#!/bin/bash
# Entrypoint: VNC password setup + DNS fix + start VNC

set -euo pipefail

# Setup TigerVNC password file from env var
if [ -n "${VNC_PASSWORD:-}" ]; then
    mkdir -p /root/.vnc
    printf '%s\n%s\n' "$VNC_PASSWORD" "$VNC_PASSWORD" | vncpasswd -f > /root/.vnc/passwd
    chmod 600 /root/.vnc/passwd
fi

# DNS fix for containers
cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true
umount /etc/resolv.conf 2>/dev/null || true
umount /etc/hosts 2>/dev/null || true
cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "[entrypoint] IP forwarding enabled"

# Clean up stale X locks
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true

# Start VNC server
echo "[entrypoint] Starting TigerVNC server..."
mkdir -p /root/.vnc
vncserver :1 -geometry 1280x800 -depth 24 -SecurityTypes VncAuth -localhost no

# Wait for VNC to start
sleep 2

# Start noVNC websockify
echo "[entrypoint] Starting noVNC on port ${NOVNC_PORT:-6080}..."
websockify --web=/usr/share/novnc/ ${NOVNC_PORT:-6080} localhost:5901 &

# Keep container running
echo "[entrypoint] VNC ready. Tailing logs..."
tail -f /root/.vnc/*.log