#!/bin/sh
# postinst script for bind9-cn
#
# see: dh_installdeb(1)

set -e
[ "$CARNET_SCRIPT_DEBUG" ] && set -vx

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#

case "$1" in
    configure|reconfigure)
      # continue below
    ;;

    *)
        exit 0
    ;;
esac

# import CN-functions
. /usr/share/carnet-tools/functions.sh

CONF="/etc/fail2ban/jail.conf"

if [ -e "$CONF" ]; then
    # enable ssh, pam-generic, sasl, proftpd and vsftpd service
    echo "CN: Enabling SSH, PAM-generic, SASL and Dovecot support..."
    perl -ne 'if (/^\[(ssh|pam-generic|sasl|dovecot)\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled  = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
        cp_mv "$CONF.$$" "$CONF"
    rm -f "$CONF.$$"

    if [ -f /var/log/vsftpd.log ]; then
      echo "CN: Enabling vsftpd support..."
      perl -ne 'if (/^\[vsftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled  = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
          cp_mv "$CONF.$$" "$CONF"
      rm -f "$CONF.$$"
    else
      echo "CN: Disabling vsftpd support..."
      perl -ne 'if (/^\[vsftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+true/enabled  = false/gi }; print $_' "$CONF" > "$CONF.$$" && \
          cp_mv "$CONF.$$" "$CONF"
      rm -f "$CONF.$$"
    fi

    if [ -f /var/log/proftpd/proftpd.log ]; then
      echo "CN: Enabling ProFTPD support..."
      perl -ne 'if (/^\[proftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+false/enabled  = true/gi }; print $_' "$CONF" > "$CONF.$$" && \
          cp_mv "$CONF.$$" "$CONF"
      rm -f "$CONF.$$"
   else
      echo "CN: Disabling ProFTPD support..."
      perl -ne 'if (/^\[proftpd\]/ .. /^enabled/) { $_ =~ s/^enabled\s+=\s+true/enabled  = false/gi }; print $_' "$CONF" > "$CONF.$$" && \
          cp_mv "$CONF.$$" "$CONF"
      rm -f "$CONF.$$"
    fi

    # postfix-sasl in jessie, not sasl anymore
    cp_check_and_sed 'filter[ ]*=[ ]*sasl' \
                     's/^filter[ ]*=[ ]*sasl/filter	= postfix-sasl/gi' \
                     "$CONF" && echo "CN: Fixing sasl to postfix-sasl..." || true

    # add network address and class if needed
    cp_get_netaddr || true
    NETADDR="$RET"
    IGNOREIP=$(grep '^ignoreip' "$CONF")
    if ! echo "$IGNOREIP" | grep -q "$NETADDR"; then
       echo "CN: Enabling local IP ranges exclusion..."
       cp_check_and_sed '^ignoreip' \
            "s;^\(ignoreip.*\)$;\1 $NETADDR;g" "$CONF" || true
    fi
fi

# restart the services
service fail2ban restart || exit $?

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0