From 393c8f3d14fbdaf63b077c807d8ed099722be8d4 Mon Sep 17 00:00:00 2001
From: tavo <tavo@tavo.one>
Date: Sat, 2 Aug 2025 11:27:49 -0600
Subject: [PATCH] pacebin

---
 pacebin/.env.example         |  3 ++
 pacebin/Dockerfile           | 18 ++++++++++++
 pacebin/docker-compose.yml   | 57 ++++++++++++++++++++++++++++++++++++
 pacebin/docker-entrypoint.sh |  6 ++++
 4 files changed, 84 insertions(+)
 create mode 100644 pacebin/.env.example
 create mode 100644 pacebin/Dockerfile
 create mode 100644 pacebin/docker-compose.yml
 create mode 100644 pacebin/docker-entrypoint.sh

diff --git a/pacebin/.env.example b/pacebin/.env.example
new file mode 100644
index 0000000..2355cd3
--- /dev/null
+++ b/pacebin/.env.example
@@ -0,0 +1,3 @@
+TS_HOSTNAME=pacebin
+TS_AUTHKEY=tskey-client-nnn-nnn
+TS_EXTRA_ARGS=--advertise-tags=tag:container
diff --git a/pacebin/Dockerfile b/pacebin/Dockerfile
new file mode 100644
index 0000000..da6d14c
--- /dev/null
+++ b/pacebin/Dockerfile
@@ -0,0 +1,18 @@
+FROM debian:bookworm
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    build-essential \
+    ca-certificates \
+ && rm -rf /var/lib/apt/lists/*
+
+RUN git clone https://git.swurl.xyz/swirl/pacebin.git /tmp/pacebin && \
+    make -C /tmp/pacebin && make -C /tmp/pacebin install-bin && \
+    rm -rf /tmp/pacebin
+
+RUN mkdir /pacebin-data
+
+COPY docker-entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
+ENTRYPOINT ["docker-entrypoint.sh"]
diff --git a/pacebin/docker-compose.yml b/pacebin/docker-compose.yml
new file mode 100644
index 0000000..9070fe4
--- /dev/null
+++ b/pacebin/docker-compose.yml
@@ -0,0 +1,57 @@
+services:
+  ts-pacebin:
+    image: tailscale/tailscale:latest
+    container_name: ts-pacebin
+    restart: unless-stopped
+    hostname: ${TS_HOSTNAME}
+    environment:
+      - TS_AUTHKEY
+      - TS_EXTRA_ARGS
+      - TS_SERVE_CONFIG=/ts/serve.json
+    volumes:
+      - tailscale:/var/lib/tailscale
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - net_admin
+      - sys_module
+    configs:
+      - source: serve-config
+        target: /ts/serve.json
+  pacebin:
+    build: .
+    container_name: pacebin
+    network_mode: service:ts-pacebin
+    depends_on:
+      - ts-pacebin
+    volumes:
+      - pacebin-data:/pacebin-data
+    # Optional: Random seed generated, or use deterministic seed
+    #environment:
+      #- PB_SECRET
+    restart: unless-stopped
+volumes:
+  pacebin-data:
+  tailscale:
+configs:
+  serve-config:
+    content: |
+      {
+        "TCP": {
+          "443": {
+            "HTTPS": true
+          }
+        },
+        "Web": {
+          "$${TS_CERT_DOMAIN}:443": {
+            "Handlers": {
+              "/": {
+                "Proxy": "http://127.0.0.1:8081"
+              }
+            }
+          }
+        },
+        "AllowFunnel": {
+          "$${TS_CERT_DOMAIN}:443": false
+        }
+      }
diff --git a/pacebin/docker-entrypoint.sh b/pacebin/docker-entrypoint.sh
new file mode 100644
index 0000000..f0309d3
--- /dev/null
+++ b/pacebin/docker-entrypoint.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+SECRET="${PB_SECRET:-$(head -c 32 /dev/urandom | sha256sum | cut -d' ' -f1)}"
+
+exec pacebin -d /pacebin-data -p 8081 -s "$SECRET" -k