alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cistech-tunnel: move all scripts to dynamic mounts

Browse Source 
- Move entrypoint.sh from build/scripts/ to shared/ (no longer baked into image)
- Add entrypoint directive to docker-compose.json pointing to /shared/entrypoint.sh
- Update entrypoint.sh to reference /shared/startup-vnc.sh instead of /opt/scripts/
- Bump tipi_version to 7

All scripts are now dynamically controlled via volume mounts from the shared/
directory. The Docker image is a clean base with only packages installed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Alex Zaw
2026-02-04 20:39:20 +00:00
parent 1def782149
commit 16b7a66c01
4 changed files with 3 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
apps/cistech-tunnel/build/scripts/entrypoint.sh
View File

@@ -1,80 +0,0 @@
#!/bin/bash
# Entrypoint: VNC password setup + DNS fix + start VNC
set -euo pipefail
# Force software rendering (no GPU/OpenGL)
export QT_QUICK_BACKEND=software
export LIBGL_ALWAYS_SOFTWARE=1
export GALLIUM_DRIVER=llvmpipe
export MESA_GL_VERSION_OVERRIDE=3.3
# Qt/Chromium flags for running as root
export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu --use-gl=swiftshader"
export QTWEBENGINE_DISABLE_SANDBOX=1
# Setup TigerVNC password file from env var (passed by runtipi)
if [ -n "${VNC_PASSWORD:-}" ]; then
mkdir -p /root/.vnc
printf '%s\n%s\n' "$VNC_PASSWORD" "$VNC_PASSWORD" | vncpasswd -f > /root/.vnc/passwd
chmod 600 /root/.vnc/passwd
fi
# DNS fix - unmount Docker's read-only mounts
cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true
umount /etc/resolv.conf 2>/dev/null || true
umount /etc/hosts 2>/dev/null || true
cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "[entrypoint] IP forwarding enabled"
# Generate openconnect-sso config from environment variables
mkdir -p /root/.config/openconnect-sso
cat > /root/.config/openconnect-sso/config.toml << EOF
on_disconnect = ""
[default_profile]
address = "${VPN_HOST:-}"
user_group = ""
name = ""
[credentials]
username = "${VPN_EMAIL:-}"
[auto_fill_rules]
[[auto_fill_rules."https://*"]]
selector = "div[id=passwordError]"
action = "stop"
[[auto_fill_rules."https://*"]]
selector = "input[type=email]"
fill = "username"
[[auto_fill_rules."https://*"]]
selector = "input[name=passwd]"
fill = "password"
[[auto_fill_rules."https://*"]]
selector = "input[data-report-event=Signin_Submit]"
action = "click"
[[auto_fill_rules."https://*"]]
selector = "div[data-value=PhoneAppOTP]"
action = "click"
[[auto_fill_rules."https://*"]]
selector = "a[id=signInAnotherWay]"
action = "click"
[[auto_fill_rules."https://*"]]
selector = "input[id=idTxtBx_SAOTCC_OTC]"
fill = "totp"
EOF
echo "[entrypoint] openconnect-sso config generated"
# Start VNC server
exec /opt/scripts/startup-vnc.sh

2
apps/cistech-tunnel/config.json
View File

@@ -6,7 +6,7 @@
"dynamic_config": true, "dynamic_config": true,
"id": "cistech-tunnel", "id": "cistech-tunnel",
"description": "openconnect-sso in Docker with noVNC web UI for accessing cistech environments. Native Docker - no VM overhead.", "description": "openconnect-sso in Docker with noVNC web UI for accessing cistech environments. Native Docker - no VM overhead.",
"tipi_version": 6, "tipi_version": 7,
"version": "5.1.14.145", "version": "5.1.14.145",
"categories": [ "categories": [
"utilities" "utilities"

1
apps/cistech-tunnel/docker-compose.json
View File

@@ -4,6 +4,7 @@
{ {
"name": "cistech-tunnel", "name": "cistech-tunnel",
"image": "git.alexzaw.dev/alexz/openconnect-vpn:latest", "image": "git.alexzaw.dev/alexz/openconnect-vpn:latest",
"entrypoint": "/shared/entrypoint.sh",
"environment": [ "environment": [
{ {
"key": "VPN_EMAIL", "key": "VPN_EMAIL",

4
apps/cistech-tunnel/shared/entrypoint.sh
View File

@@ -10,7 +10,7 @@ export GALLIUM_DRIVER=llvmpipe
export MESA_GL_VERSION_OVERRIDE=3.3 export MESA_GL_VERSION_OVERRIDE=3.3
# Qt/Chromium flags for running as root # Qt/Chromium flags for running as root
export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu" export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu --use-gl=swiftshader"
export QTWEBENGINE_DISABLE_SANDBOX=1 export QTWEBENGINE_DISABLE_SANDBOX=1
# Setup TigerVNC password file from env var (passed by runtipi) # Setup TigerVNC password file from env var (passed by runtipi)
@@ -77,6 +77,4 @@ EOF
echo "[entrypoint] openconnect-sso config generated" echo "[entrypoint] openconnect-sso config generated"
# Start VNC server # Start VNC server
chmod +x /shared/*
chmod +x /root/.vnc/xstartup
exec /shared/startup-vnc.sh exec /shared/startup-vnc.sh