alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use systemd as init with /sbin/init
Some checks failed
Test / test (push) Has been cancelled
Details
Renovate / renovate (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Alex Zaw
2025-12-25 01:55:07 +00:00
parent 7b0065f75a
commit b96e3a46bf
6 changed files with 9 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apps/rego-tunnel-linux/source/Dockerfile
View File

@@ -55,11 +55,11 @@ RUN chmod +x /root/vpn-sso.sh
# Copy AnyConnect preferences # Copy AnyConnect preferences
COPY .anyconnect_global /opt/cisco/secureclient/vpn/.anyconnect_global COPY .anyconnect_global /opt/cisco/secureclient/vpn/.anyconnect_global
# Copy and install systemd services # Copy entrypoint script
COPY rego-vpn-setup.sh /usr/local/bin/rego-vpn-setup.sh COPY entrypoint.sh /entrypoint.sh
COPY rego-vpn-gui.sh /usr/local/bin/rego-vpn-gui.sh RUN chmod +x /entrypoint.sh
RUN chmod +x /usr/local/bin/rego-vpn-setup.sh /usr/local/bin/rego-vpn-gui.sh
# Copy systemd services
COPY rego-vpn.service /etc/systemd/system/rego-vpn.service COPY rego-vpn.service /etc/systemd/system/rego-vpn.service
COPY cisco-vpnagentd.service /etc/systemd/system/cisco-vpnagentd.service COPY cisco-vpnagentd.service /etc/systemd/system/cisco-vpnagentd.service
@@ -67,13 +67,9 @@ COPY cisco-vpnagentd.service /etc/systemd/system/cisco-vpnagentd.service
RUN systemctl enable rego-vpn.service && \ RUN systemctl enable rego-vpn.service && \
systemctl enable cisco-vpnagentd.service systemctl enable cisco-vpnagentd.service
# Keep old entrypoint as fallback script
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
VOLUME [ "/sys/fs/cgroup" ] VOLUME [ "/sys/fs/cgroup" ]
EXPOSE 8806 EXPOSE 8806
# Use systemd as init # Use systemd as init
STOPSIGNAL SIGRTMIN+3 STOPSIGNAL SIGRTMIN+3
ENTRYPOINT ["/lib/systemd/systemd"] CMD ["/sbin/init"]

2
apps/rego-tunnel-linux/source/cisco-vpnagentd.service
View File

@@ -7,6 +7,8 @@ Wants=dbus.service
Type=forking Type=forking
ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh
ExecStartPre=-/bin/rm -f /root/.cisco/hostscan/.libcsd.ipc ExecStartPre=-/bin/rm -f /root/.cisco/hostscan/.libcsd.ipc
ExecStartPre=-/bin/rm -f /run/vpnagentd.pid
ExecStartPre=-/bin/rm -f /run/scan.pid
ExecStart=/opt/cisco/secureclient/bin/vpnagentd ExecStart=/opt/cisco/secureclient/bin/vpnagentd
Restart=on-failure Restart=on-failure
RestartSec=3 RestartSec=3

11
apps/rego-tunnel-linux/source/entrypoint.sh
View File

@@ -36,15 +36,7 @@ start_gui() {
pids+=($!) pids+=($!)
} }
start_vpnagent() { # vpnagentd is now started by systemd (cisco-vpnagentd.service)
# Load TUN module if needed
/opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true
# Clean up stale IPC socket
rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true
# Start Cisco VPN agent daemon
/opt/cisco/secureclient/bin/vpnagentd &
pids+=($!)
}
setup_tun() { setup_tun() {
mkdir -p /dev/net mkdir -p /dev/net
@@ -73,7 +65,6 @@ setup_tun
setup_nat setup_nat
start_dbus start_dbus
start_gui start_gui
start_vpnagent
start_terminal start_terminal
echo "All services started. noVNC available on port $NOVNC_PORT" echo "All services started. noVNC available on port $NOVNC_PORT"

31
apps/rego-tunnel-linux/source/rego-vpn-gui.sh
View File

@@ -1,31 +0,0 @@
#!/bin/bash
# Main GUI service for Rego VPN
NOVNC_PORT="${NOVNC_PORT:-8806}"
DISPLAY_ADDR="${DISPLAY:-:1}"
# Start Xvfb
Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR &
XVFB_PID=$!
sleep 1
export DISPLAY="$DISPLAY_ADDR"
# Start window manager
fluxbox >/tmp/fluxbox.log 2>&1 &
# Start VNC server
x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet &
# Start websockify for noVNC
websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 &
# Start terminal
sleep 1
xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \
-T "Rego VPN" -e bash &
echo "Rego VPN GUI started on port $NOVNC_PORT"
# Wait for Xvfb (main process)
wait $XVFB_PID

31
apps/rego-tunnel-linux/source/rego-vpn-setup.sh
View File

@@ -1,31 +0,0 @@
#!/bin/bash
# Pre-start setup for Rego VPN
# Add VPN hosts entries
grep -q "vpn-ord1.dovercorp.com" /etc/hosts || echo "162.209.24.100 vpn-ord1.dovercorp.com" >> /etc/hosts
grep -q "vpn.dovercorp.com" /etc/hosts || echo "13.67.192.27 vpn.dovercorp.com" >> /etc/hosts
# Setup TUN device
mkdir -p /dev/net
if [ ! -c /dev/net/tun ]; then
mknod /dev/net/tun c 10 200 2>/dev/null || true
chmod 600 /dev/net/tun
fi
# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1 || true
# Load TUN module
/opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true
# Clean up stale IPC socket
rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true
# Setup VNC password
mkdir -p /root/.vnc
x11vnc -storepasswd "${VNC_PASSWORD:-vpnpass}" /root/.vnc/pass >/dev/null 2>&1 || true
# Clean up old X locks
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
echo "Rego VPN setup complete"

6
apps/rego-tunnel-linux/source/rego-vpn.service
View File

@@ -5,11 +5,7 @@ Wants=dbus.service
[Service] [Service]
Type=simple Type=simple
Environment=DISPLAY=:1 ExecStart=/entrypoint.sh
Environment=NOVNC_PORT=8806
Environment=VNC_PASSWORD=vpnpass
ExecStartPre=/usr/local/bin/rego-vpn-setup.sh
ExecStart=/usr/local/bin/rego-vpn-gui.sh
Restart=on-failure Restart=on-failure
RestartSec=5 RestartSec=5