diff --git a/apps/rego-tunnel-linux/docker-compose.json b/apps/rego-tunnel-linux/docker-compose.json index d810b54..18a464c 100755 --- a/apps/rego-tunnel-linux/docker-compose.json +++ b/apps/rego-tunnel-linux/docker-compose.json @@ -38,6 +38,10 @@ "private": false } ], + "tmpfsMounts": [ + "/run", + "/run/lock" + ], "devices": [ "/dev/net/tun:/dev/net/tun" ], @@ -53,4 +57,4 @@ } } ] -} \ No newline at end of file +} diff --git a/apps/rego-tunnel-linux/docker-compose.yml b/apps/rego-tunnel-linux/docker-compose.yml index 4803280..75326c7 100755 --- a/apps/rego-tunnel-linux/docker-compose.yml +++ b/apps/rego-tunnel-linux/docker-compose.yml @@ -16,6 +16,10 @@ services: - ${APP_DATA_DIR}/data:/data - /etc/runtipi/repos/runtipi/apps/rego-tunnel-linux/source:/config:ro - /sys/fs/cgroup:/sys/fs/cgroup:rw + tmpfs: + - /run + - /run/lock + stop_signal: SIGRTMIN+3 labels: generated: true traefik.enable: true diff --git a/apps/rego-tunnel-linux/source/Dockerfile b/apps/rego-tunnel-linux/source/Dockerfile index 4aca093..972a564 100755 --- a/apps/rego-tunnel-linux/source/Dockerfile +++ b/apps/rego-tunnel-linux/source/Dockerfile @@ -20,7 +20,7 @@ RUN apt-get update && apt-get install -y \ RUN apt-get update && (apt-get install -y libasound2t64 || apt-get install -y libasound2) && rm -rf /var/lib/apt/lists/* -# Configure systemd - remove unnecessary units +# Configure systemd for container use RUN cd /lib/systemd/system/sysinit.target.wants/ && \ ls | grep -v systemd-tmpfiles-setup | xargs rm -f && \ rm -f /lib/systemd/system/multi-user.target.wants/* && \ @@ -55,9 +55,25 @@ RUN chmod +x /root/vpn-sso.sh # Copy AnyConnect preferences COPY .anyconnect_global /opt/cisco/secureclient/vpn/.anyconnect_global +# Copy and install systemd services +COPY rego-vpn-setup.sh /usr/local/bin/rego-vpn-setup.sh +COPY rego-vpn-gui.sh /usr/local/bin/rego-vpn-gui.sh +RUN chmod +x /usr/local/bin/rego-vpn-setup.sh /usr/local/bin/rego-vpn-gui.sh + +COPY rego-vpn.service /etc/systemd/system/rego-vpn.service +COPY cisco-vpnagentd.service /etc/systemd/system/cisco-vpnagentd.service + +# Enable services +RUN systemctl enable rego-vpn.service && \ + systemctl enable cisco-vpnagentd.service + +# Keep old entrypoint as fallback script COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh VOLUME [ "/sys/fs/cgroup" ] EXPOSE 8806 -ENTRYPOINT ["/entrypoint.sh"] + +# Use systemd as init +STOPSIGNAL SIGRTMIN+3 +ENTRYPOINT ["/lib/systemd/systemd"] diff --git a/apps/rego-tunnel-linux/source/cisco-vpnagentd.service b/apps/rego-tunnel-linux/source/cisco-vpnagentd.service new file mode 100644 index 0000000..8641aec --- /dev/null +++ b/apps/rego-tunnel-linux/source/cisco-vpnagentd.service @@ -0,0 +1,15 @@ +[Unit] +Description=Cisco Secure Client VPN Agent +After=dbus.service +Wants=dbus.service + +[Service] +Type=forking +ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh +ExecStartPre=-/bin/rm -f /root/.cisco/hostscan/.libcsd.ipc +ExecStart=/opt/cisco/secureclient/bin/vpnagentd +Restart=on-failure +RestartSec=3 + +[Install] +WantedBy=multi-user.target diff --git a/apps/rego-tunnel-linux/source/rego-vpn-gui.sh b/apps/rego-tunnel-linux/source/rego-vpn-gui.sh new file mode 100644 index 0000000..06edc71 --- /dev/null +++ b/apps/rego-tunnel-linux/source/rego-vpn-gui.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# Main GUI service for Rego VPN + +NOVNC_PORT="${NOVNC_PORT:-8806}" +DISPLAY_ADDR="${DISPLAY:-:1}" + +# Start Xvfb +Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR & +XVFB_PID=$! +sleep 1 + +export DISPLAY="$DISPLAY_ADDR" + +# Start window manager +fluxbox >/tmp/fluxbox.log 2>&1 & + +# Start VNC server +x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet & + +# Start websockify for noVNC +websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 & + +# Start terminal +sleep 1 +xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \ + -T "Rego VPN" -e bash & + +echo "Rego VPN GUI started on port $NOVNC_PORT" + +# Wait for Xvfb (main process) +wait $XVFB_PID diff --git a/apps/rego-tunnel-linux/source/rego-vpn-setup.sh b/apps/rego-tunnel-linux/source/rego-vpn-setup.sh new file mode 100644 index 0000000..b81adbb --- /dev/null +++ b/apps/rego-tunnel-linux/source/rego-vpn-setup.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# Pre-start setup for Rego VPN + +# Add VPN hosts entries +grep -q "vpn-ord1.dovercorp.com" /etc/hosts || echo "162.209.24.100 vpn-ord1.dovercorp.com" >> /etc/hosts +grep -q "vpn.dovercorp.com" /etc/hosts || echo "13.67.192.27 vpn.dovercorp.com" >> /etc/hosts + +# Setup TUN device +mkdir -p /dev/net +if [ ! -c /dev/net/tun ]; then + mknod /dev/net/tun c 10 200 2>/dev/null || true + chmod 600 /dev/net/tun +fi + +# Enable IP forwarding +sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1 || true + +# Load TUN module +/opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true + +# Clean up stale IPC socket +rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true + +# Setup VNC password +mkdir -p /root/.vnc +x11vnc -storepasswd "${VNC_PASSWORD:-vpnpass}" /root/.vnc/pass >/dev/null 2>&1 || true + +# Clean up old X locks +rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true + +echo "Rego VPN setup complete" diff --git a/apps/rego-tunnel-linux/source/rego-vpn.service b/apps/rego-tunnel-linux/source/rego-vpn.service new file mode 100644 index 0000000..04e2b69 --- /dev/null +++ b/apps/rego-tunnel-linux/source/rego-vpn.service @@ -0,0 +1,17 @@ +[Unit] +Description=Rego VPN GUI Services +After=network.target dbus.service +Wants=dbus.service + +[Service] +Type=simple +Environment=DISPLAY=:1 +Environment=NOVNC_PORT=8806 +Environment=VNC_PASSWORD=vpnpass +ExecStartPre=/usr/local/bin/rego-vpn-setup.sh +ExecStart=/usr/local/bin/rego-vpn-gui.sh +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target