else
	  FW_BACKEND="iptables"
	  echo "iptables found"
	fi

	nftables="true"
	which nft > /dev/null
	if [[ $? != 0 ]]; then
	  echo "nftables is not present"
	  nftables="false"
	else
	  FW_BACKEND="nftables"
	  echo "nftables found"
	fi

	if [ "$nftables" = "true" -a "$iptables" = "true" ]; then
	  echo "Found nftables(default) and iptables..."
	fi

	if [ "$FW_BACKEND" = "iptables" ]; then
	  which ipset > /dev/null
	  if [[ $? != 0 ]]; then
	    echo "ipset not found, install it !"
	  fi
	fi
	BACKEND=$FW_BACKEND

	# Create tmp dir & permissions if needed
	if [ ! -d "${VARCONFIGDIR}" ]; then
		mkdir -m 0755 -p "${VARCONFIGDIR}"
	fi;

	cp $CONFIG $VARCONFIG

	sed -i "s,^\(\s*mode\s*:\s*\).*\$,\1$BACKEND," $VARCONFIG
}

start_service() {
	init_config

	procd_open_instance
	procd_set_param command "$PROG" -c "$VARCONFIG"
	procd_close_instance
}