{
  "name": "Rego Tunnel",
  "available": true,
  "port": 8006,
  "exposable": true,
  "dynamic_config": true,
  "id": "rego-tunnel",
  "description": "Linux VM with Cisco AnyConnect VPN for accessing Rego environments securely.",
  "tipi_version": 3,
  "version": "latest",
  "categories": ["utilities"],
  "short_desc": "Linux VM VPN tunnel to Rego environments.",
  "author": "alexz",
  "source": "https://git.alexzaw.dev/alexz/runtipi",
  "form_fields": [
    {
      "type": "number",
      "label": "RAM (GB)",
      "hint": "RAM to assign to the VM (in gigabytes)",
      "placeholder": "8",
      "required": true,
      "env_variable": "WINDOWS_RAM_GB",
      "default": "8"
    },
    {
      "type": "number",
      "label": "CPU Cores",
      "hint": "CPU cores to assign to the VM",
      "placeholder": "4",
      "required": true,
      "env_variable": "WINDOWS_CPU_CORES",
      "default": "4"
    },
    {
      "type": "text",
      "label": "VM IP (internal)",
      "hint": "Internal VM IP on the tap/bridge network",
      "placeholder": "100.100.0.2",
      "required": true,
      "env_variable": "VM_NET_IP",
      "default": "100.100.0.2"
    },
    {
      "type": "text",
      "label": "VM MAC",
      "hint": "Used for DHCP reservation (VM must use DHCP)",
      "placeholder": "52:54:00:12:34:56",
      "required": true,
      "env_variable": "VM_MAC",
      "default": "52:54:00:12:34:56"
    },
    {
      "type": "text",
      "label": "Bridge name",
      "hint": "Linux bridge created inside the container for VM networking",
      "placeholder": "br-rego-vpn",
      "required": true,
      "env_variable": "BRIDGE_NAME",
      "default": "br-rego-vpn"
    },
    {
      "type": "text",
      "label": "TAP name",
      "hint": "Tap interface name used by QEMU",
      "placeholder": "tap0",
      "required": true,
      "env_variable": "TAP_NAME",
      "default": "tap0"
    },
    {
      "type": "ip",
      "label": "Bridge CIDR",
      "hint": "Bridge address/CIDR assigned inside the container",
      "placeholder": "100.100.0.1",
      "required": true,
      "env_variable": "BRIDGE_CIDR",
      "default": "100.100.0.1"
    },
    {
      "type": "text",
      "label": "QEMU binary",
      "hint": "Override the QEMU system binary (e.g. /usr/bin/qemu-system-amd64). Leave empty for default.",
      "placeholder": "/usr/bin/qemu-system-amd64",
      "required": false,
      "env_variable": "QEMU_BIN",
      "default": ""
    },
    {
      "type": "text",
      "label": "TAP2 name (shared network)",
      "hint": "Optional second TAP interface for a second VM NIC. Set to enable NIC2 (e.g. tap1).",
      "placeholder": "tap1",
      "required": false,
      "env_variable": "TAP2_NAME",
      "default": ""
    },
    {
      "type": "text",
      "label": "Bridge2 name (shared network)",
      "hint": "Optional second Linux bridge for NIC2 (e.g. br-app).",
      "placeholder": "br-app",
      "required": false,
      "env_variable": "BRIDGE2_NAME",
      "default": ""
    },
    {
      "type": "text",
      "label": "Bridge2 uplink interface",
      "hint": "If set, bridge NIC2 onto this container interface (e.g. eth0 for 10.x app network, eth1 for 172.x main network).",
      "placeholder": "eth0",
      "required": false,
      "env_variable": "BRIDGE2_UPLINK_IF",
      "default": ""
    },
    {
      "type": "text",
      "label": "Bridge2 CIDR (optional)",
      "hint": "Optional IPv4/CIDR for Bridge2. If empty and uplink is set, the bridge inherits the uplink IPv4 address.",
      "placeholder": "10.128.14.2/24",
      "required": false,
      "env_variable": "BRIDGE2_CIDR",
      "default": ""
    },
    {
      "type": "text",
      "label": "VM MAC2 (shared network)",
      "hint": "Optional MAC for NIC2 (e.g. 52:54:00:12:34:57).",
      "placeholder": "52:54:00:12:34:57",
      "required": false,
      "env_variable": "VM_MAC2",
      "default": ""
    },
    {
      "type": "ip",
      "label": "VM subnet",
      "hint": "Subnet that should be NATed out of the container",
      "placeholder": "100.100.0.0",
      "required": true,
      "env_variable": "VM_SUBNET",
      "default": "100.100.0.0"
    },
    {
      "type": "ip",
      "label": "Target IP (routed via VM)",
      "hint": "Traffic to this IP is routed via the VM (VPN inside the VM)",
      "placeholder": "10.35.33.230",
      "required": true,
      "env_variable": "TARGET_IP",
      "default": "10.35.33.230"
    },
    {
      "type": "text",
      "label": "DNS servers",
      "hint": "DNS servers offered to the VM via DHCP",
      "placeholder": "1.1.1.1,8.8.8.8",
      "required": true,
      "env_variable": "DNS_SERVERS",
      "default": "1.1.1.1,8.8.8.8"
    },
    {
      "type": "text",
      "label": "DHCP lease time",
      "hint": "Lease duration (dnsmasq format, e.g. 12h)",
      "placeholder": "12h",
      "required": true,
      "env_variable": "LEASE_TIME",
      "default": "12h"
    },
    {
      "type": "text",
      "label": "Host share directory",
      "hint": "Host path mounted into the container at /hostshare and exported into the VM",
      "placeholder": "${APP_DATA_DIR}",
      "required": true,
      "env_variable": "HOSTSHARE_DIR",
      "default": "/etc/runtipi/app-data/runtipi/rego-tunnel/hostshare"
    }
  ],
  "supported_architectures": ["amd64"]
}