fix(rego-tunnel): Make app work out of the box from repo

- Add init-rego.sh and xstartup to repo's shared folder - Update docker-compose.json with all volume mounts - Update docker-compose.yml with cgroup: host - Mount scripts directly from repo (not user-config) Now works on fresh install without any user-config overrides. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-16 20:49:39 +00:00
parent 38c4eea2f0
commit b52ba03be4
4 changed files with 107 additions and 21 deletions
--- a/apps/rego-tunnel/shared/init-rego.sh
+++ b/apps/rego-tunnel/shared/init-rego.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+# Rego Tunnel Init Script
+# Combines:
+# 1. DNS unmount fix (from cisco-vpn) - allows VPN to modify /etc/resolv.conf and /etc/hosts
+# 2. Basic network setup (IP forwarding)
+# 3. Starts systemd
+
+set -e
+
+echo "[init-rego] Starting Rego Tunnel initialization..."
+
+# ============================================
+# 1. Fix Docker's read-only bind mounts
+# ============================================
+echo "[init-rego] Fixing DNS bind mounts..."
+
+# Backup current DNS config
+cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
+cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true
+
+# Unmount Docker's bind mounts (required for VPN to modify DNS)
+umount /etc/resolv.conf 2>/dev/null || true
+umount /etc/hosts 2>/dev/null || true
+
+# Restore DNS config as regular writable files
+cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
+cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts
+
+echo "[init-rego] DNS files are now writable"
+
+# ============================================
+# 2. Network Setup
+# ============================================
+echo "[init-rego] Setting up network..."
+
+# Enable IP forwarding
+echo 1 > /proc/sys/net/ipv4/ip_forward
+echo "[init-rego] IP forwarding enabled"
+
+# Note: NAT/forwarding rules for VPN traffic are set up by the cisco-vpn script
+# AFTER the VPN connects (it needs to know the VPN interface name)
+
+# ============================================
+# 3. Make shared scripts executable
+# ============================================
+if [ -d /shared ]; then
+    chmod +x /shared/*.sh 2>/dev/null || true
+    chmod +x /shared/cisco-vpn 2>/dev/null || true
+    echo "[init-rego] Shared scripts made executable"
+fi
+
+# ============================================
+# 4. Start systemd
+# ============================================
+echo "[init-rego] Starting systemd..."
+exec /sbin/init
--- a/apps/rego-tunnel/shared/xstartup
+++ b/apps/rego-tunnel/shared/xstartup
@@ -0,0 +1,32 @@
+#!/bin/bash
+# VNC xstartup - launches terminal with cisco-vpn script
+# This runs inside the VNC session
+
+unset SESSION_MANAGER
+unset DBUS_SESSION_BUS_ADDRESS
+
+export XDG_RUNTIME_DIR=/tmp/runtime-root
+mkdir -p $XDG_RUNTIME_DIR
+chmod 700 $XDG_RUNTIME_DIR
+
+# GPU/WebKit workarounds for Cisco UI
+export GDK_BACKEND=x11
+export WEBKIT_DISABLE_DMABUF_RENDERER=1
+
+# Start dbus session
+[ -x /usr/bin/dbus-launch ] && eval $(dbus-launch --sh-syntax --exit-with-session)
+
+# Start window manager
+openbox &
+sleep 2
+
+# Make sure the script is executable
+chmod +x /shared/cisco-vpn 2>/dev/null || true
+
+# Start xterm with the cisco-vpn script
+# The script handles everything: vpnagentd, vpnui, auto-login, forwarding
+xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 130x45+10+10 \
+    -title "Rego VPN Terminal" \
+    -e "bash -c '/shared/cisco-vpn; exec bash'" &
+
+wait