Update cistech-tunnel: proper image tag, clean Dockerfile, add TOTP field

- docker-compose.json: Use git.alexzaw.dev/alexz/cistech-vpn:latest
- config.json: Add OC_TOTP_SECRET field, keep server cert as default
- Dockerfile: Remove hardcoded credentials (come from env at runtime)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/cistech-tunnel/config.json

@@ -22,14 +22,7 @@
             "type": "text",
             "env_variable": "OC_URL",
             "required": true,
-            "default": "https://vpn.cistech.net/Employees"
+            "default": "https://vpn.example.com"
-        },
-        {
-            "label": "VNC Password",
-            "type": "password",
-            "env_variable": "VNC_PASSWORD",
-            "required": true,
-            "default": "Az@83278327$$@@"
         },
         {
             "label": "Server Certificate",
@@ -42,8 +35,20 @@
             "label": "Username",
             "type": "text",
             "env_variable": "OC_USER",
-            "required": true,
+            "required": true
-            "default": "alex.zaw@cistech.net"
+        },
+        {
+            "label": "TOTP Secret",
+            "type": "password",
+            "env_variable": "OC_TOTP_SECRET",
+            "required": false,
+            "hint": "Base32 TOTP secret for auto-login"
+        },
+        {
+            "label": "VNC Password",
+            "type": "password",
+            "env_variable": "VNC_PASSWORD",
+            "required": true
         }
     ],
     "supported_architectures": [

apps/cistech-tunnel/docker-compose.json

@@ -1,20 +1,22 @@
 {
+  "schemaVersion": 2,
   "services": [
     {
       "name": "cistech-tunnel",
-      "image": "cistech-vpn:latest",
+      "image": "git.alexzaw.dev/alexz/cistech-vpn:latest",
       "isMain": true,
       "internalPort": 6902,
       "privileged": true,
       "capAdd": ["NET_ADMIN"],
-      "devices": ["/dev/net/tun:/dev/net/tun"],
+      "devices": ["/dev/net/tun"],
-      "environment": {
+      "environment": [
-        "OC_URL": "${OC_URL}",
+        { "key": "OC_URL", "value": "${OC_URL}" },
-        "OC_SERVERCERT": "${OC_SERVERCERT}",
+        { "key": "OC_SERVERCERT", "value": "${OC_SERVERCERT}" },
-        "OC_USER": "${OC_USER}",
+        { "key": "OC_USER", "value": "${OC_USER}" },
-        "VNC_PASSWORD": "${VNC_PASSWORD}",
+        { "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" },
-        "NOVNC_PORT": "6902"
+        { "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" },
-      },
+        { "key": "NOVNC_PORT", "value": "6902" }
+      ],
       "volumes": [
         { "hostPath": "${APP_DATA_DIR}/data", "containerPath": "/root" },
         { "hostPath": "${APP_DATA_DIR}", "containerPath": "/runtime" }

apps/cistech-tunnel/source/Dockerfile

@@ -4,12 +4,9 @@ ENV DEBIAN_FRONTEND=noninteractive \
     VIRTUAL_ENV=/opt/venv \
     PATH=/opt/venv/bin:$PATH \
     QTWEBENGINE_DISABLE_SANDBOX=1 \
-    QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu" \
+    QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu"
-    OC_URL="https://vpn.cistech.net/Employees" \
+# Credentials come from environment variables at runtime:
-    OC_SERVERCERT="pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0=" \
+# OC_URL, OC_SERVERCERT, OC_USER, OC_TOTP_SECRET, VNC_PASSWORD
-    OC_USER="alex.zaw@cistech.net" \
-    OC_TOTP_SECRET="t6ypnjqvyx2yvw2l" \
-    VNC_PASSWORD="Az@83278327\$\$@@"
 
 RUN apt-get update && apt-get install -y \
     openconnect iproute2 iptables ca-certificates \