feat(rego-tunnel): Add Dockerfile and build scripts for cisco-vpn image

Includes:
- Dockerfile for native Cisco Secure Client in Docker
- Build scripts (init-vpn.sh, startup-vnc.sh, vpn-connect.sh)
- VNC configuration (xstartup, vnc.service)
- build.sh for manual image builds
- README documenting the architecture

Note: cisco-secure-client-full.tar.gz is gitignored (large binary)
Copy it from ~/projects/cisco-vpn/build/ before building.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/rego-tunnel/build/Dockerfile

@@ -1,17 +1,101 @@
-FROM ubuntu:24.04
+FROM ubuntu:22.04
+
+LABEL maintainer="alexz"
+LABEL description="Cisco Secure Client VPN in Docker with noVNC"
+LABEL version="5.1.14.145"
 
 ENV DEBIAN_FRONTEND=noninteractive
+ENV container=docker
 
-RUN apt-get update && apt-get install -y qemu-system-x86 qemu-utils novnc websockify  x11vnc xvfb fluxbox xterm nano oathtool openssh-server supervisor iproute2 bridge-utils iptables nano net-tools p7zip-full dnsmasq && rm -rf /var/lib/apt/lists/*
+# VNC/noVNC settings
+ENV DISPLAY=:1
+ENV VNC_PORT=5901
+ENV NOVNC_PORT=6080
 
-# Setup SSH
-RUN mkdir /var/run/sshd && echo 'root:vmpassword' | chpasswd && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
+# Install systemd and dependencies
+RUN apt-get update && apt-get install -y \
+    systemd \
+    systemd-sysv \
+    dbus \
+    dbus-x11 \
+    libgtk-3-0 \
+    libglib2.0-0 \
+    libstdc++6 \
+    iptables \
+    libxml2 \
+    network-manager \
+    zlib1g \
+    policykit-1 \
+    xdg-utils \
+    libwebkit2gtk-4.0-37 \
+    # VNC
+    tigervnc-standalone-server \
+    tigervnc-common \
+    novnc \
+    websockify \
+    # Window manager
+    openbox \
+    xterm \
+    # Utilities
+    procps \
+    net-tools \
+    curl \
+    iproute2 \
+    iputils-ping \
+    nano \
+    # Automation tools
+    xdotool \
+    oathtool \
+    xclip \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
 
-WORKDIR /vm
+# Remove unnecessary systemd services that cause issues in containers
+RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
+    /etc/systemd/system/*.wants/* \
+    /lib/systemd/system/local-fs.target.wants/* \
+    /lib/systemd/system/sockets.target.wants/*udev* \
+    /lib/systemd/system/sockets.target.wants/*initctl* \
+    /lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \
+    /lib/systemd/system/systemd-update-utmp*
 
-RUN ln -s /shared/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
-RUN ln -s /shared/start-vm.sh /usr/local/bin/start-vm.sh
-RUN ln -s /shared/setup-network.sh /usr/local/bin/setup-network.sh
-RUN ln -s /shared/start-dnsmasq.sh /usr/local/bin/start-dnsmasq.sh
+# Copy and extract the FULL Cisco Secure Client installation (VPN + DART + Posture)
+COPY cisco-secure-client-full.tar.gz /tmp/
+RUN tar -xzf /tmp/cisco-secure-client-full.tar.gz -C / && rm /tmp/cisco-secure-client-full.tar.gz
 
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+# Enable vpnagentd service
+RUN systemctl enable vpnagentd.service
+
+# Create scripts directory
+RUN mkdir -p /opt/scripts
+
+# Copy scripts
+COPY scripts/init-vpn.sh /opt/scripts/
+COPY scripts/startup-vnc.sh /opt/scripts/
+COPY scripts/vpn-connect.sh /opt/scripts/
+RUN chmod +x /opt/scripts/*.sh
+
+# Setup VNC password (default, can be overridden via mount)
+ARG VNC_PASSWORD=cisco123
+RUN mkdir -p /root/.vnc && \
+    echo "${VNC_PASSWORD}" | vncpasswd -f > /root/.vnc/passwd && \
+    chmod 600 /root/.vnc/passwd
+
+# VNC xstartup script (can be overridden via mount)
+COPY scripts/xstartup /root/.vnc/xstartup
+RUN chmod +x /root/.vnc/xstartup
+
+# Create systemd service for VNC
+COPY scripts/vnc.service /lib/systemd/system/vnc.service
+RUN systemctl enable vnc.service
+
+# Create shared directory for mounting scripts
+RUN mkdir -p /shared
+
+VOLUME ["/sys/fs/cgroup"]
+
+EXPOSE 5901 6080
+
+STOPSIGNAL SIGRTMIN+3
+
+CMD ["/opt/scripts/init-vpn.sh"]