From 99847c3ff08e35a8287681cf17d6096456fd129d Mon Sep 17 00:00:00 2001 From: alexz Date: Sat, 17 Jan 2026 04:02:07 +0000 Subject: [PATCH] Update build/README.md for current architecture --- apps/rego-tunnel/build/README.md | 52 +++++++++++++++++++------------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/apps/rego-tunnel/build/README.md b/apps/rego-tunnel/build/README.md index a7b406e..79aefec 100644 --- a/apps/rego-tunnel/build/README.md +++ b/apps/rego-tunnel/build/README.md @@ -4,15 +4,10 @@ This directory contains the Dockerfile and scripts to build the Cisco VPN Docker ## Files -- `Dockerfile` - Main Docker image definition -- `cisco-secure-client-full.tar.gz` - Pre-extracted Cisco Secure Client installation -- `build.sh` - Build script to create the Docker image -- `scripts/` - Container scripts: - - `init-vpn.sh` - Container init (unmounts DNS files for VPN, starts systemd) - - `startup-vnc.sh` - VNC/noVNC startup script - - `vpn-connect.sh` - VPN automation script (inside container) - - `xstartup` - VNC session startup - - `vnc.service` - Systemd service for VNC +- `Dockerfile` - Docker image definition (Ubuntu 22.04 + Cisco Secure Client + noVNC) +- `cisco-secure-client-full.tar.gz` - Pre-extracted Cisco Secure Client 5.1.14.145 +- `build.sh` - Build and push script +- `scripts/entrypoint.sh` - Container entrypoint (starts systemd) ## Building @@ -21,21 +16,36 @@ cd /etc/runtipi/repos/runtipi/apps/rego-tunnel/build ./build.sh ``` -To push to registry: +This builds and pushes to `git.alexzaw.dev/alexz/cisco-vpn:latest` + +To build without pushing: ```bash -docker push git.alexzaw.dev/alexz/cisco-vpn:latest +docker build -t git.alexzaw.dev/alexz/cisco-vpn:latest . ``` -## Architecture +## What's in the image -1. **init-vpn.sh**: Unmounts Docker's bind-mounted `/etc/resolv.conf` and `/etc/hosts` (required for VPN to modify DNS), then starts systemd -2. **systemd**: Manages vpnagentd (Cisco VPN agent) and vnc (VNC server) services -3. **xstartup**: Runs when VNC session starts - by default launches vpnui, but can be overridden via volume mount -4. **vpn-connect.sh**: Optional automation script for auto-login with TOTP +The Dockerfile creates an image with: +- Ubuntu 22.04 with systemd +- Cisco Secure Client 5.1.14.145 (VPN, DART, Posture modules) +- TigerVNC server + noVNC (web-based VNC) +- Tools: xdotool, oathtool (for TOTP), xclip, openbox -## Runtime Mounts +### Systemd services (baked in) +- `vpnagentd.service` - Cisco VPN agent +- `vnc.service` - VNC server + noVNC websockify -When running as rego-tunnel app, these are mounted: -- `/shared` - Contains the `cisco-vpn` script with full automation -- `/root/.vnc/xstartup` - Custom xstartup that launches terminal with cisco-vpn script -- `/opt/scripts/init-vpn.sh` - Custom init script with network setup +### Scripts (baked in via base64 in Dockerfile) +- `/opt/scripts/startup-vnc.sh` - Starts VNC server and noVNC +- `/opt/scripts/entrypoint.sh` - Container entrypoint + +## Runtime mounts (from shared/) + +When running as rego-tunnel app, these are mounted from `shared/`: +- `/shared/cisco-vpn` - Main VPN automation script +- `/shared/xstartup` → `/root/.vnc/xstartup` - VNC session startup + +## Ports + +- `5901` - VNC server +- `6080` - noVNC web interface