#!/bin/bash
# Entrypoint: VNC password setup + DNS fix + direct VNC start (no systemd)

set -euo pipefail

export HOME='/root'
export USER='root'
export DISPLAY=:1

# Setup TigerVNC password file from env var (passed by runtipi)
if [ -n "${VNC_PASSWORD:-}" ]; then
    mkdir -p /root/.vnc
    printf '%s\n%s\n' "$VNC_PASSWORD" "$VNC_PASSWORD" | vncpasswd -f > /root/.vnc/passwd
    chmod 600 /root/.vnc/passwd
fi

# DNS fix
cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true
umount /etc/resolv.conf 2>/dev/null || true
umount /etc/hosts 2>/dev/null || true
cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "[entrypoint] IP forwarding enabled"

# Clean up stale VNC locks
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true

# Start TigerVNC server
echo "[entrypoint] Starting TigerVNC server on display :1..."
vncserver :1 -geometry 1280x800 -depth 24 -SecurityTypes VncAuth -localhost no

sleep 2

# Start noVNC via websockify
echo "[entrypoint] Starting noVNC on port ${NOVNC_PORT:-6092}..."
websockify --web=/usr/share/novnc/ ${NOVNC_PORT:-6092} localhost:5901 &

echo "[entrypoint] VNC ready. Use noVNC at http://localhost:${NOVNC_PORT:-6092}/vnc.html"

# Keep container running and tail logs
tail -f /root/.vnc/*.log 2>/dev/null || tail -f /dev/null