#!/usr/bin/env bash
#
# onx-fail2ban-restart — fail2ban servisini yeniden başlat (systemctl restart).
# Input: yok (veya boş JSON)
# Output: {"ok":true,"restarted":true,"uptime_seconds":0}

set -euo pipefail

if ! command -v systemctl &>/dev/null; then
    jq -nc '{ok:false,error:"systemctl not available"}' >&2
    exit 2
fi

# Check service exists
if ! systemctl list-unit-files fail2ban.service &>/dev/null; then
    jq -nc '{ok:false,error:"fail2ban.service not installed"}' >&2
    exit 2
fi

if ! systemctl restart fail2ban 2>/tmp/onox-restart-err-$$; then
    err="$(cat /tmp/onox-restart-err-$$ 2>/dev/null || echo unknown)"
    rm -f /tmp/onox-restart-err-$$
    jq -nc --arg err "$err" '{ok:false,error:"restart failed",systemctl_err:$err}' >&2
    exit 3
fi
rm -f /tmp/onox-restart-err-$$

# Wait briefly for service to be active
for _ in 1 2 3 4 5; do
    sleep 1
    if systemctl is-active fail2ban &>/dev/null; then
        break
    fi
done

active=false
if systemctl is-active fail2ban &>/dev/null; then
    active=true
fi

logger -t "onox-fail2ban" "Service restarted (active=$active)"

jq -nc --argjson active "$active" '{ok:true,restarted:true,active:$active,uptime_seconds:0}'
