alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(cistech-tunnel): remove all systemd dependencies
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source 
- Dockerfile: Removed systemd, systemd-sysv, network-manager packages
- Dockerfile: Removed systemd service cleanup, vnc.service, cgroup volume
- docker-compose.json/yml: Removed /sys/fs/cgroup volume mount
- Bumped tipi_version to 4

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Alex Zaw
2026-01-17 11:16:32 +00:00
parent 1ef9d21ba4
commit 837dffddd5
4 changed files with 2 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
apps/cistech-tunnel/build/Dockerfile
View File

@@ -5,7 +5,6 @@ LABEL description="OpenConnect SSO VPN in Docker with noVNC"
LABEL version="1.0.0" LABEL version="1.0.0"
ENV DEBIAN_FRONTEND=noninteractive ENV DEBIAN_FRONTEND=noninteractive
ENV container=docker
# VNC/noVNC settings # VNC/noVNC settings
ENV DISPLAY=:1 ENV DISPLAY=:1
@@ -17,10 +16,8 @@ ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
ENV VIRTUAL_ENV=/opt/venv ENV VIRTUAL_ENV=/opt/venv
ENV PATH=/opt/venv/bin:$PATH ENV PATH=/opt/venv/bin:$PATH
# Install systemd and dependencies # Install dependencies (no systemd)
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
systemd \
systemd-sysv \
dbus \ dbus \
dbus-x11 \ dbus-x11 \
libgtk-3-0 \ libgtk-3-0 \
@@ -28,7 +25,6 @@ RUN apt-get update && apt-get install -y \
libstdc++6 \ libstdc++6 \
iptables \ iptables \
libxml2 \ libxml2 \
network-manager \
zlib1g \ zlib1g \
policykit-1 \ policykit-1 \
xdg-utils \ xdg-utils \
@@ -68,38 +64,17 @@ RUN apt-get update && apt-get install -y \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Remove unnecessary systemd services that cause issues in containers
RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
/etc/systemd/system/*.wants/* \
/lib/systemd/system/local-fs.target.wants/* \
/lib/systemd/system/sockets.target.wants/*udev* \
/lib/systemd/system/sockets.target.wants/*initctl* \
/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \
/lib/systemd/system/systemd-update-utmp*
# Install openconnect-sso with playwright # Install openconnect-sso with playwright
RUN python3 -m venv "$VIRTUAL_ENV" && \ RUN python3 -m venv "$VIRTUAL_ENV" && \
pip install --no-cache-dir openconnect-sso[full] playwright keyring keyrings.alt && \ pip install --no-cache-dir openconnect-sso[full] playwright keyring keyrings.alt && \
python -m playwright install --with-deps chromium python -m playwright install --with-deps chromium
RUN mkdir -p /opt/scripts /shared RUN mkdir -p /opt/scripts /shared
RUN echo 'IyEvYmluL2Jhc2gKc2V0IC1lCmV4cG9ydCBIT01FPScvcm9vdCcKZXhwb3J0IFVTRVI9J3Jvb3QnCnJtIC1mIC90bXAvLlAxLWxvY2sgL3RtcC8uWDExLXVuaXgvWDEgMj4vZGV2L251bGwgfHwgdHJ1ZQpybSAtcmYgL3RtcC8uWCotbG9jayAvdG1wLy5YMTQtdW5peC8qIDI+L2Rldi9udWxsIHx8IHRydWUKZWNobyAiU3RhcnRpbmcgVGlnZXJWTkMgc2VydmVyIG9uIGRpc3BsYXkgOjEuLi4iCnZuY3NlcnZlciA6MSAtZ2VvbWV0cnkgMTI4MHg4MDAgLWRlcHRoIDI0IC1TZWN1cml0eVR5cGVzIFZuY0F1dGggLWxvY2FsaG9zdCBubwpzbGVlcCAyCmVjaG8gIlN0YXJ0aW5nIG5vVk5DIG9uIHBvcnQgJHtOT1ZOQ19QT1JUOi02MDgwfS4uLiIKd2Vic29ja2lmeSAtLXdlYj0vdXNyL3NoYXJlL25vdm5jLyAke05PVk5DX1BPUlQ6LTYwODB9IGxvY2FsaG9zdDo1OTAxICYKdGFpbCAtZiAvcm9vdC8udm5jLyoubG9nCg==' \
| base64 -d > /opt/scripts/startup-vnc.sh && \
chmod +x /opt/scripts/startup-vnc.sh
RUN echo 'W1VuaXRdCkRlc2NyaXB0aW9uPVZOQyBhbmQgbm9WTkMgU2VydmVyCkFmdGVyPW5ldHdvcmsudGFyZ2V0CgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9vcHQvc2NyaXB0cy9zdGFydHVwLXZuYy5zaApSZXN0YXJ0PWFsd2F5cwpSZXN0YXJ0U2VjPTUKRW52aXJvbm1lbnQ9SE9NRT0vcm9vdApFbnZpcm9ubWVudD1VU0VSPXJvb3QKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=' \
| base64 -d > /lib/systemd/system/vnc.service
RUN chmod 644 /lib/systemd/system/vnc.service && \
systemctl enable vnc.service
# Copy entrypoint script # Copy entrypoint script
COPY scripts/entrypoint.sh /opt/scripts/ COPY scripts/entrypoint.sh /opt/scripts/
RUN chmod +x /opt/scripts/entrypoint.sh RUN chmod +x /opt/scripts/entrypoint.sh
VOLUME ["/sys/fs/cgroup"]
EXPOSE 5901 6092 EXPOSE 5901 6092
STOPSIGNAL SIGRTMIN+3
CMD ["/opt/scripts/entrypoint.sh"] CMD ["/opt/scripts/entrypoint.sh"]

2
apps/cistech-tunnel/config.json
View File

@@ -10,7 +10,7 @@
"network" "network"
], ],
"description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.", "description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.",
"tipi_version": 3, "tipi_version": 4,
"version": "latest", "version": "latest",
"source": "local", "source": "local",
"exposable": true, "exposable": true,

1
apps/cistech-tunnel/docker-compose.json
View File

@@ -19,7 +19,6 @@
{ "hostPath": "${APP_DATA_DIR}/config", "containerPath": "/config", "readOnly": false }, { "hostPath": "${APP_DATA_DIR}/config", "containerPath": "/config", "readOnly": false },
{ "hostPath": "${APP_DATA_DIR}", "containerPath": "/runtime", "readOnly": false }, { "hostPath": "${APP_DATA_DIR}", "containerPath": "/runtime", "readOnly": false },
{ "hostPath": "/etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared", "containerPath": "/shared", "readOnly": false }, { "hostPath": "/etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared", "containerPath": "/shared", "readOnly": false },
{ "hostPath": "/sys/fs/cgroup", "containerPath": "/sys/fs/cgroup", "readOnly": false },
{ "hostPath": "/etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup", "containerPath": "/root/.vnc/xstartup", "readOnly": true } { "hostPath": "/etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup", "containerPath": "/root/.vnc/xstartup", "readOnly": true }
], ],
"stopGracePeriod": "30s", "stopGracePeriod": "30s",

1
apps/cistech-tunnel/docker-compose.yml
View File

@@ -22,7 +22,6 @@ services:
- ${APP_DATA_DIR}/config:/config - ${APP_DATA_DIR}/config:/config
- ${APP_DATA_DIR}:/runtime - ${APP_DATA_DIR}:/runtime
- /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared:/shared - /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared:/shared
- /sys/fs/cgroup:/sys/fs/cgroup
- /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup:/root/.vnc/xstartup:ro - /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup:/root/.vnc/xstartup:ro
devices: devices:
- /dev/net/tun - /dev/net/tun