FROM ubuntu:22.04

LABEL maintainer="alexz"
LABEL description="OpenConnect SSO VPN in Docker with noVNC"
LABEL version="1.0.0"

ENV DEBIAN_FRONTEND=noninteractive
ENV container=docker

# VNC/noVNC settings
ENV DISPLAY=:1
ENV VNC_PORT=5901
ENV NOVNC_PORT=6080

# Python/Playwright settings
ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
ENV VIRTUAL_ENV=/opt/venv
ENV PATH=/opt/venv/bin:$PATH

# Install systemd and dependencies
RUN apt-get update && apt-get install -y \
    systemd \
    systemd-sysv \
    dbus \
    dbus-x11 \
    libgtk-3-0 \
    libglib2.0-0 \
    libstdc++6 \
    iptables \
    libxml2 \
    network-manager \
    zlib1g \
    policykit-1 \
    xdg-utils \
    libwebkit2gtk-4.0-37 \
    tigervnc-standalone-server \
    tigervnc-common \
    novnc \
    websockify \
    openbox \
    xterm \
    procps \
    net-tools \
    curl \
    iproute2 \
    iputils-ping \
    nano \
    x11vnc \
    xvfb \
    fluxbox \
    xdotool \
    oathtool \
    openconnect \
    python3 \
    python3-pip \
    python3-venv \
    vpnc-scripts \
    libasound2 \
    libnss3 \
    libatk1.0-0 \
    libatk-bridge2.0-0 \
    libxcomposite1 \
    libxrandr2 \
    libgbm1 \
    libxdamage1 \
    libpango-1.0-0 \
    fonts-liberation \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Remove unnecessary systemd services that cause issues in containers
RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
    /etc/systemd/system/*.wants/* \
    /lib/systemd/system/local-fs.target.wants/* \
    /lib/systemd/system/sockets.target.wants/*udev* \
    /lib/systemd/system/sockets.target.wants/*initctl* \
    /lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \
    /lib/systemd/system/systemd-update-utmp*

# Install openconnect-sso with playwright
RUN python3 -m venv "$VIRTUAL_ENV" && \
    pip install --no-cache-dir openconnect-sso[full] playwright keyring keyrings.alt && \
    python -m playwright install --with-deps chromium

RUN mkdir -p /opt/scripts /shared
RUN echo 'IyEvYmluL2Jhc2gKc2V0IC1lCmV4cG9ydCBIT01FPScvcm9vdCcKZXhwb3J0IFVTRVI9J3Jvb3QnCnJtIC1mIC90bXAvLlAxLWxvY2sgL3RtcC8uWDExLXVuaXgvWDEgMj4vZGV2L251bGwgfHwgdHJ1ZQpybSAtcmYgL3RtcC8uWCotbG9jayAvdG1wLy5YMTQtdW5peC8qIDI+L2Rldi9udWxsIHx8IHRydWUKZWNobyAiU3RhcnRpbmcgVGlnZXJWTkMgc2VydmVyIG9uIGRpc3BsYXkgOjEuLi4iCnZuY3NlcnZlciA6MSAtZ2VvbWV0cnkgMTI4MHg4MDAgLWRlcHRoIDI0IC1TZWN1cml0eVR5cGVzIFZuY0F1dGggLWxvY2FsaG9zdCBubwpzbGVlcCAyCmVjaG8gIlN0YXJ0aW5nIG5vVk5DIG9uIHBvcnQgJHtOT1ZOQ19QT1JUOi02MDgwfS4uLiIKd2Vic29ja2lmeSAtLXdlYj0vdXNyL3NoYXJlL25vdm5jLyAke05PVk5DX1BPUlQ6LTYwODB9IGxvY2FsaG9zdDo1OTAxICYKdGFpbCAtZiAvcm9vdC8udm5jLyoubG9nCg==' \
| base64 -d > /opt/scripts/startup-vnc.sh && \
chmod +x /opt/scripts/startup-vnc.sh

RUN echo 'W1VuaXRdCkRlc2NyaXB0aW9uPVZOQyBhbmQgbm9WTkMgU2VydmVyCkFmdGVyPW5ldHdvcmsudGFyZ2V0CgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9vcHQvc2NyaXB0cy9zdGFydHVwLXZuYy5zaApSZXN0YXJ0PWFsd2F5cwpSZXN0YXJ0U2VjPTUKRW52aXJvbm1lbnQ9SE9NRT0vcm9vdApFbnZpcm9ubWVudD1VU0VSPXJvb3QKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=' \
| base64 -d > /lib/systemd/system/vnc.service
RUN chmod 644 /lib/systemd/system/vnc.service && \
    systemctl enable vnc.service

# Copy entrypoint script
COPY scripts/entrypoint.sh /opt/scripts/
RUN chmod +x /opt/scripts/entrypoint.sh

VOLUME ["/sys/fs/cgroup"]

EXPOSE 5901 6080

STOPSIGNAL SIGRTMIN+3

CMD ["/opt/scripts/entrypoint.sh"]