From f8788827186e4e25f5020b83eb1570aa35eb3a4e Mon Sep 17 00:00:00 2001
From: alexz <me@alexzaw.dev>
Date: Thu, 18 Dec 2025 17:50:13 +0000
Subject: [PATCH] rego-tunnel: auto-setup SSH, socat, and port forwarding
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add vpn_scripts volume mount
- Install socat, openssh-client, netcat on startup
- Copy SSH key to /root/.ssh/ automatically
- Add socat forwarder for SSH (port 22)
- Expose ports 22 and 1080 in user-config

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 apps/rego-tunnel/docker-compose.yml   |  2 +-
 apps/rego-tunnel/vpn_scripts/start.sh | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/apps/rego-tunnel/docker-compose.yml b/apps/rego-tunnel/docker-compose.yml
index ac15be2..cefce08 100755
--- a/apps/rego-tunnel/docker-compose.yml
+++ b/apps/rego-tunnel/docker-compose.yml
@@ -20,7 +20,7 @@ services:
     volumes:
       - ${APP_DATA_DIR}/data/storage:/storage
       - ${APP_DATA_DIR}/data/shared:/shared
-      # - ${APP_DATA_DIR}/data/start.sh:/run/start.sh
+      - /etc/runtipi/repos/runtipi/apps/rego-tunnel/vpn_scripts:/vpn_scripts:ro
     networks:
       - tipi_main_network
     sysctls:
diff --git a/apps/rego-tunnel/vpn_scripts/start.sh b/apps/rego-tunnel/vpn_scripts/start.sh
index d80e674..6016e1b 100755
--- a/apps/rego-tunnel/vpn_scripts/start.sh
+++ b/apps/rego-tunnel/vpn_scripts/start.sh
@@ -4,6 +4,16 @@ set -Eeuo pipefail
 # Startup hook - runs after container starts
 # Dynamically detects Windows VM IP and sets up networking
 
+# Install required packages (not persistent across restarts)
+echo "[rego-tunnel] Installing required packages..."
+apt-get update -qq && apt-get install -y -qq socat openssh-client netcat-openbsd >/dev/null 2>&1 || true
+
+# Setup SSH key for accessing Windows VM
+echo "[rego-tunnel] Setting up SSH key..."
+mkdir -p /root/.ssh
+cp /vpn_scripts/id_ed25519-lenovo /root/.ssh/ 2>/dev/null || true
+chmod 600 /root/.ssh/id_ed25519-lenovo 2>/dev/null || true
+
 get_windows_ip() {
   # Method 1: DHCP leases (hostname is "Windows")
   local ip=$(awk '/Windows/ {print $3}' /var/lib/misc/dnsmasq.leases 2>/dev/null | head -1)
@@ -61,6 +71,11 @@ get_container_ip() {
   iptables -C FORWARD -d "$WINDOWS_IP" -j ACCEPT 2>/dev/null || \
   iptables -A FORWARD -d "$WINDOWS_IP" -j ACCEPT
 
+  # Start socat to forward SSH from Windows VM
+  pkill -f "socat.*:22" 2>/dev/null || true
+  socat TCP-LISTEN:22,fork,reuseaddr TCP:"$WINDOWS_IP":22 &
+  echo "[rego-tunnel] socat SSH forwarder started on port 22"
+
   # Start socat to forward SOCKS5 proxy from Windows VM
   pkill -f "socat.*1080" 2>/dev/null || true
   socat TCP-LISTEN:1080,fork,reuseaddr TCP:"$WINDOWS_IP":1080 &