#!/bin/sh

CONFIG=/etc/crowdsec/config.yaml
data_dir=`uci get "crowdsec.crowdsec.data_dir"`
sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $CONFIG
db_path=`uci get "crowdsec.crowdsec.db_path"`
sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $CONFIG

# Create data dir & permissions if needed
if [ ! -d "${data_dir}" ]; then
	mkdir -m 0755 -p "${data_dir}"
fi;

# Create machine-id if not exists
if [ ! -f /etc/machine-id ]; then
	cat /proc/sys/kernel/random/uuid | tr -d "-" > /etc/machine-id
fi

# Register local API machine
if grep -q "login:" /etc/crowdsec/local_api_credentials.yaml 2>/dev/null; then
	echo "Local API already registered"
else
	echo "Registering local API machine..."
	cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml
fi

# Register with Central API (CAPI) for threat intelligence sharing
if ! grep -q "login:" /etc/crowdsec/online_api_credentials.yaml 2>/dev/null; then
	echo "Registering with Central API (CAPI)..."
	if cscli capi register 2>/dev/null; then
		echo "Successfully registered with Central API"
	else
		echo "WARNING: CAPI registration failed - will run in local-only mode"
		# Create minimal credentials file to prevent errors
		echo "url: https://api.crowdsec.net/" > /etc/crowdsec/online_api_credentials.yaml
	fi
else
	echo "Central API already registered"
fi

# Update hub index
if [ ! -f /etc/crowdsec/hub/.index.json ] || [ $(find /etc/crowdsec/hub/.index.json -mtime +7 2>/dev/null | wc -l) -gt 0 ]; then
	echo "Updating hub index..."
	cscli hub update 2>/dev/null || true
fi

# Install default collections
cscli collections install crowdsecurity/linux 2>/dev/null || true
cscli parsers install crowdsecurity/whitelists 2>/dev/null || true
cscli hub upgrade 2>/dev/null || true

exit 0