upload current sources

apps/cistech-tunnel/README.md

@@ -1,11 +1,42 @@
-# Cistech Tunnel (VPN + SSH)
+# Cistech Tunnel
 
-- VPN: OpenConnect-SSO with noVNC for first-time SSO (port 6901)
-- SSH tunnels: forwards to 10.3.1.201 inside the VPN namespace
+OpenConnect-SSO VPN client running in a container with noVNC for browser-based access.
 
-Usage
-- Copy `.env.example` to `.env` and adjust values.
-- Build and start:
-  docker compose build
-  docker compose up -d vpn ssh_tunnel
-- First-time SSO: open http://<host>:6901 and complete login; then set `OC_SSO_ARGS=--browser-display-mode hidden` and restart `vpn`.
+## Features
+
+- **OpenConnect-SSO**: Cisco AnyConnect VPN with SSO/SAML authentication
+- **TOTP Support**: Automatic 2FA via keyring integration
+- **Auto-reconnect**: Automatically reconnects on disconnection
+- **noVNC**: Browser-based VNC access on port 6902
+- **NAT/Masquerade**: Routes traffic through VPN tunnel
+- **Cloudflared**: Optional Cloudflare tunnel support
+- **SSH Tunnels**: Optional SSH port forwarding
+
+## Runtipi Installation
+
+1. Install from the app store or custom repo
+2. Configure the required environment variables
+3. Start the app via Runtipi dashboard
+
+## First-time SSO Login
+
+1. Open noVNC at `http://<host>:6902`
+2. Enter VNC password
+3. Complete SSO login in the browser window
+4. VPN will connect and auto-reconnect on disconnect
+
+## Source Files
+
+- `source/Dockerfile`: Container build file
+- `source/entrypoint.sh`: Container entrypoint with auto-reconnect
+
+## Environment Variables
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| OC_URL | Yes | VPN server URL |
+| OC_SERVERCERT | Yes | Server certificate pin |
+| OC_USER | No | Username (enables hidden browser mode) |
+| VNC_PASSWORD | Yes | noVNC access password |
+| OC_TOTP_SECRET | No | TOTP secret for auto 2FA |
+| NOVNC_PORT | No | noVNC port (default: 6901) |