"""
Command-builder module for managing firewalld on a Linux VPS.
Each function returns a bash command string (or multi-command string).
"""


def _perm(permanent: bool) -> str:
    return " --permanent" if permanent else ""


def status_cmd() -> str:
    return (
        "which firewall-cmd > /dev/null 2>&1 && echo 'firewalld is installed' || echo 'firewalld is NOT installed'; "
        "firewall-cmd --state 2>/dev/null; "
        "systemctl status firewalld --no-pager"
    )


def install_cmd() -> str:
    return (
        "apt update && apt install -y firewalld && "
        "systemctl enable firewalld && "
        "systemctl start firewalld"
    )


def zones_cmd() -> str:
    return "firewall-cmd --get-zones; firewall-cmd --get-active-zones"


def zone_info_cmd(zone: str = "public") -> str:
    return f"firewall-cmd --zone={zone} --list-all"


def add_service_cmd(service: str, zone: str = "public", permanent: bool = True) -> str:
    return f"firewall-cmd --zone={zone} --add-service={service}{_perm(permanent)}"


def remove_service_cmd(service: str, zone: str = "public", permanent: bool = True) -> str:
    return f"firewall-cmd --zone={zone} --remove-service={service}{_perm(permanent)}"


def add_port_cmd(port: str, zone: str = "public", permanent: bool = True) -> str:
    return f"firewall-cmd --zone={zone} --add-port={port}{_perm(permanent)}"


def remove_port_cmd(port: str, zone: str = "public", permanent: bool = True) -> str:
    return f"firewall-cmd --zone={zone} --remove-port={port}{_perm(permanent)}"


def add_rich_rule_cmd(rule: str, zone: str = "public", permanent: bool = True) -> str:
    return f"firewall-cmd --zone={zone} --add-rich-rule='{rule}'{_perm(permanent)}"


def remove_rich_rule_cmd(rule: str, zone: str = "public", permanent: bool = True) -> str:
    return f"firewall-cmd --zone={zone} --remove-rich-rule='{rule}'{_perm(permanent)}"


def block_ip_cmd(ip: str, zone: str = "drop") -> str:
    return f"firewall-cmd --zone={zone} --add-source={ip} --permanent"


def unblock_ip_cmd(ip: str, zone: str = "drop") -> str:
    return f"firewall-cmd --zone={zone} --remove-source={ip} --permanent"


def reload_cmd() -> str:
    return "firewall-cmd --reload"


def panic_on_cmd() -> str:
    return "firewall-cmd --panic-on"


def panic_off_cmd() -> str:
    return "firewall-cmd --panic-off"


def log_cmd(lines: int = 50) -> str:
    return f"journalctl -u firewalld --no-pager -n {lines}"


def services_list_cmd() -> str:
    return "firewall-cmd --get-services"


def default_zone_cmd(zone: str) -> str:
    return f"firewall-cmd --set-default-zone={zone}"


def uninstall_cmd() -> str:
    return (
        "systemctl stop firewalld && "
        "systemctl disable firewalld && "
        "apt remove -y firewalld"
    )