#!/usr/bin/env bash
# Export recent journald entries to a JSONL file the Turnstone container can ingest.
#
# Run this on the HOST before the container ingest step. The output file lands in
# /opt/turnstone/data/ which is bind-mounted at /data/ inside the container.
#
# Priority filter 0-5 (emerg→notice) skips debug/info noise while keeping
# all warnings, errors, and service lifecycle events.
#
# Usage (standalone):
#   sudo bash /opt/turnstone/scripts/export_journal.sh
#
# Typical cron (combined with ingest — see crontab comment below):
#   */15 * * * * bash /opt/turnstone/scripts/export_journal.sh && \
#     podman exec turnstone python scripts/ingest_corpus.py \
#       --sources /patterns/sources.yaml --db /data/turnstone.db \
#       >> /var/log/turnstone-ingest.log 2>&1

set -euo pipefail

OUT=/opt/turnstone/data/journal-export.jsonl

# 20-minute window (slightly wider than the 15-min cron interval) ensures no
# gaps between runs. Ingest is idempotent via entry_id hash, so overlap is safe.
journalctl \
  --output=json \
  --priority=0..5 \
  --since "20 minutes ago" \
  --no-pager \
  > "${OUT}"

echo "Exported $(wc -l < "${OUT}") journal entries to ${OUT}"