#!/usr/bin/env bash
# Install rsyslog config that ships mail-stack logs to a remote ELK syslog input.
# Run as root: sudo ./install.sh <ELK_HOST> [<ELK_PORT>] [tcp|udp]
set -euo pipefail

ELK_HOST="${1:-${ELK_HOST:-logstash.internal}}"
ELK_PORT="${2:-${ELK_PORT:-5140}}"
PROTO="${3:-tcp}"

HERE="$(cd "$(dirname "$0")" && pwd)"

PROTO_PREFIX='@@'
[ "$PROTO" = "udp" ] && PROTO_PREFIX='@'

sed \
  -e "s|target=\"logstash.internal\"|target=\"$ELK_HOST\"|" \
  -e "s|port=\"5140\"|port=\"$ELK_PORT\"|" \
  -e "s|protocol=\"tcp\"|protocol=\"$PROTO\"|" \
  "$HERE/49-mail-stack.conf" > /etc/rsyslog.d/49-mail-stack.conf

mkdir -p /var/spool/rsyslog
chown syslog:adm /var/spool/rsyslog 2>/dev/null || chown root:adm /var/spool/rsyslog

# Make sure rsyslog can read mail-stack logs.
if [ -d /etc/logrotate.d ]; then
  cat > /etc/logrotate.d/mail-stack <<'EOF'
/var/log/mail-flask.log /var/log/mail-dramatiq.log /var/log/mail-backup.log {
    daily
    rotate 30
    missingok
    notifempty
    compress
    delaycompress
    copytruncate
}
EOF
fi

systemctl restart rsyslog
echo "rsyslog: shipping mail-stack → $ELK_HOST:$ELK_PORT ($PROTO)"
systemctl --no-pager status rsyslog | head -10