Rebuild rego-tunnel-linux with systemd as init
Some checks failed
Test / test (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
This commit is contained in:
@@ -38,6 +38,10 @@
|
||||
"private": false
|
||||
}
|
||||
],
|
||||
"tmpfsMounts": [
|
||||
"/run",
|
||||
"/run/lock"
|
||||
],
|
||||
"devices": [
|
||||
"/dev/net/tun:/dev/net/tun"
|
||||
],
|
||||
|
||||
@@ -16,6 +16,10 @@ services:
|
||||
- ${APP_DATA_DIR}/data:/data
|
||||
- /etc/runtipi/repos/runtipi/apps/rego-tunnel-linux/source:/config:ro
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||
tmpfs:
|
||||
- /run
|
||||
- /run/lock
|
||||
stop_signal: SIGRTMIN+3
|
||||
labels:
|
||||
generated: true
|
||||
traefik.enable: true
|
||||
|
||||
@@ -20,7 +20,7 @@ RUN apt-get update && apt-get install -y \
|
||||
|
||||
RUN apt-get update && (apt-get install -y libasound2t64 || apt-get install -y libasound2) && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Configure systemd - remove unnecessary units
|
||||
# Configure systemd for container use
|
||||
RUN cd /lib/systemd/system/sysinit.target.wants/ && \
|
||||
ls | grep -v systemd-tmpfiles-setup | xargs rm -f && \
|
||||
rm -f /lib/systemd/system/multi-user.target.wants/* && \
|
||||
@@ -55,9 +55,25 @@ RUN chmod +x /root/vpn-sso.sh
|
||||
# Copy AnyConnect preferences
|
||||
COPY .anyconnect_global /opt/cisco/secureclient/vpn/.anyconnect_global
|
||||
|
||||
# Copy and install systemd services
|
||||
COPY rego-vpn-setup.sh /usr/local/bin/rego-vpn-setup.sh
|
||||
COPY rego-vpn-gui.sh /usr/local/bin/rego-vpn-gui.sh
|
||||
RUN chmod +x /usr/local/bin/rego-vpn-setup.sh /usr/local/bin/rego-vpn-gui.sh
|
||||
|
||||
COPY rego-vpn.service /etc/systemd/system/rego-vpn.service
|
||||
COPY cisco-vpnagentd.service /etc/systemd/system/cisco-vpnagentd.service
|
||||
|
||||
# Enable services
|
||||
RUN systemctl enable rego-vpn.service && \
|
||||
systemctl enable cisco-vpnagentd.service
|
||||
|
||||
# Keep old entrypoint as fallback script
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
VOLUME [ "/sys/fs/cgroup" ]
|
||||
EXPOSE 8806
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
||||
# Use systemd as init
|
||||
STOPSIGNAL SIGRTMIN+3
|
||||
ENTRYPOINT ["/lib/systemd/systemd"]
|
||||
|
||||
15
apps/rego-tunnel-linux/source/cisco-vpnagentd.service
Normal file
15
apps/rego-tunnel-linux/source/cisco-vpnagentd.service
Normal file
@@ -0,0 +1,15 @@
|
||||
[Unit]
|
||||
Description=Cisco Secure Client VPN Agent
|
||||
After=dbus.service
|
||||
Wants=dbus.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh
|
||||
ExecStartPre=-/bin/rm -f /root/.cisco/hostscan/.libcsd.ipc
|
||||
ExecStart=/opt/cisco/secureclient/bin/vpnagentd
|
||||
Restart=on-failure
|
||||
RestartSec=3
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
31
apps/rego-tunnel-linux/source/rego-vpn-gui.sh
Normal file
31
apps/rego-tunnel-linux/source/rego-vpn-gui.sh
Normal file
@@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
# Main GUI service for Rego VPN
|
||||
|
||||
NOVNC_PORT="${NOVNC_PORT:-8806}"
|
||||
DISPLAY_ADDR="${DISPLAY:-:1}"
|
||||
|
||||
# Start Xvfb
|
||||
Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR &
|
||||
XVFB_PID=$!
|
||||
sleep 1
|
||||
|
||||
export DISPLAY="$DISPLAY_ADDR"
|
||||
|
||||
# Start window manager
|
||||
fluxbox >/tmp/fluxbox.log 2>&1 &
|
||||
|
||||
# Start VNC server
|
||||
x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet &
|
||||
|
||||
# Start websockify for noVNC
|
||||
websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 &
|
||||
|
||||
# Start terminal
|
||||
sleep 1
|
||||
xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \
|
||||
-T "Rego VPN" -e bash &
|
||||
|
||||
echo "Rego VPN GUI started on port $NOVNC_PORT"
|
||||
|
||||
# Wait for Xvfb (main process)
|
||||
wait $XVFB_PID
|
||||
31
apps/rego-tunnel-linux/source/rego-vpn-setup.sh
Normal file
31
apps/rego-tunnel-linux/source/rego-vpn-setup.sh
Normal file
@@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
# Pre-start setup for Rego VPN
|
||||
|
||||
# Add VPN hosts entries
|
||||
grep -q "vpn-ord1.dovercorp.com" /etc/hosts || echo "162.209.24.100 vpn-ord1.dovercorp.com" >> /etc/hosts
|
||||
grep -q "vpn.dovercorp.com" /etc/hosts || echo "13.67.192.27 vpn.dovercorp.com" >> /etc/hosts
|
||||
|
||||
# Setup TUN device
|
||||
mkdir -p /dev/net
|
||||
if [ ! -c /dev/net/tun ]; then
|
||||
mknod /dev/net/tun c 10 200 2>/dev/null || true
|
||||
chmod 600 /dev/net/tun
|
||||
fi
|
||||
|
||||
# Enable IP forwarding
|
||||
sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1 || true
|
||||
|
||||
# Load TUN module
|
||||
/opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true
|
||||
|
||||
# Clean up stale IPC socket
|
||||
rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true
|
||||
|
||||
# Setup VNC password
|
||||
mkdir -p /root/.vnc
|
||||
x11vnc -storepasswd "${VNC_PASSWORD:-vpnpass}" /root/.vnc/pass >/dev/null 2>&1 || true
|
||||
|
||||
# Clean up old X locks
|
||||
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
|
||||
|
||||
echo "Rego VPN setup complete"
|
||||
17
apps/rego-tunnel-linux/source/rego-vpn.service
Normal file
17
apps/rego-tunnel-linux/source/rego-vpn.service
Normal file
@@ -0,0 +1,17 @@
|
||||
[Unit]
|
||||
Description=Rego VPN GUI Services
|
||||
After=network.target dbus.service
|
||||
Wants=dbus.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment=DISPLAY=:1
|
||||
Environment=NOVNC_PORT=8806
|
||||
Environment=VNC_PASSWORD=vpnpass
|
||||
ExecStartPre=/usr/local/bin/rego-vpn-setup.sh
|
||||
ExecStart=/usr/local/bin/rego-vpn-gui.sh
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user