From 837dffddd5fb4fc44d369ab5bfdee5dfb356fc62 Mon Sep 17 00:00:00 2001 From: alexz Date: Sat, 17 Jan 2026 11:16:32 +0000 Subject: [PATCH] refactor(cistech-tunnel): remove all systemd dependencies - Dockerfile: Removed systemd, systemd-sysv, network-manager packages - Dockerfile: Removed systemd service cleanup, vnc.service, cgroup volume - docker-compose.json/yml: Removed /sys/fs/cgroup volume mount - Bumped tipi_version to 4 Co-Authored-By: Claude Opus 4.5 --- apps/cistech-tunnel/build/Dockerfile | 27 +------------------------ apps/cistech-tunnel/config.json | 2 +- apps/cistech-tunnel/docker-compose.json | 1 - apps/cistech-tunnel/docker-compose.yml | 1 - 4 files changed, 2 insertions(+), 29 deletions(-) diff --git a/apps/cistech-tunnel/build/Dockerfile b/apps/cistech-tunnel/build/Dockerfile index f9d19a1..a953579 100644 --- a/apps/cistech-tunnel/build/Dockerfile +++ b/apps/cistech-tunnel/build/Dockerfile @@ -5,7 +5,6 @@ LABEL description="OpenConnect SSO VPN in Docker with noVNC" LABEL version="1.0.0" ENV DEBIAN_FRONTEND=noninteractive -ENV container=docker # VNC/noVNC settings ENV DISPLAY=:1 @@ -17,10 +16,8 @@ ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright ENV VIRTUAL_ENV=/opt/venv ENV PATH=/opt/venv/bin:$PATH -# Install systemd and dependencies +# Install dependencies (no systemd) RUN apt-get update && apt-get install -y \ - systemd \ - systemd-sysv \ dbus \ dbus-x11 \ libgtk-3-0 \ @@ -28,7 +25,6 @@ RUN apt-get update && apt-get install -y \ libstdc++6 \ iptables \ libxml2 \ - network-manager \ zlib1g \ policykit-1 \ xdg-utils \ @@ -68,38 +64,17 @@ RUN apt-get update && apt-get install -y \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# Remove unnecessary systemd services that cause issues in containers -RUN rm -f /lib/systemd/system/multi-user.target.wants/* \ - /etc/systemd/system/*.wants/* \ - /lib/systemd/system/local-fs.target.wants/* \ - /lib/systemd/system/sockets.target.wants/*udev* \ - /lib/systemd/system/sockets.target.wants/*initctl* \ - /lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \ - /lib/systemd/system/systemd-update-utmp* - # Install openconnect-sso with playwright RUN python3 -m venv "$VIRTUAL_ENV" && \ pip install --no-cache-dir openconnect-sso[full] playwright keyring keyrings.alt && \ python -m playwright install --with-deps chromium RUN mkdir -p /opt/scripts /shared -RUN echo 'IyEvYmluL2Jhc2gKc2V0IC1lCmV4cG9ydCBIT01FPScvcm9vdCcKZXhwb3J0IFVTRVI9J3Jvb3QnCnJtIC1mIC90bXAvLlAxLWxvY2sgL3RtcC8uWDExLXVuaXgvWDEgMj4vZGV2L251bGwgfHwgdHJ1ZQpybSAtcmYgL3RtcC8uWCotbG9jayAvdG1wLy5YMTQtdW5peC8qIDI+L2Rldi9udWxsIHx8IHRydWUKZWNobyAiU3RhcnRpbmcgVGlnZXJWTkMgc2VydmVyIG9uIGRpc3BsYXkgOjEuLi4iCnZuY3NlcnZlciA6MSAtZ2VvbWV0cnkgMTI4MHg4MDAgLWRlcHRoIDI0IC1TZWN1cml0eVR5cGVzIFZuY0F1dGggLWxvY2FsaG9zdCBubwpzbGVlcCAyCmVjaG8gIlN0YXJ0aW5nIG5vVk5DIG9uIHBvcnQgJHtOT1ZOQ19QT1JUOi02MDgwfS4uLiIKd2Vic29ja2lmeSAtLXdlYj0vdXNyL3NoYXJlL25vdm5jLyAke05PVk5DX1BPUlQ6LTYwODB9IGxvY2FsaG9zdDo1OTAxICYKdGFpbCAtZiAvcm9vdC8udm5jLyoubG9nCg==' \ -| base64 -d > /opt/scripts/startup-vnc.sh && \ -chmod +x /opt/scripts/startup-vnc.sh - -RUN echo 'W1VuaXRdCkRlc2NyaXB0aW9uPVZOQyBhbmQgbm9WTkMgU2VydmVyCkFmdGVyPW5ldHdvcmsudGFyZ2V0CgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9vcHQvc2NyaXB0cy9zdGFydHVwLXZuYy5zaApSZXN0YXJ0PWFsd2F5cwpSZXN0YXJ0U2VjPTUKRW52aXJvbm1lbnQ9SE9NRT0vcm9vdApFbnZpcm9ubWVudD1VU0VSPXJvb3QKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=' \ -| base64 -d > /lib/systemd/system/vnc.service -RUN chmod 644 /lib/systemd/system/vnc.service && \ - systemctl enable vnc.service # Copy entrypoint script COPY scripts/entrypoint.sh /opt/scripts/ RUN chmod +x /opt/scripts/entrypoint.sh -VOLUME ["/sys/fs/cgroup"] - EXPOSE 5901 6092 -STOPSIGNAL SIGRTMIN+3 - CMD ["/opt/scripts/entrypoint.sh"] diff --git a/apps/cistech-tunnel/config.json b/apps/cistech-tunnel/config.json index 9d22e40..b21d4a2 100755 --- a/apps/cistech-tunnel/config.json +++ b/apps/cistech-tunnel/config.json @@ -10,7 +10,7 @@ "network" ], "description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.", - "tipi_version": 3, + "tipi_version": 4, "version": "latest", "source": "local", "exposable": true, diff --git a/apps/cistech-tunnel/docker-compose.json b/apps/cistech-tunnel/docker-compose.json index 823d21b..49a6545 100755 --- a/apps/cistech-tunnel/docker-compose.json +++ b/apps/cistech-tunnel/docker-compose.json @@ -19,7 +19,6 @@ { "hostPath": "${APP_DATA_DIR}/config", "containerPath": "/config", "readOnly": false }, { "hostPath": "${APP_DATA_DIR}", "containerPath": "/runtime", "readOnly": false }, { "hostPath": "/etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared", "containerPath": "/shared", "readOnly": false }, - { "hostPath": "/sys/fs/cgroup", "containerPath": "/sys/fs/cgroup", "readOnly": false }, { "hostPath": "/etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup", "containerPath": "/root/.vnc/xstartup", "readOnly": true } ], "stopGracePeriod": "30s", diff --git a/apps/cistech-tunnel/docker-compose.yml b/apps/cistech-tunnel/docker-compose.yml index 50f90c6..6c3d5ef 100755 --- a/apps/cistech-tunnel/docker-compose.yml +++ b/apps/cistech-tunnel/docker-compose.yml @@ -22,7 +22,6 @@ services: - ${APP_DATA_DIR}/config:/config - ${APP_DATA_DIR}:/runtime - /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared:/shared - - /sys/fs/cgroup:/sys/fs/cgroup - /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup:/root/.vnc/xstartup:ro devices: - /dev/net/tun