#!/usr/bin/env bash

readonly toolName=fail2ban
readonly toolDeps="$toolName"
readonly toolConfDir="/etc/fail2ban"
readonly toolConfLoc="$toolConfDir/jail.local"
readonly toolFilter="$toolConfDir/filter.d"
readonly toolJails="$toolConfDir/jail.d"


sq_aptOpt=
#sq_config=0

seq_config() {
  ## Called once before executing steps.
  ## e.g. to source a config file manually:
  #. "${seq_origin:?}/${seq_configName:?}"

  ## or to use sequencer api with profile config file support:
  #if initSeqConfig -p "${seq_fileName:?}" "${seq_configTemplate:?}" ; then

  ## or to use sequencer api with global config file:
  #if initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?}" ; then
  #  sq_config=1
  #else
  #  # End if no configuration file exists
  #  dry || return 1
  #fi

  ## Apt cmdline option to suppress user interaction
  interactive || sq_aptOpt="-y"

  ## Disable error checks if external scripts are used
  ## e.g. error on unbound variables
  #disableErrorCheck

  sq_configDir="${seq_origin:?}/${toolName:?}"
  sq_configFilter="${sq_configDir}/filter.d"
  sq_configJails="${sq_configDir}/jail.d"

  ## Return of non zero value will abort the sequence
  return 0
}

step_1_info() { echo "Install $toolName"; }
step_1_alias() { echo "install"; }
step_1() {
  exe apt update
  exe apt install ${toolDeps} ${sq_aptOpt}
}

step_2_info() { echo "Base jail configuration to use ufw"; }
step_2_alias() { echo "config"; }
step_2() {
  info "Create local configuration";
  addConf -a "$failConfLocal" "$toolConfLoc"
  exe service $toolName restart
}
failConfLocal="[DEFAULT]

banaction = ufw
banaction_multiport = ufw
ignoreip = 127.0.0.1/8 ::1"

step_3_info() { echo "Add basic ip-blacklist"; }
step_3_alias() { echo "blacklist"; }
step_3() {
  local ipBlackList="${sq_configDir}/ip.blacklist"
  local ipBlackListJail="$sq_configJails/ip-blacklist.conf"
  local ipBlackListFilter="$sq_configFilter/ip-blacklist.conf"

  info "Adding filter"
  addConf -s -f "$ipBlackListFilter" "$toolFilter/$(basename -- "$ipBlackListFilter")"
  addConf -s -f "$ipBlackListJail" "$toolJails/$(basename -- "$ipBlackListJail")"
  addConf -s -f "$ipBlackList" "$toolConfDir/$(basename -- "$ipBlackList")"
  exe service $toolName restart
}

step_4_info() { echo "$toolName notes"; }
step_4_alias() { echo "notes"; }
step_4() {
  cat <<NOTES_EOF
# Syslog not readable by librenms (https://github.com/fail2ban/fail2ban/issues/2734)
  [$toolConfDir/fail2ban.local]
   [Definition]
    logtarget = SYSLOG[format="%%(name)s[%%(process)d]: %%(levelname)s %%(message)s"]
NOTES_EOF
}

step_20_info() { echo "Install mailserver jail"; }
step_20_alias() { echo "mail"; }
step_20() {
  local mailJail="$sq_configJails/mail.conf"
  addConf -s -f "$mailJail" "$toolJails/$(basename -- "$mailJail")"
  exe service $toolName restart
}

# shellcheck disable=SC2034 # Appears unused
readonly sqr_minVersion=16
# shellcheck disable=SC1091 # Don't follow this source
. /usr/local/bin/sequencer.sh