upload current sources

apps/rego-tunnel-linux/metadata/description.md

@@ -1,35 +1,20 @@
-<h1 align="center">QEMU<br />
-<div align="center">
-<a href="https://github.com/qemus/qemu"><img src="https://github.com/qemus/qemu/raw/master/.github/logo.png" title="Logo" style="max-width:100%;" width="128" /></a>
-</div>
-<div align="center">
+# Dockerized OpenConnect-SSO with noVNC and Cloudflared
 
-</div></h1>
+## Setup
+1) Copy `.env.example` to `.env` and fill values (URLs, servercert pins, VNC passwords, cloudflared tokens).
 
-Linux VM in a Docker container with Cisco Secure Client VPN.
+2) First-time SSO: leave `OC_SSO_ARGS_*=--browser-display-mode visible`.
 
-## Features
+3) Build and start:
+   docker compose build
+   docker compose up -d vpn_a
+   # Open http://localhost:6901, complete SSO.
+   # After success, attach app containers or start cloudflared_a.
 
- - KVM acceleration
- - Web-based viewer
- - Cisco Secure Client VPN pre-installed
- - Auto-login with TOTP support
+4) Optional: switch to headless after first login:
+   Set `OC_SSO_ARGS_*=--browser-display-mode hidden` (or `headless`) and restart the vpn service.
 
-## Quick Start
-
-1. Start the container and connect to the web viewer
-2. After Ubuntu installation completes, open a terminal
-3. Mount the shared folder and run the install script:
-   ```bash
-   sudo mkdir -p /mnt/shared
-   sudo mount -t 9p shared /mnt/shared
-   sudo bash /mnt/shared/install-cisco.sh
-   ```
-4. Run the VPN automation: `~/cisco-vpn.sh`
-
-## VPN Connection
-
-The container includes automated VPN login with:
-- TOTP code generation
-- xdotool automation for GUI
-- Watchdog mode for auto-reconnection
+## Notes
+- Each VPN runs in its own net namespace; routes from one cannot affect the other or the host.
+- DNS from the VPN applies within its container namespace and attached services only.
+- Persisted state lives in the named volumes mounted at `/root` (Playwright cache, configs).