#!/usr/bin/with-contenv bash
# shellcheck shell=bash

if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]] && [[ "${DISABLE_F2B,,}" != "true" ]]; then
    if ! iptables -L &> /dev/null; then
        ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/iptables
        ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/iptables-save
        ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/iptables-restore
        ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/ip6tables
        ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/ip6tables-save
        ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/ip6tables-restore
    fi

    # copy/update the fail2ban config defaults to/in /config
    cp -R /defaults/fail2ban/filter.d /config/fail2ban/
    cp -R /defaults/fail2ban/action.d /config/fail2ban/
    # if jail.local is missing in /config, copy default
    if [[ ! -f /config/fail2ban/jail.local ]]; then
        cp /defaults/fail2ban/jail.local /config/fail2ban/jail.local
    fi
    # Replace fail2ban config with user config
    if [[ -d /etc/fail2ban/filter.d ]]; then
        rm -rf /etc/fail2ban/filter.d
    fi
    if [[ -d /etc/fail2ban/action.d ]]; then
        rm -rf /etc/fail2ban/action.d
    fi
    cp -R /config/fail2ban/filter.d /etc/fail2ban/
    cp -R /config/fail2ban/action.d /etc/fail2ban/
    cp /defaults/fail2ban/fail2ban.local /etc/fail2ban/
    cp /config/fail2ban/jail.local /etc/fail2ban/jail.local

    # logfiles needed by fail2ban
    if [[ ! -f /config/log/nginx/error.log ]]; then
        touch /config/log/nginx/error.log
    fi
    if [[ ! -f /config/log/nginx/access.log ]]; then
        touch /config/log/nginx/access.log
    fi
fi
