From 35e0d6744662be6a0c1e008209c214443d950354 Mon Sep 17 00:00:00 2001 From: alexz Date: Sat, 17 Jan 2026 01:08:29 +0000 Subject: [PATCH] . --- apps/rego-tunnel/build/build.sh | 2 +- apps/rego-tunnel/build/scripts/entrypoint.sh | 30 ++++++-------------- apps/rego-tunnel/config.json | 10 +++++-- 3 files changed, 16 insertions(+), 26 deletions(-) diff --git a/apps/rego-tunnel/build/build.sh b/apps/rego-tunnel/build/build.sh index 71df5bf..b99ed6a 100644 --- a/apps/rego-tunnel/build/build.sh +++ b/apps/rego-tunnel/build/build.sh @@ -2,7 +2,7 @@ # Build and push the Cisco VPN Docker image # Run this from the build directory -set -e +set -euo pipefail IMAGE_NAME="${IMAGE_NAME:-git.alexzaw.dev/alexz/cisco-vpn}" IMAGE_TAG="${IMAGE_TAG:-latest}" diff --git a/apps/rego-tunnel/build/scripts/entrypoint.sh b/apps/rego-tunnel/build/scripts/entrypoint.sh index ac2852a..71ce4f6 100644 --- a/apps/rego-tunnel/build/scripts/entrypoint.sh +++ b/apps/rego-tunnel/build/scripts/entrypoint.sh @@ -1,38 +1,24 @@ #!/bin/bash -# Entrypoint: VNC setup + DNS fix + systemd +# Entrypoint: VNC password setup + DNS fix + systemd -# Setup VNC password from environment variable (passed by runtipi) -if [ -n "$VNC_PASSWORD" ]; then +set -euo pipefail + +# Setup TigerVNC password file from env var (passed by runtipi) +# TigerVNC expects /root/.vnc/passwd when using SecurityTypes=VncAuth. +if [ -n "${VNC_PASSWORD:-}" ]; then mkdir -p /root/.vnc - x11vnc -storepasswd "$VNC_PASSWORD" /root/.vnc/pass >/dev/null 2>&1 || true - rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true - Xvfb "$DISPLAY" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR & - pids+=($!) - sleep 0.5 - fluxbox >/tmp/fluxbox.log 2>&1 & - pids+=($!) - x11vnc -display "$DISPLAY" -rfbauth /root/.vnc/pass -forever -shared -rfbport "$VNC_PORT" -quiet & - pids+=($!) - websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 & - pids+=($!) + printf '%s\n%s\n' "$VNC_PASSWORD" "$VNC_PASSWORD" | vncpasswd -f > /root/.vnc/passwd + chmod 600 /root/.vnc/passwd fi -# Backup current DNS config cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true - -# Unmount Docker's bind mounts (allows VPN to modify DNS) umount /etc/resolv.conf 2>/dev/null || true umount /etc/hosts 2>/dev/null || true - -# Restore DNS config as regular files cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts -# Enable IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward echo "[entrypoint] IP forwarding enabled" - -# Start systemd exec /sbin/init diff --git a/apps/rego-tunnel/config.json b/apps/rego-tunnel/config.json index dbe598a..1653707 100755 --- a/apps/rego-tunnel/config.json +++ b/apps/rego-tunnel/config.json @@ -8,7 +8,9 @@ "description": "Cisco Secure Client VPN in Docker with noVNC web UI for accessing Rego environments. Native Docker - no VM overhead.", "tipi_version": 6, "version": "5.1.14.145", - "categories": ["utilities"], + "categories": [ + "utilities" + ], "short_desc": "Cisco VPN tunnel to Rego environments (native Docker)", "author": "alexz", "source": "https://git.alexzaw.dev/alexz/runtipi", @@ -65,8 +67,10 @@ "placeholder": "cisco123", "required": false, "env_variable": "VNC_PASSWORD", - "default": "cisco123" + "default": "" } ], - "supported_architectures": ["amd64"] + "supported_architectures": [ + "amd64" + ] }