From f701f8b20dafadc43daa26df8686dae2342d901a Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Wed, 7 Jan 2026 08:40:29 +0100
Subject: [PATCH] feat(luci-app-secubox-netifyd): add flow sink controls

---
 .../secubox/luci-app-secubox-netifyd/Makefile |  4 +-
 .../luci-app-secubox-netifyd/README.md        | 18 +++++++
 .../root/usr/bin/netifyd-collector-setup      | 53 +++++++++++++++++++
 3 files changed, 74 insertions(+), 1 deletion(-)
 create mode 100644 package/secubox/luci-app-secubox-netifyd/root/usr/bin/netifyd-collector-setup

diff --git a/package/secubox/luci-app-secubox-netifyd/Makefile b/package/secubox/luci-app-secubox-netifyd/Makefile
index 50f8f414..0133dc5c 100644
--- a/package/secubox/luci-app-secubox-netifyd/Makefile
+++ b/package/secubox/luci-app-secubox-netifyd/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-secubox-netifyd
 PKG_VERSION:=1.0.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_LICENSE:=MIT
 PKG_MAINTAINER:=CyberMind <contact@cybermind.fr>
 PKG_ARCH:=all
@@ -20,6 +20,8 @@ define Package/$(PKG_NAME)/install
 	$(INSTALL_DATA) ./README-FLOW-DATA.md $(1)/usr/share/doc/$(PKG_NAME)/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) ./root/usr/sbin/secubox-netifyd-configure $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) ./root/usr/bin/netifyd-collector-setup $(1)/usr/bin/
 endef
 
 include $(TOPDIR)/feeds/luci/luci.mk
diff --git a/package/secubox/luci-app-secubox-netifyd/README.md b/package/secubox/luci-app-secubox-netifyd/README.md
index 0ec14346..2a16d6be 100644
--- a/package/secubox/luci-app-secubox-netifyd/README.md
+++ b/package/secubox/luci-app-secubox-netifyd/README.md
@@ -310,3 +310,21 @@ MIT License - Copyright (C) 2025 CyberMind.fr
 - **Netify by eGloo**: Deep packet inspection engine
 - **SecuBox Team**: LuCI integration and interface design
 - **OpenWrt Community**: Platform and package ecosystem
+## Collector Setup Script
+
+Use `/usr/bin/netifyd-collector-setup` to enable the flow exporter and install the cron job
+that runs `/usr/bin/netifyd-collector` every minute. The script accepts:
+
+```
+/usr/bin/netifyd-collector-setup [unix|tcp] [path_or_host[:port]]
+```
+
+Examples:
+
+```
+/usr/bin/netifyd-collector-setup unix /tmp/netifyd-flows.json
+/usr/bin/netifyd-collector-setup tcp 127.0.0.1:9501
+```
+
+Each invocation updates `/etc/config/secubox-netifyd`, writes `/etc/netifyd.d/secubox-sink.conf`,
+creates the cron entry (`* * * * * /usr/bin/netifyd-collector`), and restarts `netifyd`.
diff --git a/package/secubox/luci-app-secubox-netifyd/root/usr/bin/netifyd-collector-setup b/package/secubox/luci-app-secubox-netifyd/root/usr/bin/netifyd-collector-setup
new file mode 100644
index 00000000..8303149f
--- /dev/null
+++ b/package/secubox/luci-app-secubox-netifyd/root/usr/bin/netifyd-collector-setup
@@ -0,0 +1,53 @@
+#!/bin/sh
+set -e
+
+# Usage: netifyd-collector-setup [unix|tcp] [path_or_host:port]
+# Example:
+#   netifyd-collector-setup unix /tmp/netifyd-flows.json
+#   netifyd-collector-setup tcp 127.0.0.1:9501
+
+SINK_MODE="${1:-unix}"
+TARGET="${2:-/tmp/netifyd-flows.json}"
+
+configure_sink() {
+	local mode="$1"
+	local target="$2"
+
+	uci set secubox-netifyd.sink.enabled=1
+	if [ "$mode" = "tcp" ]; then
+		local addr="${target%:*}"
+		local port="${target##*:}"
+		uci set secubox-netifyd.sink.type="tcp"
+		uci set secubox-netifyd.sink.tcp_address="$addr"
+		uci set secubox-netifyd.sink.tcp_port="$port"
+	else
+		uci set secubox-netifyd.sink.type="unix"
+		uci set secubox-netifyd.sink.unix_path="$target"
+	fi
+	uci commit secubox-netifyd
+}
+
+ensure_collector_cron() {
+	local entry="* * * * * /usr/bin/netifyd-collector >/dev/null 2>&1"
+	local existing
+	existing=$(crontab -l 2>/dev/null || true)
+
+	if ! printf '%s\n' "$existing" | grep -Fxq "$entry"; then
+		local tempfile
+		tempfile=$(mktemp)
+		printf '%s\n' "$existing" | grep -v '^$' >"$tempfile"
+		printf '%s\n' "$entry" >>"$tempfile"
+		crontab "$tempfile"
+		rm -f "$tempfile"
+	fi
+}
+
+log() {
+	printf '%s\n' "$*"
+}
+
+log "Configuring Netifyd flow sink ($SINK_MODE -> $TARGET)"
+configure_sink "$SINK_MODE" "$TARGET"
+ensure_collector_cron
+/etc/init.d/netifyd restart >/dev/null 2>&1 || true
+log "Collector cron enabled and netifyd restarted."