pacebin

2025-08-02 11:27:49 -06:00 · 2025-08-02 11:27:49 -06:00 · 393c8f3d14
commit 393c8f3d14
parent 968d4db5d3
4 changed files with 84 additions and 0 deletions
--- a/pacebin/.env.example
+++ b/pacebin/.env.example
@ -0,0 +1,3 @@
+TS_HOSTNAME=pacebin
+TS_AUTHKEY=tskey-client-nnn-nnn
+TS_EXTRA_ARGS=--advertise-tags=tag:container
--- a/pacebin/Dockerfile
+++ b/pacebin/Dockerfile
@ -0,0 +1,18 @@
+FROM debian:bookworm
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    build-essential \
+    ca-certificates \
+ && rm -rf /var/lib/apt/lists/*
+
+RUN git clone https://git.swurl.xyz/swirl/pacebin.git /tmp/pacebin && \
+    make -C /tmp/pacebin && make -C /tmp/pacebin install-bin && \
+    rm -rf /tmp/pacebin
+
+RUN mkdir /pacebin-data
+
+COPY docker-entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
+ENTRYPOINT ["docker-entrypoint.sh"]
--- a/pacebin/docker-compose.yml
+++ b/pacebin/docker-compose.yml
@ -0,0 +1,57 @@
+services:
+  ts-pacebin:
+    image: tailscale/tailscale:latest
+    container_name: ts-pacebin
+    restart: unless-stopped
+    hostname: ${TS_HOSTNAME}
+    environment:
+      - TS_AUTHKEY
+      - TS_EXTRA_ARGS
+      - TS_SERVE_CONFIG=/ts/serve.json
+    volumes:
+      - tailscale:/var/lib/tailscale
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - net_admin
+      - sys_module
+    configs:
+      - source: serve-config
+        target: /ts/serve.json
+  pacebin:
+    build: .
+    container_name: pacebin
+    network_mode: service:ts-pacebin
+    depends_on:
+      - ts-pacebin
+    volumes:
+      - pacebin-data:/pacebin-data
+    # Optional: Random seed generated, or use deterministic seed
+    #environment:
+      #- PB_SECRET
+    restart: unless-stopped
+volumes:
+  pacebin-data:
+  tailscale:
+configs:
+  serve-config:
+    content: |
+      {
+        "TCP": {
+          "443": {
+            "HTTPS": true
+          }
+        },
+        "Web": {
+          "$${TS_CERT_DOMAIN}:443": {
+            "Handlers": {
+              "/": {
+                "Proxy": "http://127.0.0.1:8081"
+              }
+            }
+          }
+        },
+        "AllowFunnel": {
+          "$${TS_CERT_DOMAIN}:443": false
+        }
+      }
--- a/pacebin/docker-entrypoint.sh
+++ b/pacebin/docker-entrypoint.sh
@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+SECRET="${PB_SECRET:-$(head -c 32 /dev/urandom | sha256sum | cut -d' ' -f1)}"
+
+exec pacebin -d /pacebin-data -p 8081 -s "$SECRET" -k