#!/usr/bin/env bash
#
# onx-fail2ban-reload — fail2ban config'ini yeniden yükle (servis duraklatmadan).
# Output: {"ok":true,"reloaded":true}

set -euo pipefail

if ! command -v fail2ban-client &>/dev/null; then
    jq -nc '{ok:false,error:"fail2ban-client not installed"}' >&2
    exit 2
fi

if ! fail2ban-client reload 2>/tmp/onox-reload-err-$$; then
    err="$(cat /tmp/onox-reload-err-$$ 2>/dev/null || echo unknown)"
    rm -f /tmp/onox-reload-err-$$
    jq -nc --arg err "$err" '{ok:false,error:"reload failed",fail2ban_err:$err}' >&2
    exit 3
fi
rm -f /tmp/onox-reload-err-$$

logger -t "onox-fail2ban" "Config reloaded"

jq -nc '{ok:true,reloaded:true}'
