FROM ubuntu:22.04

LABEL maintainer="alexz"
LABEL description="OpenConnect-SSO VPN in Docker with noVNC"
LABEL version="1.0.0"

ENV DEBIAN_FRONTEND=noninteractive
ENV container=docker

# VNC/noVNC settings
ENV DISPLAY=:1
ENV VNC_PORT=5901
ENV NOVNC_PORT=6092

# Python/Playwright settings
ENV VIRTUAL_ENV=/opt/venv
ENV PATH=/opt/venv/bin:$PATH
ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright

# Install system dependencies
RUN apt-get update && apt-get install -y \
    # Core tools
    openconnect \
    vpnc-scripts \
    iptables \
    iproute2 \
    iputils-ping \
    net-tools \
    procps \
    curl \
    nano \
    ca-certificates \
    # Python
    python3 \
    python3-pip \
    python3-venv \
    # VNC/noVNC (novnc installed from GitHub below)
    tigervnc-standalone-server \
    tigervnc-common \
    websockify \
    x11vnc \
    xvfb \
    # Window manager & terminal
    openbox \
    fluxbox \
    xterm \
    # Automation tools
    xdotool \
    xclip \
    oathtool \
    # X11/GUI dependencies for browser
    dbus \
    dbus-x11 \
    libgtk-3-0 \
    libglib2.0-0 \
    libnss3 \
    libatk1.0-0 \
    libatk-bridge2.0-0 \
    libx11-6 \
    libx11-xcb1 \
    libxcomposite1 \
    libxrandr2 \
    libgbm1 \
    libxdamage1 \
    libpango-1.0-0 \
    libxkbcommon0 \
    libxkbcommon-x11-0 \
    fonts-liberation \
    # EGL/GL for PyQt6 WebEngine + software rendering
    libegl1 \
    libgl1 \
    libopengl0 \
    libdbus-1-3 \
    mesa-utils \
    libgl1-mesa-dri \
    # XCB libraries for Qt6 (complete set)
    libxcb1 \
    libxcb-cursor0 \
    libxcb-icccm4 \
    libxcb-image0 \
    libxcb-keysyms1 \
    libxcb-render0 \
    libxcb-render-util0 \
    libxcb-shm0 \
    libxcb-xfixes0 \
    libxcb-xinerama0 \
    libxcb-randr0 \
    libxcb-glx0 \
    libxcb-shape0 \
    # sudo needed for openconnect-sso
    sudo \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Install noVNC from GitHub (v1.4.0 - stable release with ES6 modules)
RUN curl -fsSL https://github.com/novnc/noVNC/archive/refs/tags/v1.4.0.tar.gz | tar -xz -C /usr/share/ \
    && mv /usr/share/noVNC-1.4.0 /usr/share/novnc \
    && ln -sf /usr/share/novnc/vnc.html /usr/share/novnc/index.html

# Create Python venv and install openconnect-sso with all dependencies
RUN python3 -m venv "$VIRTUAL_ENV" && \
    pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir \
        'openconnect-sso[full]' \
        playwright \
        keyring \
        keyrings.alt

# Install Playwright browser (Chromium)
RUN python -m playwright install --with-deps chromium

# Create directories
RUN mkdir -p /opt/scripts

# VNC startup script (base64 encoded)
RUN echo 'IyEvYmluL2Jhc2gKc2V0IC1lCmV4cG9ydCBIT01FPScvcm9vdCcKZXhwb3J0IFVTRVI9J3Jvb3QnCnJtIC1mIC90bXAvLlAxLWxvY2sgL3RtcC8uWDExLXVuaXgvWDEgMj4vZGV2L251bGwgfHwgdHJ1ZQpybSAtcmYgL3RtcC8uWCotbG9jayAvdG1wLy5YMTQtdW5peC8qIDI+L2Rldi9udWxsIHx8IHRydWUKZWNobyAiU3RhcnRpbmcgVGlnZXJWTkMgc2VydmVyIG9uIGRpc3BsYXkgOjEuLi4iCnZuY3NlcnZlciA6MSAtZ2VvbWV0cnkgMTI4MHg4MDAgLWRlcHRoIDI0IC1TZWN1cml0eVR5cGVzIFZuY0F1dGggLWxvY2FsaG9zdCBubwpzbGVlcCAyCmVjaG8gIlN0YXJ0aW5nIG5vVk5DIG9uIHBvcnQgJHtOT1ZOQ19QT1JUOi02MDkyfS4uLiIKd2Vic29ja2lmeSAtLXdlYj0vdXNyL3NoYXJlL25vdm5jLyAke05PVk5DX1BPUlQ6LTYwOTJ9IGxvY2FsaG9zdDoke1ZOQ19QT1JUOi01OTAxfSAmCnRhaWwgLWYgL3Jvb3QvLnZuYy8qLmxvZwo=' \
    | base64 -d > /opt/scripts/startup-vnc.sh && \
    chmod +x /opt/scripts/startup-vnc.sh

# Copy entrypoint script
COPY scripts/entrypoint.sh /opt/scripts/
RUN chmod +x /opt/scripts/entrypoint.sh

EXPOSE "$VNC_PORT" "$NOVNC_PORT"

CMD ["/opt/scripts/entrypoint.sh"]