From 046552d09a5c0eb075148ef1c7ee2c7d1ee9985f Mon Sep 17 00:00:00 2001 From: alexz Date: Sat, 17 Jan 2026 10:07:29 +0000 Subject: [PATCH] Update cistech-tunnel: proper image tag, clean Dockerfile, add TOTP field - docker-compose.json: Use git.alexzaw.dev/alexz/cistech-vpn:latest - config.json: Add OC_TOTP_SECRET field, keep server cert as default - Dockerfile: Remove hardcoded credentials (come from env at runtime) Co-Authored-By: Claude Opus 4.5 --- apps/cistech-tunnel/config.json | 25 +++++++++++++++---------- apps/cistech-tunnel/docker-compose.json | 20 +++++++++++--------- apps/cistech-tunnel/source/Dockerfile | 9 +++------ 3 files changed, 29 insertions(+), 25 deletions(-) diff --git a/apps/cistech-tunnel/config.json b/apps/cistech-tunnel/config.json index 04efcb9..70f7ad7 100755 --- a/apps/cistech-tunnel/config.json +++ b/apps/cistech-tunnel/config.json @@ -22,14 +22,7 @@ "type": "text", "env_variable": "OC_URL", "required": true, - "default": "https://vpn.cistech.net/Employees" - }, - { - "label": "VNC Password", - "type": "password", - "env_variable": "VNC_PASSWORD", - "required": true, - "default": "Az@83278327$$@@" + "default": "https://vpn.example.com" }, { "label": "Server Certificate", @@ -42,8 +35,20 @@ "label": "Username", "type": "text", "env_variable": "OC_USER", - "required": true, - "default": "alex.zaw@cistech.net" + "required": true + }, + { + "label": "TOTP Secret", + "type": "password", + "env_variable": "OC_TOTP_SECRET", + "required": false, + "hint": "Base32 TOTP secret for auto-login" + }, + { + "label": "VNC Password", + "type": "password", + "env_variable": "VNC_PASSWORD", + "required": true } ], "supported_architectures": [ diff --git a/apps/cistech-tunnel/docker-compose.json b/apps/cistech-tunnel/docker-compose.json index 3e4cd59..ae10fac 100755 --- a/apps/cistech-tunnel/docker-compose.json +++ b/apps/cistech-tunnel/docker-compose.json @@ -1,20 +1,22 @@ { + "schemaVersion": 2, "services": [ { "name": "cistech-tunnel", - "image": "cistech-vpn:latest", + "image": "git.alexzaw.dev/alexz/cistech-vpn:latest", "isMain": true, "internalPort": 6902, "privileged": true, "capAdd": ["NET_ADMIN"], - "devices": ["/dev/net/tun:/dev/net/tun"], - "environment": { - "OC_URL": "${OC_URL}", - "OC_SERVERCERT": "${OC_SERVERCERT}", - "OC_USER": "${OC_USER}", - "VNC_PASSWORD": "${VNC_PASSWORD}", - "NOVNC_PORT": "6902" - }, + "devices": ["/dev/net/tun"], + "environment": [ + { "key": "OC_URL", "value": "${OC_URL}" }, + { "key": "OC_SERVERCERT", "value": "${OC_SERVERCERT}" }, + { "key": "OC_USER", "value": "${OC_USER}" }, + { "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" }, + { "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" }, + { "key": "NOVNC_PORT", "value": "6902" } + ], "volumes": [ { "hostPath": "${APP_DATA_DIR}/data", "containerPath": "/root" }, { "hostPath": "${APP_DATA_DIR}", "containerPath": "/runtime" } diff --git a/apps/cistech-tunnel/source/Dockerfile b/apps/cistech-tunnel/source/Dockerfile index 28111e1..36d6324 100755 --- a/apps/cistech-tunnel/source/Dockerfile +++ b/apps/cistech-tunnel/source/Dockerfile @@ -4,12 +4,9 @@ ENV DEBIAN_FRONTEND=noninteractive \ VIRTUAL_ENV=/opt/venv \ PATH=/opt/venv/bin:$PATH \ QTWEBENGINE_DISABLE_SANDBOX=1 \ - QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu" \ - OC_URL="https://vpn.cistech.net/Employees" \ - OC_SERVERCERT="pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0=" \ - OC_USER="alex.zaw@cistech.net" \ - OC_TOTP_SECRET="t6ypnjqvyx2yvw2l" \ - VNC_PASSWORD="Az@83278327\$\$@@" + QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu" +# Credentials come from environment variables at runtime: +# OC_URL, OC_SERVERCERT, OC_USER, OC_TOTP_SECRET, VNC_PASSWORD RUN apt-get update && apt-get install -y \ openconnect iproute2 iptables ca-certificates \