#!/bin/bash

COLLECTIONS=false
set -e

# Source debconf library.
. /usr/share/debconf/confmodule

if [ "$1" = configure ]; then
    if [[ ! -d /var/lib/crowdsec/data ]]; then
        mkdir -p /var/lib/crowdsec/data
    fi

    . /usr/share/crowdsec/wizard.sh -n
    if ! [[ -f /etc/crowdsec/acquis.yaml ]]; then
        echo Creating /etc/crowdsec/acquis.yaml
        set +e
        SILENT=true detect_services
        SILENT=true TMP_ACQUIS_FILE_SKIP=skip genacquisition
        set -e
        COLLECTIONS=true
    fi

    if [[ -f /etc/crowdsec/local_api_credentials.yaml ]] ; then
        chmod 600 /etc/crowdsec/local_api_credentials.yaml
    fi

    if [[ -f /etc/crowdsec/online_api_credentials.yaml ]]; then
        chmod 600 /etc/crowdsec/online_api_credentials.yaml
    fi

    if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] || [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]]; then
        if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] ; then
            install -m 600 /dev/null  /etc/crowdsec/local_api_credentials.yaml
        fi
        if [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]] ; then
            install -m 600 /dev/null  /etc/crowdsec/online_api_credentials.yaml
        fi

        db_input medium crowdsec/lapi || true
        db_go || true

        db_get crowdsec/lapi
        LAPI=$RET

        if  [ "$LAPI" = true ]; then
            db_input medium crowdsec/capi || true
            db_go || true

            db_get crowdsec/capi
            CAPI=$RET

            [ -s /etc/crowdsec/local_api_credentials.yaml ] || cscli machines add -a --force --error

            if [ "$CAPI" = true ]; then
                cscli capi register --error
            fi

        else
            db_input medium crowdsec/lapi_host || true
            db_go || true

            db_get crowdsec/lapi_host
            LAPI_HOST=$RET
            sed -i "s/127.0.0.1:8080/$LAPI_HOST/g" /etc/crowdsec/config.yaml
        fi
    fi

    echo Updating hub
    /usr/bin/cscli hub update
    /usr/bin/cscli hub upgrade

    if [ "$COLLECTIONS" = true ]; then
        set +e
        CSCLI_BIN_INSTALLED="/usr/bin/cscli" SILENT=true install_collection
        set -e
    fi

    systemctl --quiet is-enabled crowdsec || systemctl unmask crowdsec && systemctl enable crowdsec

    API=$(cscli config show --key "Config.API.Server")
    if [ "$API" = "nil" ] ; then
        LAPI=false
    else
        PORT=$(cscli config show --key "Config.API.Server.ListenURI"|cut -d ":" -f2)
    fi
    if [ "$LAPI" = false ] || [ -z "$(ss -nlt "sport = ${PORT}" | grep -v ^State)" ]  ; then
        systemctl start crowdsec
    else
        echo "Not attempting to start crowdsec, port ${PORT} is already used or lapi was disabled"
        echo "This port is configured through /etc/crowdsec/config.yaml and /etc/crowdsec/local_api_credentials.yaml"
    fi

    GREEN='\033[0;32m'
    BOLD='\033[1m'
    RESET='\033[0m'

    echo -e "${BOLD}Get started with CrowdSec:${RESET}"
    echo -e " * Go further by following our ${BOLD}post installation steps${RESET} : ${GREEN}${BOLD}https://docs.crowdsec.net/u/getting_started/next_steps${RESET}"
    echo -e "===================================================================================================================="
    echo -e " * Install a ${BOLD}remediation component${RESET} to block attackers: ${GREEN}${BOLD}https://docs.crowdsec.net/u/bouncers/intro${RESET}"
    echo -e "===================================================================================================================="
    echo -e " * Find more ${BOLD}collections${RESET}, ${BOLD}parsers${RESET} and ${BOLD}scenarios${RESET} created by the community with the Hub: ${GREEN}${BOLD}https://hub.crowdsec.net${RESET}"
    echo -e "===================================================================================================================="
    echo -e " * Subscribe to ${BOLD}additional blocklists${RESET}, ${BOLD}visualize${RESET} your alerts and more with the console: ${GREEN}${BOLD}https://app.crowdsec.net${RESET}"
fi

echo "You can always run the configuration again interactively by using '/usr/share/crowdsec/wizard.sh -c'"
