From 1bd5a21a9460ce2eeb3ae29b5adc1467300a46a9 Mon Sep 17 00:00:00 2001
From: alexz <me@alexzaw.dev>
Date: Sat, 17 Jan 2026 16:21:26 +0000
Subject: [PATCH] fix(cistech-tunnel): add sudo and system dbus for
 openconnect-sso

---
 apps/cistech-tunnel/build/Dockerfile       | 2 ++
 apps/cistech-tunnel/shared/entrypoint.sh   | 2 +-
 apps/cistech-tunnel/shared/openconnect-vpn | 0
 apps/cistech-tunnel/shared/xstartup        | 6 +++++-
 4 files changed, 8 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 apps/cistech-tunnel/shared/openconnect-vpn

diff --git a/apps/cistech-tunnel/build/Dockerfile b/apps/cistech-tunnel/build/Dockerfile
index 4b4c6fb..3e9e837 100644
--- a/apps/cistech-tunnel/build/Dockerfile
+++ b/apps/cistech-tunnel/build/Dockerfile
@@ -88,6 +88,8 @@ RUN apt-get update && apt-get install -y \
     libxcb-randr0 \
     libxcb-glx0 \
     libxcb-shape0 \
+    # sudo needed for openconnect-sso
+    sudo \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
diff --git a/apps/cistech-tunnel/shared/entrypoint.sh b/apps/cistech-tunnel/shared/entrypoint.sh
index c560f94..06bcdd3 100644
--- a/apps/cistech-tunnel/shared/entrypoint.sh
+++ b/apps/cistech-tunnel/shared/entrypoint.sh
@@ -10,7 +10,7 @@ export GALLIUM_DRIVER=llvmpipe
 export MESA_GL_VERSION_OVERRIDE=3.3
 
 # Qt/Chromium flags for running as root
-export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu --use-gl=swiftshader"
+export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu"
 export QTWEBENGINE_DISABLE_SANDBOX=1
 
 # Setup TigerVNC password file from env var (passed by runtipi)
diff --git a/apps/cistech-tunnel/shared/openconnect-vpn b/apps/cistech-tunnel/shared/openconnect-vpn
old mode 100644
new mode 100755
diff --git a/apps/cistech-tunnel/shared/xstartup b/apps/cistech-tunnel/shared/xstartup
index e94ba11..ba07013 100644
--- a/apps/cistech-tunnel/shared/xstartup
+++ b/apps/cistech-tunnel/shared/xstartup
@@ -25,9 +25,13 @@ export GDK_BACKEND=x11
 export WEBKIT_DISABLE_DMABUF_RENDERER=1
 
 # Qt/Chromium flags for running as root (no sandbox)
-export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu --use-gl=swiftshader"
+export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu"
 export QTWEBENGINE_DISABLE_SANDBOX=1
 
+# Start system dbus daemon (needed for Chromium)
+mkdir -p /run/dbus
+dbus-daemon --system --fork 2>/dev/null || true
+
 # Start dbus session
 [ -x /usr/bin/dbus-launch ] && eval $(dbus-launch --sh-syntax --exit-with-session)