From 6c790f84aa520cb5a722109aebe5806ddce43153 Mon Sep 17 00:00:00 2001
From: alexz <me@alexzaw.dev>
Date: Mon, 29 Dec 2025 00:57:47 +0000
Subject: [PATCH] rego-tunnel: default TSCLIENT to APP_DATA_DIR + auto-mount 9p

---
 apps/rego-tunnel/build/start-vm.sh   | 52 +++++++++++++++++++++++++++-
 apps/rego-tunnel/config.json         |  4 +--
 apps/rego-tunnel/docker-compose.json |  4 +--
 apps/rego-tunnel/docker-compose.yml  |  4 +--
 4 files changed, 57 insertions(+), 7 deletions(-)

diff --git a/apps/rego-tunnel/build/start-vm.sh b/apps/rego-tunnel/build/start-vm.sh
index bec82b7..4c87775 100755
--- a/apps/rego-tunnel/build/start-vm.sh
+++ b/apps/rego-tunnel/build/start-vm.sh
@@ -28,6 +28,56 @@ TAP_NAME="${TAP_NAME:-tap0}"
 # Optional: provide a dedicated 9p export for host app-data (bind-mounted into the container at /shared/app-data)
 TSCLIENT_PATH="/hostshare"
 TSCLIENT_TAG="${TSCLIENT_TAG:-TSCLIENT}"
+SHARED_TAG="${SHARED_TAG:-shared}"
+
+# Ensure the VM auto-mounts the 9p shares without manual steps.
+# This edits the QCOW2 from the outside (idempotent) before QEMU boots.
+AUTO_MOUNT_9P="${AUTO_MOUNT_9P:-1}"
+if [ "$AUTO_MOUNT_9P" = "1" ]; then
+	QCOW2_PATH="/vm/linux-vm.qcow2"
+	NBD_DEV="${NBD_DEV:-/dev/nbd0}"
+	VMROOT_MNT="/mnt/vmroot"
+
+	if [ -e "$QCOW2_PATH" ] && [ -e "$NBD_DEV" ]; then
+		echo "[rego-tunnel] Ensuring guest fstab mounts 9p tags ($SHARED_TAG, $TSCLIENT_TAG)"
+		modprobe nbd max_part=16 >/dev/null 2>&1 || true
+		qemu-nbd --disconnect "$NBD_DEV" >/dev/null 2>&1 || true
+		qemu-nbd --connect "$NBD_DEV" "$QCOW2_PATH"
+		sleep 1
+
+		mkdir -p "$VMROOT_MNT"
+		ROOT_PART=""
+		for part in "${NBD_DEV}"p*; do
+			[ -e "$part" ] || continue
+			# Try mount and detect a Linux root by presence of /etc/fstab and /etc/os-release
+			if mount "$part" "$VMROOT_MNT" >/dev/null 2>&1; then
+				if [ -f "$VMROOT_MNT/etc/fstab" ] && [ -f "$VMROOT_MNT/etc/os-release" ]; then
+					ROOT_PART="$part"
+					break
+				fi
+				umount "$VMROOT_MNT" >/dev/null 2>&1 || true
+			fi
+		done
+
+		if [ -n "$ROOT_PART" ]; then
+			# already mounted from loop above
+			mkdir -p "$VMROOT_MNT/shared" "$VMROOT_MNT/mnt/TSCLIENT"
+
+			FSTAB="$VMROOT_MNT/etc/fstab"
+			# Add entries only if missing
+			grep -qE "^[[:space:]]*${SHARED_TAG}[[:space:]]+" "$FSTAB" || echo "${SHARED_TAG} /shared 9p trans=virtio,version=9p2000.L,msize=262144,_netdev,nofail,x-systemd.automount 0 0" >> "$FSTAB"
+			grep -qE "^[[:space:]]*${TSCLIENT_TAG}[[:space:]]+" "$FSTAB" || echo "${TSCLIENT_TAG} /mnt/TSCLIENT 9p trans=virtio,version=9p2000.L,msize=262144,_netdev,nofail,x-systemd.automount 0 0" >> "$FSTAB"
+
+			umount "$VMROOT_MNT" >/dev/null 2>&1 || true
+		else
+			echo "[rego-tunnel] WARN: could not locate guest root partition; skipping auto-mount setup"
+		fi
+
+		qemu-nbd --disconnect "$NBD_DEV" >/dev/null 2>&1 || true
+	else
+		echo "[rego-tunnel] WARN: missing $QCOW2_PATH or $NBD_DEV; skipping auto-mount setup"
+	fi
+fi
 
 exec qemu-system-x86_64 \
 	-enable-kvm \
@@ -36,7 +86,7 @@ exec qemu-system-x86_64 \
 	-smp ${VM_CPUS:-4} \
 	-hda /vm/linux-vm.qcow2 \
 	-fsdev local,id=fsdev0,path=/shared,security_model=none,multidevs=remap \
-	-device virtio-9p-pci,fsdev=fsdev0,mount_tag=shared \
+	-device virtio-9p-pci,fsdev=fsdev0,mount_tag="$SHARED_TAG" \
 	-fsdev local,id=fsdev1,path="$TSCLIENT_PATH",security_model=none,multidevs=remap \
 	-device virtio-9p-pci,fsdev=fsdev1,mount_tag="$TSCLIENT_TAG" \
 	-netdev tap,id=net0,ifname="$TAP_NAME",script=no,downscript=no \
diff --git a/apps/rego-tunnel/config.json b/apps/rego-tunnel/config.json
index f739314..a6416f3 100755
--- a/apps/rego-tunnel/config.json
+++ b/apps/rego-tunnel/config.json
@@ -116,10 +116,10 @@
       "type": "text",
       "label": "Host share directory",
       "hint": "Directory on the host to share with the VM (exported to the VM as 9p tag TSCLIENT)",
-      "placeholder": "/etc/runtipi/app-data",
+      "placeholder": "${APP_DATA_DIR}",
       "required": false,
       "env_variable": "TSCLIENT",
-      "default": "/etc/runtipi/app-data"
+      "default": "${APP_DATA_DIR}"
     }
   ],
   "supported_architectures": ["amd64"]
diff --git a/apps/rego-tunnel/docker-compose.json b/apps/rego-tunnel/docker-compose.json
index 8e0ae4d..98d17b8 100755
--- a/apps/rego-tunnel/docker-compose.json
+++ b/apps/rego-tunnel/docker-compose.json
@@ -51,7 +51,7 @@
         },
         {
           "key": "TSCLIENT",
-          "value": "${TSCLIENT:-/etc/runtipi/app-data}"
+          "value": "${TSCLIENT:-${APP_DATA_DIR}}"
         }
       ],
       "internalPort": 8006,
@@ -71,7 +71,7 @@
           "private": false
         },
         {
-          "hostPath": "${TSCLIENT:-/etc/runtipi/app-data}",
+          "hostPath": "${TSCLIENT:-${APP_DATA_DIR}}",
           "containerPath": "/hostshare",
           "readOnly": false,
           "shared": false,
diff --git a/apps/rego-tunnel/docker-compose.yml b/apps/rego-tunnel/docker-compose.yml
index d22c09e..980c55a 100755
--- a/apps/rego-tunnel/docker-compose.yml
+++ b/apps/rego-tunnel/docker-compose.yml
@@ -24,11 +24,11 @@ services:
       - VM_MAC=${VM_MAC:-52:54:00:12:34:56}
       - DNS_SERVERS=${DNS_SERVERS:-1.1.1.1,8.8.8.8}
       - LEASE_TIME=${LEASE_TIME:-12h}
-      - TSCLIENT=${TSCLIENT:-/etc/runtipi/app-data}
+      - TSCLIENT=${TSCLIENT:-${APP_DATA_DIR}}
     volumes:
       - /etc/runtipi/user-config/runtipi/rego-tunnel/storage/linux-vm.qcow2:/vm/linux-vm.qcow2
       - /etc/runtipi/user-config/runtipi/rego-tunnel/shared:/shared
-      - ${TSCLIENT:-/etc/runtipi/app-data}:/hostshare
+      - ${TSCLIENT:-${APP_DATA_DIR}}:/hostshare
     networks:
       - tipi_main_network
     sysctls: