#!/bin/bash
# postinst script for linux-patch-api
# Created by package build system

set -e

# Configure with debhelper
if [ "$1" = "configure" ]; then
    echo "Configuring linux-patch-api..."
    
    # Copy example configs if they don't exist
    if [ ! -f "/etc/linux_patch_api/config.yaml" ]; then
        echo "Creating default config.yaml..."
        cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml
        chmod 640 /etc/linux_patch_api/config.yaml
        chown linux-patch-api:linux-patch-api /etc/linux_patch_api/config.yaml
    fi
    
    if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then
        echo "Creating default whitelist.yaml..."
        cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml
        chmod 640 /etc/linux_patch_api/whitelist.yaml
        chown linux-patch-api:linux-patch-api /etc/linux_patch_api/whitelist.yaml
    fi
    
    # Reload systemd daemon to pick up new service file
    systemctl daemon-reload
    
    # Enable the service (but don't start automatically - admin should configure first)
    systemctl enable linux-patch-api.service
    
    echo ""
    echo "linux-patch-api installed successfully!"
    echo ""
    echo "Next steps:"
    echo "  1. Configure /etc/linux_patch_api/config.yaml with your settings"
    echo "  2. Place TLS certificates in /etc/linux_patch_api/certs/"
    echo "  3. Configure IP whitelist in /etc/linux_patch_api/whitelist.yaml"
    echo "  4. Start the service: systemctl start linux-patch-api"
    echo "  5. Check status: systemctl status linux-patch-api"
    echo ""
fi

# Handle upgrade
if [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-remove" ] || [ "$1" = "abort-deconfigure" ]; then
    echo "Installation aborted - service remains in previous state"
fi

exit 0
