From b96e3a46bf2a36dc82818938b6c6861f1d6392c5 Mon Sep 17 00:00:00 2001
From: alexz <me@alexzaw.dev>
Date: Thu, 25 Dec 2025 01:55:07 +0000
Subject: [PATCH] Use systemd as init with /sbin/init

---
 apps/rego-tunnel-linux/source/Dockerfile      | 14 +++------
 .../source/cisco-vpnagentd.service            |  2 ++
 apps/rego-tunnel-linux/source/entrypoint.sh   | 11 +------
 apps/rego-tunnel-linux/source/rego-vpn-gui.sh | 31 -------------------
 .../source/rego-vpn-setup.sh                  | 31 -------------------
 .../rego-tunnel-linux/source/rego-vpn.service |  6 +---
 6 files changed, 9 insertions(+), 86 deletions(-)
 delete mode 100644 apps/rego-tunnel-linux/source/rego-vpn-gui.sh
 delete mode 100644 apps/rego-tunnel-linux/source/rego-vpn-setup.sh

diff --git a/apps/rego-tunnel-linux/source/Dockerfile b/apps/rego-tunnel-linux/source/Dockerfile
index 972a564..ad4100c 100755
--- a/apps/rego-tunnel-linux/source/Dockerfile
+++ b/apps/rego-tunnel-linux/source/Dockerfile
@@ -55,11 +55,11 @@ RUN chmod +x /root/vpn-sso.sh
 # Copy AnyConnect preferences
 COPY .anyconnect_global /opt/cisco/secureclient/vpn/.anyconnect_global
 
-# Copy and install systemd services
-COPY rego-vpn-setup.sh /usr/local/bin/rego-vpn-setup.sh
-COPY rego-vpn-gui.sh /usr/local/bin/rego-vpn-gui.sh
-RUN chmod +x /usr/local/bin/rego-vpn-setup.sh /usr/local/bin/rego-vpn-gui.sh
+# Copy entrypoint script
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
 
+# Copy systemd services
 COPY rego-vpn.service /etc/systemd/system/rego-vpn.service
 COPY cisco-vpnagentd.service /etc/systemd/system/cisco-vpnagentd.service
 
@@ -67,13 +67,9 @@ COPY cisco-vpnagentd.service /etc/systemd/system/cisco-vpnagentd.service
 RUN systemctl enable rego-vpn.service && \
     systemctl enable cisco-vpnagentd.service
 
-# Keep old entrypoint as fallback script
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-
 VOLUME [ "/sys/fs/cgroup" ]
 EXPOSE 8806
 
 # Use systemd as init
 STOPSIGNAL SIGRTMIN+3
-ENTRYPOINT ["/lib/systemd/systemd"]
+CMD ["/sbin/init"]
diff --git a/apps/rego-tunnel-linux/source/cisco-vpnagentd.service b/apps/rego-tunnel-linux/source/cisco-vpnagentd.service
index 8641aec..57bb8c4 100644
--- a/apps/rego-tunnel-linux/source/cisco-vpnagentd.service
+++ b/apps/rego-tunnel-linux/source/cisco-vpnagentd.service
@@ -7,6 +7,8 @@ Wants=dbus.service
 Type=forking
 ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh
 ExecStartPre=-/bin/rm -f /root/.cisco/hostscan/.libcsd.ipc
+ExecStartPre=-/bin/rm -f /run/vpnagentd.pid
+ExecStartPre=-/bin/rm -f /run/scan.pid
 ExecStart=/opt/cisco/secureclient/bin/vpnagentd
 Restart=on-failure
 RestartSec=3
diff --git a/apps/rego-tunnel-linux/source/entrypoint.sh b/apps/rego-tunnel-linux/source/entrypoint.sh
index ffd0ed1..d9c1abb 100755
--- a/apps/rego-tunnel-linux/source/entrypoint.sh
+++ b/apps/rego-tunnel-linux/source/entrypoint.sh
@@ -36,15 +36,7 @@ start_gui() {
   pids+=($!)
 }
 
-start_vpnagent() {
-  # Load TUN module if needed
-  /opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true
-  # Clean up stale IPC socket
-  rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true
-  # Start Cisco VPN agent daemon
-  /opt/cisco/secureclient/bin/vpnagentd &
-  pids+=($!)
-}
+# vpnagentd is now started by systemd (cisco-vpnagentd.service)
 
 setup_tun() {
   mkdir -p /dev/net
@@ -73,7 +65,6 @@ setup_tun
 setup_nat
 start_dbus
 start_gui
-start_vpnagent
 start_terminal
 
 echo "All services started. noVNC available on port $NOVNC_PORT"
diff --git a/apps/rego-tunnel-linux/source/rego-vpn-gui.sh b/apps/rego-tunnel-linux/source/rego-vpn-gui.sh
deleted file mode 100644
index 06edc71..0000000
--- a/apps/rego-tunnel-linux/source/rego-vpn-gui.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-# Main GUI service for Rego VPN
-
-NOVNC_PORT="${NOVNC_PORT:-8806}"
-DISPLAY_ADDR="${DISPLAY:-:1}"
-
-# Start Xvfb
-Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR &
-XVFB_PID=$!
-sleep 1
-
-export DISPLAY="$DISPLAY_ADDR"
-
-# Start window manager
-fluxbox >/tmp/fluxbox.log 2>&1 &
-
-# Start VNC server
-x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet &
-
-# Start websockify for noVNC
-websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 &
-
-# Start terminal
-sleep 1
-xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \
-    -T "Rego VPN" -e bash &
-
-echo "Rego VPN GUI started on port $NOVNC_PORT"
-
-# Wait for Xvfb (main process)
-wait $XVFB_PID
diff --git a/apps/rego-tunnel-linux/source/rego-vpn-setup.sh b/apps/rego-tunnel-linux/source/rego-vpn-setup.sh
deleted file mode 100644
index b81adbb..0000000
--- a/apps/rego-tunnel-linux/source/rego-vpn-setup.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-# Pre-start setup for Rego VPN
-
-# Add VPN hosts entries
-grep -q "vpn-ord1.dovercorp.com" /etc/hosts || echo "162.209.24.100 vpn-ord1.dovercorp.com" >> /etc/hosts
-grep -q "vpn.dovercorp.com" /etc/hosts || echo "13.67.192.27 vpn.dovercorp.com" >> /etc/hosts
-
-# Setup TUN device
-mkdir -p /dev/net
-if [ ! -c /dev/net/tun ]; then
-    mknod /dev/net/tun c 10 200 2>/dev/null || true
-    chmod 600 /dev/net/tun
-fi
-
-# Enable IP forwarding
-sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1 || true
-
-# Load TUN module
-/opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true
-
-# Clean up stale IPC socket
-rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true
-
-# Setup VNC password
-mkdir -p /root/.vnc
-x11vnc -storepasswd "${VNC_PASSWORD:-vpnpass}" /root/.vnc/pass >/dev/null 2>&1 || true
-
-# Clean up old X locks
-rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
-
-echo "Rego VPN setup complete"
diff --git a/apps/rego-tunnel-linux/source/rego-vpn.service b/apps/rego-tunnel-linux/source/rego-vpn.service
index 04e2b69..9a5a578 100644
--- a/apps/rego-tunnel-linux/source/rego-vpn.service
+++ b/apps/rego-tunnel-linux/source/rego-vpn.service
@@ -5,11 +5,7 @@ Wants=dbus.service
 
 [Service]
 Type=simple
-Environment=DISPLAY=:1
-Environment=NOVNC_PORT=8806
-Environment=VNC_PASSWORD=vpnpass
-ExecStartPre=/usr/local/bin/rego-vpn-setup.sh
-ExecStart=/usr/local/bin/rego-vpn-gui.sh
+ExecStart=/entrypoint.sh
 Restart=on-failure
 RestartSec=5