fix(rego-tunnel): Make app work out of the box from repo
Some checks failed
Test / test (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
- Add init-rego.sh and xstartup to repo's shared folder - Update docker-compose.json with all volume mounts - Update docker-compose.yml with cgroup: host - Mount scripts directly from repo (not user-config) Now works on fresh install without any user-config overrides. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -21,10 +21,6 @@
|
|||||||
"key": "VPN_HOST",
|
"key": "VPN_HOST",
|
||||||
"value": "${VPN_HOST}"
|
"value": "${VPN_HOST}"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"key": "VPN_AUTO_CONNECT",
|
|
||||||
"value": "${VPN_AUTO_CONNECT}"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"key": "VNC_PASSWORD",
|
"key": "VNC_PASSWORD",
|
||||||
"value": "${VNC_PASSWORD}"
|
"value": "${VNC_PASSWORD}"
|
||||||
@@ -32,6 +28,10 @@
|
|||||||
{
|
{
|
||||||
"key": "TZ",
|
"key": "TZ",
|
||||||
"value": "${TZ}"
|
"value": "${TZ}"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"key": "TARGET_IP",
|
||||||
|
"value": "${TARGET_IP}"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"internalPort": 6080,
|
"internalPort": 6080,
|
||||||
@@ -39,34 +39,30 @@
|
|||||||
{
|
{
|
||||||
"hostPath": "${APP_DATA_DIR}/config",
|
"hostPath": "${APP_DATA_DIR}/config",
|
||||||
"containerPath": "/config",
|
"containerPath": "/config",
|
||||||
"readOnly": false,
|
"readOnly": false
|
||||||
"shared": false,
|
|
||||||
"private": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"hostPath": "/etc/runtipi/user-config/runtipi/rego-tunnel/shared",
|
"hostPath": "/etc/runtipi/repos/runtipi/apps/rego-tunnel/shared",
|
||||||
"containerPath": "/shared",
|
"containerPath": "/shared",
|
||||||
"readOnly": false,
|
"readOnly": false
|
||||||
"shared": false,
|
|
||||||
"private": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"hostPath": "/sys/fs/cgroup",
|
"hostPath": "/sys/fs/cgroup",
|
||||||
"containerPath": "/sys/fs/cgroup",
|
"containerPath": "/sys/fs/cgroup",
|
||||||
"readOnly": false,
|
"readOnly": false
|
||||||
"shared": false,
|
|
||||||
"private": false
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"hostPath": "/etc/runtipi/user-config/runtipi/rego-tunnel/shared/xstartup",
|
"hostPath": "/etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/init-rego.sh",
|
||||||
|
"containerPath": "/opt/scripts/init-vpn.sh",
|
||||||
|
"readOnly": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hostPath": "/etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/xstartup",
|
||||||
"containerPath": "/root/.vnc/xstartup",
|
"containerPath": "/root/.vnc/xstartup",
|
||||||
"readOnly": false,
|
"readOnly": true
|
||||||
"shared": false,
|
|
||||||
"private": false
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"stopGracePeriod": "30s",
|
"stopGracePeriod": "30s",
|
||||||
"sysctls": {},
|
|
||||||
"devices": [
|
"devices": [
|
||||||
"/dev/net/tun"
|
"/dev/net/tun"
|
||||||
],
|
],
|
||||||
|
|||||||
@@ -12,15 +12,17 @@ services:
|
|||||||
VPN_PASSWORD: ${VPN_PASSWORD}
|
VPN_PASSWORD: ${VPN_PASSWORD}
|
||||||
VPN_TOTP_SECRET: ${VPN_TOTP_SECRET}
|
VPN_TOTP_SECRET: ${VPN_TOTP_SECRET}
|
||||||
VPN_HOST: ${VPN_HOST}
|
VPN_HOST: ${VPN_HOST}
|
||||||
VPN_AUTO_CONNECT: ${VPN_AUTO_CONNECT}
|
|
||||||
VNC_PASSWORD: ${VNC_PASSWORD}
|
VNC_PASSWORD: ${VNC_PASSWORD}
|
||||||
TZ: ${TZ}
|
TZ: ${TZ}
|
||||||
|
TARGET_IP: ${TARGET_IP}
|
||||||
ports:
|
ports:
|
||||||
- ${APP_PORT}:6080
|
- ${APP_PORT}:6080
|
||||||
volumes:
|
volumes:
|
||||||
- ${APP_DATA_DIR}/config:/config
|
- ${APP_DATA_DIR}/config:/config
|
||||||
- /etc/runtipi/user-config/runtipi/rego-tunnel/shared:/shared
|
- /etc/runtipi/repos/runtipi/apps/rego-tunnel/shared:/shared
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||||
|
- /etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/init-rego.sh:/opt/scripts/init-vpn.sh:ro
|
||||||
|
- /etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/xstartup:/root/.vnc/xstartup:ro
|
||||||
labels:
|
labels:
|
||||||
generated: true
|
generated: true
|
||||||
traefik.enable: true
|
traefik.enable: true
|
||||||
|
|||||||
56
apps/rego-tunnel/shared/init-rego.sh
Normal file
56
apps/rego-tunnel/shared/init-rego.sh
Normal file
@@ -0,0 +1,56 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Rego Tunnel Init Script
|
||||||
|
# Combines:
|
||||||
|
# 1. DNS unmount fix (from cisco-vpn) - allows VPN to modify /etc/resolv.conf and /etc/hosts
|
||||||
|
# 2. Basic network setup (IP forwarding)
|
||||||
|
# 3. Starts systemd
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "[init-rego] Starting Rego Tunnel initialization..."
|
||||||
|
|
||||||
|
# ============================================
|
||||||
|
# 1. Fix Docker's read-only bind mounts
|
||||||
|
# ============================================
|
||||||
|
echo "[init-rego] Fixing DNS bind mounts..."
|
||||||
|
|
||||||
|
# Backup current DNS config
|
||||||
|
cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
|
||||||
|
cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true
|
||||||
|
|
||||||
|
# Unmount Docker's bind mounts (required for VPN to modify DNS)
|
||||||
|
umount /etc/resolv.conf 2>/dev/null || true
|
||||||
|
umount /etc/hosts 2>/dev/null || true
|
||||||
|
|
||||||
|
# Restore DNS config as regular writable files
|
||||||
|
cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
|
||||||
|
cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts
|
||||||
|
|
||||||
|
echo "[init-rego] DNS files are now writable"
|
||||||
|
|
||||||
|
# ============================================
|
||||||
|
# 2. Network Setup
|
||||||
|
# ============================================
|
||||||
|
echo "[init-rego] Setting up network..."
|
||||||
|
|
||||||
|
# Enable IP forwarding
|
||||||
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||||
|
echo "[init-rego] IP forwarding enabled"
|
||||||
|
|
||||||
|
# Note: NAT/forwarding rules for VPN traffic are set up by the cisco-vpn script
|
||||||
|
# AFTER the VPN connects (it needs to know the VPN interface name)
|
||||||
|
|
||||||
|
# ============================================
|
||||||
|
# 3. Make shared scripts executable
|
||||||
|
# ============================================
|
||||||
|
if [ -d /shared ]; then
|
||||||
|
chmod +x /shared/*.sh 2>/dev/null || true
|
||||||
|
chmod +x /shared/cisco-vpn 2>/dev/null || true
|
||||||
|
echo "[init-rego] Shared scripts made executable"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ============================================
|
||||||
|
# 4. Start systemd
|
||||||
|
# ============================================
|
||||||
|
echo "[init-rego] Starting systemd..."
|
||||||
|
exec /sbin/init
|
||||||
32
apps/rego-tunnel/shared/xstartup
Normal file
32
apps/rego-tunnel/shared/xstartup
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# VNC xstartup - launches terminal with cisco-vpn script
|
||||||
|
# This runs inside the VNC session
|
||||||
|
|
||||||
|
unset SESSION_MANAGER
|
||||||
|
unset DBUS_SESSION_BUS_ADDRESS
|
||||||
|
|
||||||
|
export XDG_RUNTIME_DIR=/tmp/runtime-root
|
||||||
|
mkdir -p $XDG_RUNTIME_DIR
|
||||||
|
chmod 700 $XDG_RUNTIME_DIR
|
||||||
|
|
||||||
|
# GPU/WebKit workarounds for Cisco UI
|
||||||
|
export GDK_BACKEND=x11
|
||||||
|
export WEBKIT_DISABLE_DMABUF_RENDERER=1
|
||||||
|
|
||||||
|
# Start dbus session
|
||||||
|
[ -x /usr/bin/dbus-launch ] && eval $(dbus-launch --sh-syntax --exit-with-session)
|
||||||
|
|
||||||
|
# Start window manager
|
||||||
|
openbox &
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
# Make sure the script is executable
|
||||||
|
chmod +x /shared/cisco-vpn 2>/dev/null || true
|
||||||
|
|
||||||
|
# Start xterm with the cisco-vpn script
|
||||||
|
# The script handles everything: vpnagentd, vpnui, auto-login, forwarding
|
||||||
|
xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 130x45+10+10 \
|
||||||
|
-title "Rego VPN Terminal" \
|
||||||
|
-e "bash -c '/shared/cisco-vpn; exec bash'" &
|
||||||
|
|
||||||
|
wait
|
||||||
Reference in New Issue
Block a user