#!/usr/bin/env bash
set -euo pipefail

NOVNC_PORT="${NOVNC_PORT:-8806}"
VNC_PASSWORD="${VNC_PASSWORD:-vpnpass}"
DISPLAY_ADDR="${DISPLAY:-:1}"

pids=()

start_gui() {
  mkdir -p /root/.vnc
  x11vnc -storepasswd "$VNC_PASSWORD" /root/.vnc/pass >/dev/null 2>&1 || true
  rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
  Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR &
  pids+=($!)
  sleep 0.5
  export DISPLAY="$DISPLAY_ADDR"
  fluxbox >/tmp/fluxbox.log 2>&1 &
  pids+=($!)
  x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet &
  pids+=($!)
  websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 &
  pids+=($!)
}

start_vpnagent() {
  /opt/cisco/secureclient/bin/vpnagentd -execv_instance &
  pids+=($!)
}

setup_tun() {
  mkdir -p /dev/net
  if [ ! -c /dev/net/tun ]; then
    mknod /dev/net/tun c 10 200
    chmod 600 /dev/net/tun
  fi
}

setup_nat() {
  sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1 || true
}

start_terminal() {
  sleep 1
  xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \
    -T "Rego VPN" -e bash &
  pids+=($!)
}

trap 'kill 0' INT TERM

echo "Starting Rego VPN container..."
setup_tun
setup_nat
start_gui
start_vpnagent
start_terminal

echo "All services started. noVNC available on port $NOVNC_PORT"
wait