The elif branch was missing 'echo "" |' which caused openconnect-sso
to hang waiting for stdin input when OC_PASSWORD is not set.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- entrypoint.sh: Auto-fetch pin-sha256 from VPN URL if not provided
- config.json: Remove OC_SERVERCERT (auto-fetched), add OC_PASSWORD
- docker-compose.json: Add OC_PASSWORD env var
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- docker-compose.json: Use git.alexzaw.dev/alexz/cistech-vpn:latest
- config.json: Add OC_TOTP_SECRET field, keep server cert as default
- Dockerfile: Remove hardcoded credentials (come from env at runtime)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add shared/host-routing.sh with nft for NAT masquerade
- Add shared/install-host-services.sh to set up systemd watcher
- Add shared/uninstall-host-services.sh for cleanup
- Add /runtime volume mount for trigger file
- Update entrypoint.sh to trigger host routing when VPN connects
Run install-host-services.sh on host after app install.
Requires image rebuild for entrypoint changes.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
