Add trigger-based host routing restart (no SSH needed)

- Add runtime volume mount for trigger files
- cisco-vpn now creates /runtime/restart-routing trigger file
- Host systemd path watcher handles restart

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/rego-tunnel/docker-compose.json

@@ -41,6 +41,11 @@
           "containerPath": "/config",
           "readOnly": false
         },
+        {
+          "hostPath": "${APP_DATA_DIR}/runtime",
+          "containerPath": "/runtime",
+          "readOnly": false
+        },
         {
           "hostPath": "/etc/runtipi/repos/runtipi/apps/rego-tunnel/shared",
           "containerPath": "/shared",

apps/rego-tunnel/docker-compose.yml

@@ -19,6 +19,7 @@ services:
       - ${APP_PORT}:6080
     volumes:
       - ${APP_DATA_DIR}/config:/config
+      - ${APP_DATA_DIR}/runtime:/runtime
       - /etc/runtipi/repos/runtipi/apps/rego-tunnel/shared:/shared
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
       - /etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/xstartup:/root/.vnc/xstartup:ro

apps/rego-tunnel/shared/cisco-vpn

@@ -618,12 +618,14 @@ start_anyconnect() {
     # Setup forwarding
     setup_forwarding
 
-    # Restart host routing service
+    # Trigger host routing service restart via file
-    log INFO "Restarting host routing service..."
+    log INFO "Triggering host routing service restart..."
-    if ssh -o ConnectTimeout=5 -o BatchMode=yes root@ssh.alexzaw.dev systemctl restart rego-routing.service; then
+    touch /runtime/restart-routing
+    sleep 2
+    if [ ! -f /runtime/restart-routing ]; then
         log INFO "Host routing service restarted"
     else
-        log WARN "Failed to restart host routing service"
+        log WARN "Host watcher may not be running (trigger file still exists)"
     fi
 
     # Test connection