# Rego Tunnel - Build Files

This directory contains the Dockerfile and scripts to build the Cisco VPN Docker image.

## Files

- `Dockerfile` - Main Docker image definition
- `cisco-secure-client-full.tar.gz` - Pre-extracted Cisco Secure Client installation
- `build.sh` - Build script to create the Docker image
- `scripts/` - Container scripts:
  - `init-vpn.sh` - Container init (unmounts DNS files for VPN, starts systemd)
  - `startup-vnc.sh` - VNC/noVNC startup script
  - `vpn-connect.sh` - VPN automation script (inside container)
  - `xstartup` - VNC session startup
  - `vnc.service` - Systemd service for VNC

## Building

```bash
cd /etc/runtipi/repos/runtipi/apps/rego-tunnel/build
./build.sh
```

To push to registry:
```bash
docker push git.alexzaw.dev/alexz/cisco-vpn:latest
```

## Architecture

1. **init-vpn.sh**: Unmounts Docker's bind-mounted `/etc/resolv.conf` and `/etc/hosts` (required for VPN to modify DNS), then starts systemd
2. **systemd**: Manages vpnagentd (Cisco VPN agent) and vnc (VNC server) services
3. **xstartup**: Runs when VNC session starts - by default launches vpnui, but can be overridden via volume mount
4. **vpn-connect.sh**: Optional automation script for auto-login with TOTP

## Runtime Mounts

When running as rego-tunnel app, these are mounted:
- `/shared` - Contains the `cisco-vpn` script with full automation
- `/root/.vnc/xstartup` - Custom xstartup that launches terminal with cisco-vpn script
- `/opt/scripts/init-vpn.sh` - Custom init script with network setup