alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
261 Commits 1 Branch 0 Tags
cb54689e7cf8bc397583d797b690ff915d32b6c9
Commit Graph

29 Commits

Author SHA1 Message Date
alexz
cb54689e7c cistech-tunnel: auto-fix script permissions at container startup 
Add chmod +x in entrypoint.sh to ensure all shared scripts are
executable even if permissions get reverted by git pull or appstore
update operations.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 20:44:33 +00:00
alexz
16b7a66c01 cistech-tunnel: move all scripts to dynamic mounts 
- Move entrypoint.sh from build/scripts/ to shared/ (no longer baked into image)
- Add entrypoint directive to docker-compose.json pointing to /shared/entrypoint.sh
- Update entrypoint.sh to reference /shared/startup-vnc.sh instead of /opt/scripts/
- Bump tipi_version to 7

All scripts are now dynamically controlled via volume mounts from the shared/
directory. The Docker image is a clean base with only packages installed.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-04 20:39:20 +00:00
Alex Zaw
ed21a14f68 Update apps/cistech-tunnel/shared/entrypoint.sh 2026-02-04 20:16:54 +00:00
Alex Zaw
004c58b445 Update apps/cistech-tunnel/shared/entrypoint.sh 2026-02-04 20:14:41 +00:00
alexz
a2f0b40fa8 . 2026-01-17 17:58:31 +00:00
alexz
bf60412640 Use test_connection function for keepalive check 
Replaces inline ping with existing test_connection function
 2026-01-17 17:57:46 +00:00
alexz
5f057c50ed Add TARGET_SUBNET to openconnect-vpn script 
Derive TARGET_SUBNET from TARGET_IP (first 3 octets + .0/24)
for iptables FORWARD rules to allow full subnet routing.
 2026-01-17 17:56:45 +00:00
alexz
b2e38b3cb4 Derive TARGET_SUBNET dynamically from TARGET_IP 
Extract first 3 octets from TARGET_IP and append .0/24
 2026-01-17 17:53:34 +00:00
alexz
47e1790a8b Add TARGET_SUBNET for iptables rules with /24 CIDR 
Keep TARGET_IP as single host, add hardcoded TARGET_SUBNET=10.3.1.0/24
for iptables rules and routes to allow full subnet routing.
 2026-01-17 17:52:44 +00:00
alexz
b67b8f18a4 Fix TARGET_IP to include /24 CIDR for iptables rules 
The iptables rules were using 10.3.1.0 (single IP) instead of
10.3.1.0/24 (subnet), causing routing from other machines to fail.
 2026-01-17 17:51:49 +00:00
alexz
c6749fe856 refactor(cistech-tunnel): add IBMI_HOST and test_connection function 
- Add hardcoded IBMI_HOST=10.3.1.201 for testing
- Create test_connection() function for reuse
- Use IBMI_HOST for connection tests and keepalive pings
- TARGET_IP still used for routing rules
 2026-01-17 16:53:40 +00:00
alexz
4c7ff9d6a0 fix(cistech-tunnel): reset DNS and clean tun interface before connecting 2026-01-17 16:49:32 +00:00
alexz
e93edb73af fix(cistech-tunnel): remove sudo from openconnect command - already running as root 2026-01-17 16:45:01 +00:00
alexz
9a6e2f67e6 feat(cistech-tunnel): add auto-connect, menu flag, watchdog, fix host routing 
- Auto-connect on startup (skip with -m/--menu flag)
- Add VPN watchdog for auto-reconnect
- Add live TOTP display
- Fix host-routing.sh pipefail issue with grep
- Better forwarding rules similar to rego-tunnel
 2026-01-17 16:40:55 +00:00
alexz
84b1eb3f5d . 2026-01-17 16:33:22 +00:00
alexz
1bd5a21a94 fix(cistech-tunnel): add sudo and system dbus for openconnect-sso 2026-01-17 16:21:26 +00:00
alexz
5c3147536c refactor(cistech-tunnel): move runtime scripts to shared folder 
- Add entrypoint.sh and startup-vnc.sh to shared folder
- Override command in docker-compose.json to use /shared/entrypoint.sh
- Scripts can now be modified without rebuilding image
 2026-01-17 16:10:22 +00:00
alexz
8656441976 fix(cistech-tunnel): add software rendering support for Qt WebEngine 
- Add QT_QUICK_BACKEND=software, LIBGL_ALWAYS_SOFTWARE=1
- Add mesa-utils, libgl1-mesa-dri for llvmpipe software renderer
- Add missing xcb libraries (libxcb-render0, libxcb-shm0, etc.)
- Use --use-gl=swiftshader in chromium flags
 2026-01-17 16:08:51 +00:00
alexz
0d52d54eed fix(cistech-tunnel): add Qt no-sandbox flags to xstartup 2026-01-17 15:59:31 +00:00
alexz
98f3cc95eb . 2026-01-17 15:27:29 +00:00
alexz
f1793baa57 .
Some checks failed
Test / test (push) Has been cancelled
Details
2026-01-17 14:23:50 +00:00
alexz
4fd8688685 revert(cistech-tunnel): restore to original working state at a7691b1
Some checks failed
Test / test (push) Has been cancelled
Details 
- Removed shared/ folder (host routing scripts)
- Restored original config.json, docker-compose.json
- Restored original Dockerfile and entrypoint.sh

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-17 11:30:34 +00:00
alexz
f410510a7f revert(cistech-tunnel): restore to working state at 5d54ed6
Some checks failed
Test / test (push) Has been cancelled
Details 
- Removed build/ folder
- Restored source/ folder with original Dockerfile and entrypoint.sh
- Reverted config files to original working state
- Cleaned up shared/ to only contain host routing scripts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-17 11:28:10 +00:00
alexz
9307cab1bb fix(cistech-tunnel): correct routing config and sync compose files
Some checks failed
Test / test (push) Has been cancelled
Details 
- host-routing.sh: Updated to use cistech values (172.30.0.10, br-vpn-static)
- config.json: Added TARGET_IP form field, bumped tipi_version to 2
- docker-compose.json: Added TARGET_IP environment variable
- docker-compose.yml: Synced with docker-compose.json (correct image, port 6080, all env vars)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-17 11:10:59 +00:00
alexz
e462edd99b .
Some checks failed
Test / test (push) Has been cancelled
Details
2026-01-17 10:53:29 +00:00
alexz
3c427af6fe Restructure cistech-tunnel to match rego-tunnel pattern
Some checks failed
Test / test (push) Has been cancelled
Details 
- build/: Dockerfile + entrypoint.sh (base image with VNC/noVNC)
- shared/: Runtime scripts mounted into container
  - xstartup: VNC startup, launches openconnect-vpn in xterm
  - openconnect-vpn: Main VPN script with menu, auto-connect, watchdog
- Removed source/ folder (replaced by build/)
- Updated docker-compose.json with proper volume mounts
- Changed port to 6080 (noVNC default)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-17 10:36:41 +00:00
alexz
5d54ed6f80 cistech-tunnel: Remove redundant entrypoint mount
Some checks failed
Test / test (push) Has been cancelled
Details 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-17 10:25:40 +00:00
alexz
685488c7d4 cistech-tunnel: Mount entrypoint.sh from shared folder
Some checks failed
Test / test (push) Has been cancelled
Details 
No more image rebuild needed for script changes.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-17 10:22:01 +00:00
alexz
27c46542e8 Add host routing watcher for cistech-tunnel (same pattern as rego-tunnel)
Some checks failed
Test / test (push) Has been cancelled
Details 
- Add shared/host-routing.sh with nft for NAT masquerade
- Add shared/install-host-services.sh to set up systemd watcher
- Add shared/uninstall-host-services.sh for cleanup
- Add /runtime volume mount for trigger file
- Update entrypoint.sh to trigger host routing when VPN connects

Run install-host-services.sh on host after app install.
Requires image rebuild for entrypoint changes.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-17 09:58:28 +00:00