runtipi/apps/rego-tunnel/shared/init-rego.sh

#!/bin/bash
# Rego Tunnel Init Script
# Combines:
# 1. DNS unmount fix (from cisco-vpn) - allows VPN to modify /etc/resolv.conf and /etc/hosts
# 2. Basic network setup (IP forwarding)
# 3. Starts systemd

set -e

echo "[init-rego] Starting Rego Tunnel initialization..."

# ============================================
# 1. Fix Docker's read-only bind mounts
# ============================================
echo "[init-rego] Fixing DNS bind mounts..."

# Backup current DNS config
cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true

# Unmount Docker's bind mounts (required for VPN to modify DNS)
umount /etc/resolv.conf 2>/dev/null || true
umount /etc/hosts 2>/dev/null || true

# Restore DNS config as regular writable files
cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts

echo "[init-rego] DNS files are now writable"

# ============================================
# 2. Network Setup
# ============================================
echo "[init-rego] Setting up network..."

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "[init-rego] IP forwarding enabled"

# Note: NAT/forwarding rules for VPN traffic are set up by the cisco-vpn script
# AFTER the VPN connects (it needs to know the VPN interface name)

# ============================================
# 3. Make shared scripts executable
# ============================================
if [ -d /shared ]; then
    chmod +x /shared/*.sh 2>/dev/null || true
    chmod +x /shared/cisco-vpn 2>/dev/null || true
    echo "[init-rego] Shared scripts made executable"
fi

# ============================================
# 4. Start systemd
# ============================================
echo "[init-rego] Starting systemd..."
exec /sbin/init