#!/usr/bin/env bash
set -euo pipefail

NOVNC_PORT="${NOVNC_PORT:-8806}"
VNC_PASSWORD="${VNC_PASSWORD:-vpnpass}"
DISPLAY_ADDR="${DISPLAY:-:1}"

pids=()

setup_hosts() {
  # Add VPN hosts entries (Docker manages /etc/hosts, so add at runtime)
  grep -q "vpn-ord1.dovercorp.com" /etc/hosts || echo "162.209.24.100 vpn-ord1.dovercorp.com" >> /etc/hosts
  grep -q "vpn.dovercorp.com" /etc/hosts || echo "13.67.192.27 vpn.dovercorp.com" >> /etc/hosts
}

start_dbus() {
  # Start dbus for Cisco Secure Client
  mkdir -p /run/dbus
  rm -f /run/dbus/pid
  dbus-daemon --system --fork 2>/dev/null || true
}

start_gui() {
  mkdir -p /root/.vnc
  x11vnc -storepasswd "$VNC_PASSWORD" /root/.vnc/pass >/dev/null 2>&1 || true
  rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
  Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR &
  pids+=($!)
  sleep 0.5
  export DISPLAY="$DISPLAY_ADDR"
  fluxbox >/tmp/fluxbox.log 2>&1 &
  pids+=($!)
  x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet &
  pids+=($!)
  websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 &
  pids+=($!)
}

start_vpnagent() {
  # Load TUN module if needed
  /opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true
  # Clean up stale IPC socket
  rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true
  # Start Cisco VPN agent daemon
  /opt/cisco/secureclient/bin/vpnagentd &
  pids+=($!)
}

setup_tun() {
  mkdir -p /dev/net
  if [ ! -c /dev/net/tun ]; then
    mknod /dev/net/tun c 10 200
    chmod 600 /dev/net/tun
  fi
}

setup_nat() {
  sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1 || true
}

start_terminal() {
  sleep 1
  xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \
    -T "Rego VPN" -e bash &
  pids+=($!)
}

trap 'kill 0' INT TERM

echo "Starting Rego VPN container..."
setup_hosts
setup_tun
setup_nat
start_dbus
start_gui
start_vpnagent
start_terminal

echo "All services started. noVNC available on port $NOVNC_PORT"
wait