feat: Add persistent netifyd collector setup (v1.0.3)

The netifyd collector cron job now persists across reboots:

- Add collector_enabled option to UCI config (secubox-netifyd.sink)
- Create init script (secubox-netifyd-collector) to manage cron job
- Update netifyd-collector-setup with enable/disable/status commands
- Apply collector settings on first boot via uci-defaults

Usage:
  netifyd-collector-setup unix /tmp/netifyd-flows.json  # Enable
  netifyd-collector-setup disable                       # Disable
  netifyd-collector-setup status                        # Show status

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

package/secubox/luci-app-secubox-netifyd/Makefile

@@ -1,8 +1,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-secubox-netifyd
-PKG_VERSION:=1.0.2
-PKG_RELEASE:=2
+PKG_VERSION:=1.0.3
+PKG_RELEASE:=1
 PKG_LICENSE:=MIT
 PKG_MAINTAINER:=CyberMind <contact@cybermind.fr>
 PKG_ARCH:=all
@@ -22,6 +22,8 @@ define Package/$(PKG_NAME)/install
 	$(INSTALL_BIN) ./root/usr/sbin/secubox-netifyd-configure $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) ./root/usr/bin/netifyd-collector-setup $(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./root/etc/init.d/secubox-netifyd-collector $(1)/etc/init.d/
 endef
 
 include $(TOPDIR)/feeds/luci/luci.mk

package/secubox/luci-app-secubox-netifyd/root/etc/config/secubox-netifyd

@@ -35,6 +35,7 @@ config sink 'sink'
 	option unix_path '/tmp/netifyd-flows.json'
 	option tcp_address '127.0.0.1'
 	option tcp_port '9501'
+	option collector_enabled '0'
 
 config plugin 'bittorrent'
 	option enabled '0'

package/secubox/luci-app-secubox-netifyd/root/etc/init.d/secubox-netifyd-collector

@@ -0,0 +1,83 @@
+#!/bin/sh /etc/rc.common
+#
+# SecuBox Netifyd Collector Init Script
+# Manages persistent cron job for flow data collection
+#
+
+START=99
+STOP=10
+
+CRON_FILE="/etc/crontabs/root"
+CRON_ENTRY="* * * * * /usr/bin/netifyd-collector >/dev/null 2>&1"
+CRON_MARKER="# secubox-netifyd-collector"
+
+get_collector_enabled() {
+	uci -q get secubox-netifyd.sink.collector_enabled 2>/dev/null || echo "0"
+}
+
+add_cron_entry() {
+	# Remove any existing entries first (clean up duplicates)
+	remove_cron_entry
+
+	# Add the new entry with marker
+	if [ -f "$CRON_FILE" ]; then
+		echo "$CRON_MARKER" >> "$CRON_FILE"
+		echo "$CRON_ENTRY" >> "$CRON_FILE"
+	else
+		echo "$CRON_MARKER" > "$CRON_FILE"
+		echo "$CRON_ENTRY" >> "$CRON_FILE"
+	fi
+
+	# Restart cron to pick up changes
+	/etc/init.d/cron reload 2>/dev/null || /etc/init.d/cron restart 2>/dev/null
+}
+
+remove_cron_entry() {
+	if [ -f "$CRON_FILE" ]; then
+		# Remove marker line and collector entry (various formats)
+		sed -i '/# secubox-netifyd-collector/d' "$CRON_FILE"
+		sed -i '\|/usr/bin/netifyd-collector|d' "$CRON_FILE"
+		sed -i '\|/usr/sbin/netifyd-collector|d' "$CRON_FILE"
+
+		# Restart cron to pick up changes
+		/etc/init.d/cron reload 2>/dev/null || /etc/init.d/cron restart 2>/dev/null
+	fi
+}
+
+start() {
+	local enabled=$(get_collector_enabled)
+
+	if [ "$enabled" = "1" ]; then
+		logger -t secubox-netifyd "Starting netifyd collector (cron job)"
+		add_cron_entry
+	fi
+}
+
+stop() {
+	logger -t secubox-netifyd "Stopping netifyd collector (removing cron job)"
+	remove_cron_entry
+}
+
+reload() {
+	local enabled=$(get_collector_enabled)
+
+	if [ "$enabled" = "1" ]; then
+		logger -t secubox-netifyd "Enabling netifyd collector cron job"
+		add_cron_entry
+	else
+		logger -t secubox-netifyd "Disabling netifyd collector cron job"
+		remove_cron_entry
+	fi
+}
+
+status() {
+	local enabled=$(get_collector_enabled)
+
+	if grep -q "netifyd-collector" "$CRON_FILE" 2>/dev/null; then
+		echo "Collector cron job: ACTIVE"
+	else
+		echo "Collector cron job: INACTIVE"
+	fi
+
+	echo "UCI collector_enabled: $enabled"
+}

package/secubox/luci-app-secubox-netifyd/root/etc/uci-defaults/90-secubox-netifyd

@@ -38,6 +38,18 @@ if ! uci -q get secubox-netifyd.analytics >/dev/null 2>&1; then
 	uci commit secubox-netifyd
 fi
 
+# Initialize sink/collector settings if missing
+if ! uci -q get secubox-netifyd.sink.collector_enabled >/dev/null 2>&1; then
+	uci set secubox-netifyd.sink.collector_enabled='0'
+	uci commit secubox-netifyd
+fi
+
+# Apply collector cron job if enabled in UCI
+if [ "$(uci -q get secubox-netifyd.sink.collector_enabled)" = "1" ]; then
+	/etc/init.d/secubox-netifyd-collector enable 2>/dev/null
+	/etc/init.d/secubox-netifyd-collector start 2>/dev/null
+fi
+
 # Restart netifyd if it's running to apply changes
 if pidof netifyd >/dev/null 2>&1; then
 	/etc/init.d/netifyd restart >/dev/null 2>&1

package/secubox/luci-app-secubox-netifyd/root/usr/bin/netifyd-collector-setup

@@ -1,14 +1,22 @@
 #!/bin/sh
-set -e
-
+#
+# Netifyd Collector Setup - Persistent Configuration
+#
 # Usage: netifyd-collector-setup [unix|tcp] [path_or_host:port]
 # Example:
 #   netifyd-collector-setup unix /tmp/netifyd-flows.json
 #   netifyd-collector-setup tcp 127.0.0.1:9501
+#
+# To disable:
+#   netifyd-collector-setup disable
 
 SINK_MODE="${1:-unix}"
 TARGET="${2:-/tmp/netifyd-flows.json}"
 
+log() {
+	printf '%s\n' "$*"
+}
+
 configure_sink() {
 	local mode="$1"
 	local target="$2"
@@ -27,27 +35,80 @@ configure_sink() {
 	uci commit secubox-netifyd
 }
 
-ensure_collector_cron() {
-	local entry="* * * * * /usr/bin/netifyd-collector >/dev/null 2>&1"
-	local existing
-	existing=$(crontab -l 2>/dev/null || true)
+enable_collector() {
+	# Set UCI flag for persistence
+	uci set secubox-netifyd.sink.collector_enabled=1
+	uci commit secubox-netifyd
 
-	if ! printf '%s\n' "$existing" | grep -Fxq "$entry"; then
-		local tempfile
-		tempfile=$(mktemp)
-		printf '%s\n' "$existing" | grep -v '^$' >"$tempfile"
-		printf '%s\n' "$entry" >>"$tempfile"
-		crontab "$tempfile"
-		rm -f "$tempfile"
+	# Enable and start the init script
+	/etc/init.d/secubox-netifyd-collector enable 2>/dev/null
+	/etc/init.d/secubox-netifyd-collector reload 2>/dev/null
+
+	log "Collector enabled and will persist across reboots"
+}
+
+disable_collector() {
+	# Clear UCI flag
+	uci set secubox-netifyd.sink.collector_enabled=0
+	uci commit secubox-netifyd
+
+	# Stop and disable the init script
+	/etc/init.d/secubox-netifyd-collector stop 2>/dev/null
+	/etc/init.d/secubox-netifyd-collector disable 2>/dev/null
+
+	log "Collector disabled"
+}
+
+show_status() {
+	local enabled=$(uci -q get secubox-netifyd.sink.collector_enabled 2>/dev/null || echo "0")
+	local sink_enabled=$(uci -q get secubox-netifyd.sink.enabled 2>/dev/null || echo "0")
+	local sink_type=$(uci -q get secubox-netifyd.sink.type 2>/dev/null || echo "unix")
+
+	log "Netifyd Collector Status"
+	log "========================"
+	log "Collector enabled: $([ "$enabled" = "1" ] && echo "YES" || echo "NO")"
+	log "Sink enabled: $([ "$sink_enabled" = "1" ] && echo "YES" || echo "NO")"
+	log "Sink type: $sink_type"
+
+	if [ "$sink_type" = "tcp" ]; then
+		local addr=$(uci -q get secubox-netifyd.sink.tcp_address 2>/dev/null)
+		local port=$(uci -q get secubox-netifyd.sink.tcp_port 2>/dev/null)
+		log "TCP target: $addr:$port"
+	else
+		local path=$(uci -q get secubox-netifyd.sink.unix_path 2>/dev/null)
+		log "Unix path: $path"
+	fi
+
+	if grep -q "netifyd-collector" /etc/crontabs/root 2>/dev/null; then
+		log "Cron job: ACTIVE"
+	else
+		log "Cron job: INACTIVE"
 	fi
 }
 
-log() {
-	printf '%s\n' "$*"
-}
-
-log "Configuring Netifyd flow sink ($SINK_MODE -> $TARGET)"
-configure_sink "$SINK_MODE" "$TARGET"
-ensure_collector_cron
-/etc/init.d/netifyd restart >/dev/null 2>&1 || true
-log "Collector cron enabled and netifyd restarted."
+case "$SINK_MODE" in
+	disable)
+		log "Disabling Netifyd collector..."
+		disable_collector
+		;;
+	status)
+		show_status
+		;;
+	unix|tcp)
+		log "Configuring Netifyd flow sink ($SINK_MODE -> $TARGET)"
+		configure_sink "$SINK_MODE" "$TARGET"
+		enable_collector
+		/etc/init.d/netifyd restart >/dev/null 2>&1 || true
+		log "Configuration complete. Netifyd restarted."
+		;;
+	*)
+		log "Usage: $0 [unix|tcp|disable|status] [path_or_host:port]"
+		log ""
+		log "Examples:"
+		log "  $0 unix /tmp/netifyd-flows.json"
+		log "  $0 tcp 127.0.0.1:9501"
+		log "  $0 disable"
+		log "  $0 status"
+		exit 1
+		;;
+esac