alexz
efc3ad00af
- Move entrypoint.sh from build/scripts/ to shared/ - Create startup-vnc.sh in shared/ (was base64-encoded in Dockerfile) - Remove baked-in scripts and CMD from Dockerfile (keep vnc.service unit only) - Entrypoint now: chmod +x all shared scripts, symlinks startup-vnc.sh to /opt/scripts/ so systemd vnc.service still finds it - Fix host watcher: use /bin/bash in ExecStart for permission resilience - Bump tipi_version to 7 All scripts are now dynamically controlled via volume mounts. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rego Tunnel - Build Files
This directory contains the Dockerfile and scripts to build the Cisco VPN Docker image.
Files
Dockerfile- Docker image definition (Ubuntu 22.04 + Cisco Secure Client + noVNC)cisco-secure-client-full.tar.gz- Pre-extracted Cisco Secure Client 5.1.14.145build.sh- Build and push scriptscripts/entrypoint.sh- Container entrypoint (starts systemd)
Building
cd /etc/runtipi/repos/runtipi/apps/rego-tunnel/build
./build.sh
This builds and pushes to git.alexzaw.dev/alexz/cisco-vpn:latest
To build without pushing:
docker build -t git.alexzaw.dev/alexz/cisco-vpn:latest .
What's in the image
The Dockerfile creates an image with:
- Ubuntu 22.04 with systemd
- Cisco Secure Client 5.1.14.145 (VPN, DART, Posture modules)
- TigerVNC server + noVNC (web-based VNC)
- Tools: xdotool, oathtool (for TOTP), xclip, openbox
Systemd services (baked in)
vpnagentd.service- Cisco VPN agentvnc.service- VNC server + noVNC websockify
Scripts (baked in via base64 in Dockerfile)
/opt/scripts/startup-vnc.sh- Starts VNC server and noVNC/opt/scripts/entrypoint.sh- Container entrypoint
Runtime mounts (from shared/)
When running as rego-tunnel app, these are mounted from shared/:
/shared/cisco-vpn- Main VPN automation script/shared/xstartup→/root/.vnc/xstartup- VNC session startup
Ports
5901- VNC server6080- noVNC web interface