The nft|grep|grep|head pipeline fails when no masquerade rule exists,
causing the script to exit under set -euo pipefail. Add || true to
match the cistech-tunnel version.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move entrypoint.sh from build/scripts/ to shared/
- Create startup-vnc.sh in shared/ (was base64-encoded in Dockerfile)
- Remove baked-in scripts and CMD from Dockerfile (keep vnc.service unit only)
- Entrypoint now: chmod +x all shared scripts, symlinks startup-vnc.sh
to /opt/scripts/ so systemd vnc.service still finds it
- Fix host watcher: use /bin/bash in ExecStart for permission resilience
- Bump tipi_version to 7
All scripts are now dynamically controlled via volume mounts.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Invoke host-routing.sh via /bin/bash so the watcher service works
even if the execute bit gets cleared by permission resets.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add chmod +x in entrypoint.sh to ensure all shared scripts are
executable even if permissions get reverted by git pull or appstore
update operations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Runtipi's compose generator doesn't translate the entrypoint field.
The entrypoint is instead set via user-config override.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move entrypoint.sh from build/scripts/ to shared/ (no longer baked into image)
- Add entrypoint directive to docker-compose.json pointing to /shared/entrypoint.sh
- Update entrypoint.sh to reference /shared/startup-vnc.sh instead of /opt/scripts/
- Bump tipi_version to 7
All scripts are now dynamically controlled via volume mounts from the shared/
directory. The Docker image is a clean base with only packages installed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The apt novnc package (v1.0.0) has module export issues causing
JavaScript errors. Switch to noVNC v1.4.0 from GitHub which has
proper ES6 module exports.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add hardcoded IBMI_HOST=10.3.1.201 for testing
- Create test_connection() function for reuse
- Use IBMI_HOST for connection tests and keepalive pings
- TARGET_IP still used for routing rules
- Auto-connect on startup (skip with -m/--menu flag)
- Add VPN watchdog for auto-reconnect
- Add live TOTP display
- Fix host-routing.sh pipefail issue with grep
- Better forwarding rules similar to rego-tunnel
- Add entrypoint.sh and startup-vnc.sh to shared folder
- Override command in docker-compose.json to use /shared/entrypoint.sh
- Scripts can now be modified without rebuilding image
- Removed shared/ folder (host routing scripts)
- Restored original config.json, docker-compose.json
- Restored original Dockerfile and entrypoint.sh
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Removed build/ folder
- Restored source/ folder with original Dockerfile and entrypoint.sh
- Reverted config files to original working state
- Cleaned up shared/ to only contain host routing scripts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
