#!/usr/bin/env bash
set -euo pipefail
echo "[*] Installing Ubuntu client prerequisites..."
apt update
apt install -y nftables jq curl dnsutils iproute2
echo "[*] Enable nftables..."
systemctl enable --now nftables
echo "[*] Install config and scripts..."
install -m 0644 blocklist-sync.conf.sample /etc/blocklist-sync.conf
install -m 0755 blocklist-sync /usr/local/sbin/blocklist-sync
install -m 0644 blocklist-sync.service /etc/systemd/system/blocklist-sync.service
install -m 0644 blocklist-sync.timer   /etc/systemd/system/blocklist-sync.timer
echo "[*] Reload systemd and start timer..."
systemctl daemon-reload
systemctl enable --now blocklist-sync.timer
echo "[*] First run..."
systemctl start blocklist-sync.service || true
journalctl -u blocklist-sync.service -n 50 --no-pager || true
echo "Done. Edit /etc/blocklist-sync.conf to set your API URLs and token if needed."