alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rebuild rego-tunnel-linux with systemd as init
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Alex Zaw
2025-12-25 01:08:20 +00:00
parent 06662a294b
commit a17fe5843d
7 changed files with 121 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/rego-tunnel-linux/docker-compose.json
View File

@@ -38,6 +38,10 @@
"private": false "private": false
} }
], ],
"tmpfsMounts": [
"/run",
"/run/lock"
],
"devices": [ "devices": [
"/dev/net/tun:/dev/net/tun" "/dev/net/tun:/dev/net/tun"
], ],

4
apps/rego-tunnel-linux/docker-compose.yml
View File

@@ -16,6 +16,10 @@ services:
- ${APP_DATA_DIR}/data:/data - ${APP_DATA_DIR}/data:/data
- /etc/runtipi/repos/runtipi/apps/rego-tunnel-linux/source:/config:ro - /etc/runtipi/repos/runtipi/apps/rego-tunnel-linux/source:/config:ro
- /sys/fs/cgroup:/sys/fs/cgroup:rw - /sys/fs/cgroup:/sys/fs/cgroup:rw
tmpfs:
- /run
- /run/lock
stop_signal: SIGRTMIN+3
labels: labels:
generated: true generated: true
traefik.enable: true traefik.enable: true

20
apps/rego-tunnel-linux/source/Dockerfile
View File

@@ -20,7 +20,7 @@ RUN apt-get update && apt-get install -y \
RUN apt-get update && (apt-get install -y libasound2t64 || apt-get install -y libasound2) && rm -rf /var/lib/apt/lists/* RUN apt-get update && (apt-get install -y libasound2t64 || apt-get install -y libasound2) && rm -rf /var/lib/apt/lists/*
# Configure systemd - remove unnecessary units # Configure systemd for container use
RUN cd /lib/systemd/system/sysinit.target.wants/ && \ RUN cd /lib/systemd/system/sysinit.target.wants/ && \
ls | grep -v systemd-tmpfiles-setup | xargs rm -f && \ ls | grep -v systemd-tmpfiles-setup | xargs rm -f && \
rm -f /lib/systemd/system/multi-user.target.wants/* && \ rm -f /lib/systemd/system/multi-user.target.wants/* && \
@@ -55,9 +55,25 @@ RUN chmod +x /root/vpn-sso.sh
# Copy AnyConnect preferences # Copy AnyConnect preferences
COPY .anyconnect_global /opt/cisco/secureclient/vpn/.anyconnect_global COPY .anyconnect_global /opt/cisco/secureclient/vpn/.anyconnect_global
# Copy and install systemd services
COPY rego-vpn-setup.sh /usr/local/bin/rego-vpn-setup.sh
COPY rego-vpn-gui.sh /usr/local/bin/rego-vpn-gui.sh
RUN chmod +x /usr/local/bin/rego-vpn-setup.sh /usr/local/bin/rego-vpn-gui.sh
COPY rego-vpn.service /etc/systemd/system/rego-vpn.service
COPY cisco-vpnagentd.service /etc/systemd/system/cisco-vpnagentd.service
# Enable services
RUN systemctl enable rego-vpn.service && \
systemctl enable cisco-vpnagentd.service
# Keep old entrypoint as fallback script
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh RUN chmod +x /entrypoint.sh
VOLUME [ "/sys/fs/cgroup" ] VOLUME [ "/sys/fs/cgroup" ]
EXPOSE 8806 EXPOSE 8806
ENTRYPOINT ["/entrypoint.sh"]
# Use systemd as init
STOPSIGNAL SIGRTMIN+3
ENTRYPOINT ["/lib/systemd/systemd"]

15
apps/rego-tunnel-linux/source/cisco-vpnagentd.service Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=Cisco Secure Client VPN Agent
After=dbus.service
Wants=dbus.service
[Service]
Type=forking
ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh
ExecStartPre=-/bin/rm -f /root/.cisco/hostscan/.libcsd.ipc
ExecStart=/opt/cisco/secureclient/bin/vpnagentd
Restart=on-failure
RestartSec=3
[Install]
WantedBy=multi-user.target

31
apps/rego-tunnel-linux/source/rego-vpn-gui.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/bin/bash
# Main GUI service for Rego VPN
NOVNC_PORT="${NOVNC_PORT:-8806}"
DISPLAY_ADDR="${DISPLAY:-:1}"
# Start Xvfb
Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR &
XVFB_PID=$!
sleep 1
export DISPLAY="$DISPLAY_ADDR"
# Start window manager
fluxbox >/tmp/fluxbox.log 2>&1 &
# Start VNC server
x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet &
# Start websockify for noVNC
websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 &
# Start terminal
sleep 1
xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \
-T "Rego VPN" -e bash &
echo "Rego VPN GUI started on port $NOVNC_PORT"
# Wait for Xvfb (main process)
wait $XVFB_PID

31
apps/rego-tunnel-linux/source/rego-vpn-setup.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/bin/bash
# Pre-start setup for Rego VPN
# Add VPN hosts entries
grep -q "vpn-ord1.dovercorp.com" /etc/hosts || echo "162.209.24.100 vpn-ord1.dovercorp.com" >> /etc/hosts
grep -q "vpn.dovercorp.com" /etc/hosts || echo "13.67.192.27 vpn.dovercorp.com" >> /etc/hosts
# Setup TUN device
mkdir -p /dev/net
if [ ! -c /dev/net/tun ]; then
mknod /dev/net/tun c 10 200 2>/dev/null || true
chmod 600 /dev/net/tun
fi
# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1 || true
# Load TUN module
/opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true
# Clean up stale IPC socket
rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true
# Setup VNC password
mkdir -p /root/.vnc
x11vnc -storepasswd "${VNC_PASSWORD:-vpnpass}" /root/.vnc/pass >/dev/null 2>&1 || true
# Clean up old X locks
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
echo "Rego VPN setup complete"

17
apps/rego-tunnel-linux/source/rego-vpn.service Normal file
View File

@@ -0,0 +1,17 @@
[Unit]
Description=Rego VPN GUI Services
After=network.target dbus.service
Wants=dbus.service
[Service]
Type=simple
Environment=DISPLAY=:1
Environment=NOVNC_PORT=8806
Environment=VNC_PASSWORD=vpnpass
ExecStartPre=/usr/local/bin/rego-vpn-setup.sh
ExecStart=/usr/local/bin/rego-vpn-gui.sh
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target