alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(rego-tunnel): Inline startup-vnc.sh and vnc.service in Dockerfile
Some checks failed
Test / test (push) Has been cancelled
Details

Browse Source 
These two files cannot be overridden at runtime, so they're now
baked directly into the Dockerfile using heredocs.

Remaining scripts (can be overridden at runtime):
- init-vpn.sh
- xstartup
- vpn-connect.sh

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Alex Zaw
2026-01-16 21:19:55 +00:00
parent b52ba03be4
commit ee6cb6c90d
3 changed files with 41 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
apps/rego-tunnel/build/Dockerfile
View File

@@ -28,22 +28,18 @@ RUN apt-get update && apt-get install -y \
policykit-1 \ policykit-1 \
xdg-utils \ xdg-utils \
libwebkit2gtk-4.0-37 \ libwebkit2gtk-4.0-37 \
# VNC
tigervnc-standalone-server \ tigervnc-standalone-server \
tigervnc-common \ tigervnc-common \
novnc \ novnc \
websockify \ websockify \
# Window manager
openbox \ openbox \
xterm \ xterm \
# Utilities
procps \ procps \
net-tools \ net-tools \
curl \ curl \
iproute2 \ iproute2 \
iputils-ping \ iputils-ping \
nano \ nano \
# Automation tools
xdotool \ xdotool \
oathtool \ oathtool \
xclip \ xclip \
@@ -59,7 +55,7 @@ RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \ /lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \
/lib/systemd/system/systemd-update-utmp* /lib/systemd/system/systemd-update-utmp*
# Copy and extract the FULL Cisco Secure Client installation (VPN + DART + Posture) # Copy and extract Cisco Secure Client
COPY cisco-secure-client-full.tar.gz /tmp/ COPY cisco-secure-client-full.tar.gz /tmp/
RUN tar -xzf /tmp/cisco-secure-client-full.tar.gz -C / && rm /tmp/cisco-secure-client-full.tar.gz RUN tar -xzf /tmp/cisco-secure-client-full.tar.gz -C / && rm /tmp/cisco-secure-client-full.tar.gz
@@ -67,13 +63,49 @@ RUN tar -xzf /tmp/cisco-secure-client-full.tar.gz -C / && rm /tmp/cisco-secure-c
RUN systemctl enable vpnagentd.service RUN systemctl enable vpnagentd.service
# Create scripts directory # Create scripts directory
RUN mkdir -p /opt/scripts RUN mkdir -p /opt/scripts /shared
# Copy scripts # Inline startup-vnc.sh (cannot be overridden at runtime)
RUN cat > /opt/scripts/startup-vnc.sh << 'EOF'
#!/bin/bash
set -e
export HOME=/root
export USER=root
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
rm -rf /tmp/.X*-lock /tmp/.X11-unix/* 2>/dev/null || true
echo "Starting TigerVNC server on display :1..."
vncserver :1 -geometry 1280x800 -depth 24 -SecurityTypes VncAuth -localhost no
sleep 2
echo "Starting noVNC on port ${NOVNC_PORT:-6080}..."
websockify --web=/usr/share/novnc/ ${NOVNC_PORT:-6080} localhost:5901 &
tail -f /root/.vnc/*.log
EOF
RUN chmod +x /opt/scripts/startup-vnc.sh
# Inline vnc.service (cannot be overridden at runtime)
RUN cat > /lib/systemd/system/vnc.service << 'EOF'
[Unit]
Description=VNC and noVNC Server
After=network.target vpnagentd.service
[Service]
Type=simple
ExecStart=/opt/scripts/startup-vnc.sh
Restart=always
RestartSec=5
Environment=HOME=/root
Environment=USER=root
[Install]
WantedBy=multi-user.target
EOF
RUN systemctl enable vnc.service
# Copy scripts that CAN be overridden at runtime
COPY scripts/init-vpn.sh /opt/scripts/ COPY scripts/init-vpn.sh /opt/scripts/
COPY scripts/startup-vnc.sh /opt/scripts/ COPY scripts/xstartup /root/.vnc/xstartup
COPY scripts/vpn-connect.sh /opt/scripts/ COPY scripts/vpn-connect.sh /opt/scripts/
RUN chmod +x /opt/scripts/*.sh RUN chmod +x /opt/scripts/*.sh /root/.vnc/xstartup
# Setup VNC password (default, can be overridden via mount) # Setup VNC password (default, can be overridden via mount)
ARG VNC_PASSWORD=cisco123 ARG VNC_PASSWORD=cisco123
@@ -81,17 +113,6 @@ RUN mkdir -p /root/.vnc && \
echo "${VNC_PASSWORD}" | vncpasswd -f > /root/.vnc/passwd && \ echo "${VNC_PASSWORD}" | vncpasswd -f > /root/.vnc/passwd && \
chmod 600 /root/.vnc/passwd chmod 600 /root/.vnc/passwd
# VNC xstartup script (can be overridden via mount)
COPY scripts/xstartup /root/.vnc/xstartup
RUN chmod +x /root/.vnc/xstartup
# Create systemd service for VNC
COPY scripts/vnc.service /lib/systemd/system/vnc.service
RUN systemctl enable vnc.service
# Create shared directory for mounting scripts
RUN mkdir -p /shared
VOLUME ["/sys/fs/cgroup"] VOLUME ["/sys/fs/cgroup"]
EXPOSE 5901 6080 EXPOSE 5901 6080

33
apps/rego-tunnel/build/scripts/startup-vnc.sh
View File

@@ -1,33 +0,0 @@
#!/bin/bash
# VNC and noVNC startup script
set -e
export HOME=/root
export USER=root
# Clean up any existing VNC locks
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
rm -rf /tmp/.X*-lock /tmp/.X11-unix/* 2>/dev/null || true
echo "Starting TigerVNC server on display :1..."
vncserver :1 \
-geometry 1280x800 \
-depth 24 \
-SecurityTypes VncAuth \
-localhost no
sleep 2
echo "Starting noVNC on port ${NOVNC_PORT:-6080}..."
websockify --web=/usr/share/novnc/ ${NOVNC_PORT:-6080} localhost:5901 &
echo ""
echo "============================================"
echo "VNC server running on port 5901"
echo "noVNC web interface: http://localhost:${NOVNC_PORT:-6080}/vnc.html"
echo "============================================"
echo ""
# Keep the script running
tail -f /root/.vnc/*.log

14
apps/rego-tunnel/build/scripts/vnc.service
View File

@@ -1,14 +0,0 @@
[Unit]
Description=VNC and noVNC Server
After=network.target vpnagentd.service
[Service]
Type=simple
ExecStart=/opt/scripts/startup-vnc.sh
Restart=always
RestartSec=5
Environment=HOME=/root
Environment=USER=root
[Install]
WantedBy=multi-user.target