FROM ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive
ENV container=docker

# Install systemd and required packages
RUN apt-get update && apt-get install -y \
    systemd systemd-sysv dbus dbus-x11 \
    iproute2 iptables ca-certificates \
    curl wget openssh-client \
    x11vnc xvfb fluxbox novnc websockify xterm nano oathtool \
    xauth libnss3 libatk1.0-0 libatk-bridge2.0-0 \
    libx11-6 libx11-xcb1 libxcomposite1 libxrandr2 libgbm1 libxdamage1 \
    libpango-1.0-0 fonts-liberation \
    libegl1 libgl1 libopengl0 libdbus-1-3 libglib2.0-0 \
    libxkbcommon0 libxkbcommon-x11-0 \
    libxcb1 libxcb-cursor0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-render0 libxcb-render-util0 libxcb-shm0 libxcb-xfixes0 libxcb-xinerama0 libxcb-randr0 libxcb-glx0 \
    xdotool xclip \
    libwebkit2gtk-4.1-0 libgtk-3-0 libxml2 libxss1 libcairo2 libgdk-pixbuf2.0-0 \
    sudo && rm -rf /var/lib/apt/lists/*

RUN apt-get update && (apt-get install -y libasound2t64 || apt-get install -y libasound2) && rm -rf /var/lib/apt/lists/*

# Configure systemd - remove unnecessary units
RUN cd /lib/systemd/system/sysinit.target.wants/ && \
    ls | grep -v systemd-tmpfiles-setup | xargs rm -f && \
    rm -f /lib/systemd/system/multi-user.target.wants/* && \
    rm -f /etc/systemd/system/*.wants/* && \
    rm -f /lib/systemd/system/local-fs.target.wants/* && \
    rm -f /lib/systemd/system/sockets.target.wants/*udev* && \
    rm -f /lib/systemd/system/sockets.target.wants/*initctl* && \
    rm -f /lib/systemd/system/basic.target.wants/* && \
    rm -f /lib/systemd/system/anaconda.target.wants/* && \
    rm -f /lib/systemd/system/plymouth* && \
    rm -f /lib/systemd/system/systemd-update-utmp*

# Copy and extract pre-built Cisco Secure Client 5.1.14.145
COPY cisco-secureclient-5.1.14.145.tar.gz /tmp/
RUN tar -xzf /tmp/cisco-secureclient-5.1.14.145.tar.gz -C / && \
    rm /tmp/cisco-secureclient-5.1.14.145.tar.gz

# Copy user data (hostscan, etc)
COPY cisco-userdata.tar.gz /tmp/
RUN tar -xzf /tmp/cisco-userdata.tar.gz -C /root && \
    rm /tmp/cisco-userdata.tar.gz

# Create Cisco systemd service
RUN mkdir -p /etc/systemd/system && \
    echo '[Unit]' > /etc/systemd/system/vpnagentd.service && \
    echo 'Description=Cisco AnyConnect Secure Mobility Client Agent' >> /etc/systemd/system/vpnagentd.service && \
    echo 'After=network.target' >> /etc/systemd/system/vpnagentd.service && \
    echo '' >> /etc/systemd/system/vpnagentd.service && \
    echo '[Service]' >> /etc/systemd/system/vpnagentd.service && \
    echo 'Type=forking' >> /etc/systemd/system/vpnagentd.service && \
    echo 'ExecStart=/opt/cisco/secureclient/bin/vpnagentd' >> /etc/systemd/system/vpnagentd.service && \
    echo 'Restart=on-failure' >> /etc/systemd/system/vpnagentd.service && \
    echo '' >> /etc/systemd/system/vpnagentd.service && \
    echo '[Install]' >> /etc/systemd/system/vpnagentd.service && \
    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/vpnagentd.service && \
    systemctl enable vpnagentd.service 2>/dev/null || true

COPY vpn-sso.sh /root/vpn-sso.sh
RUN chmod +x /root/vpn-sso.sh

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

VOLUME [ "/sys/fs/cgroup" ]
EXPOSE 8806
ENTRYPOINT ["/entrypoint.sh"]