alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

.
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Alex Zaw
2026-01-17 01:08:29 +00:00
parent 747f71e27c
commit 35e0d67446
3 changed files with 16 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/rego-tunnel/build/build.sh
View File

@@ -2,7 +2,7 @@
# Build and push the Cisco VPN Docker image # Build and push the Cisco VPN Docker image
# Run this from the build directory # Run this from the build directory
set -e set -euo pipefail
IMAGE_NAME="${IMAGE_NAME:-git.alexzaw.dev/alexz/cisco-vpn}" IMAGE_NAME="${IMAGE_NAME:-git.alexzaw.dev/alexz/cisco-vpn}"
IMAGE_TAG="${IMAGE_TAG:-latest}" IMAGE_TAG="${IMAGE_TAG:-latest}"

30
apps/rego-tunnel/build/scripts/entrypoint.sh
View File

@@ -1,38 +1,24 @@
#!/bin/bash #!/bin/bash
# Entrypoint: VNC setup + DNS fix + systemd # Entrypoint: VNC password setup + DNS fix + systemd
# Setup VNC password from environment variable (passed by runtipi) set -euo pipefail
if [ -n "$VNC_PASSWORD" ]; then
# Setup TigerVNC password file from env var (passed by runtipi)
# TigerVNC expects /root/.vnc/passwd when using SecurityTypes=VncAuth.
if [ -n "${VNC_PASSWORD:-}" ]; then
mkdir -p /root/.vnc mkdir -p /root/.vnc
x11vnc -storepasswd "$VNC_PASSWORD" /root/.vnc/pass >/dev/null 2>&1 || true printf '%s\n%s\n' "$VNC_PASSWORD" "$VNC_PASSWORD" | vncpasswd -f > /root/.vnc/passwd
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true chmod 600 /root/.vnc/passwd
Xvfb "$DISPLAY" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR &
pids+=($!)
sleep 0.5
fluxbox >/tmp/fluxbox.log 2>&1 &
pids+=($!)
x11vnc -display "$DISPLAY" -rfbauth /root/.vnc/pass -forever -shared -rfbport "$VNC_PORT" -quiet &
pids+=($!)
websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 &
pids+=($!)
fi fi
# Backup current DNS config
cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true
# Unmount Docker's bind mounts (allows VPN to modify DNS)
umount /etc/resolv.conf 2>/dev/null || true umount /etc/resolv.conf 2>/dev/null || true
umount /etc/hosts 2>/dev/null || true umount /etc/hosts 2>/dev/null || true
# Restore DNS config as regular files
cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
echo "[entrypoint] IP forwarding enabled" echo "[entrypoint] IP forwarding enabled"
# Start systemd
exec /sbin/init exec /sbin/init

10
apps/rego-tunnel/config.json
View File

@@ -8,7 +8,9 @@
"description": "Cisco Secure Client VPN in Docker with noVNC web UI for accessing Rego environments. Native Docker - no VM overhead.", "description": "Cisco Secure Client VPN in Docker with noVNC web UI for accessing Rego environments. Native Docker - no VM overhead.",
"tipi_version": 6, "tipi_version": 6,
"version": "5.1.14.145", "version": "5.1.14.145",
"categories": ["utilities"], "categories": [
"utilities"
],
"short_desc": "Cisco VPN tunnel to Rego environments (native Docker)", "short_desc": "Cisco VPN tunnel to Rego environments (native Docker)",
"author": "alexz", "author": "alexz",
"source": "https://git.alexzaw.dev/alexz/runtipi", "source": "https://git.alexzaw.dev/alexz/runtipi",
@@ -65,8 +67,10 @@
"placeholder": "cisco123", "placeholder": "cisco123",
"required": false, "required": false,
"env_variable": "VNC_PASSWORD", "env_variable": "VNC_PASSWORD",
"default": "cisco123" "default": ""
} }
], ],
"supported_architectures": ["amd64"] "supported_architectures": [
"amd64"
]
} }