Umbrel App

[bijeebuss]

Is anybody working on or planning to start working on an Umbrel App soon? If not I would like to start on that. Are there any glaring concerns with doing that at this point?

[elsirion]

That would be awesome, I'm not aware of anyone working on it!

The main potential problem that comes to mind is that guardians currently need a publicly reachable, static IP and a domain name for which an SSL certificate can be acquired. Idk if that's a solved problem in the home-node space, I think to remember RaspiBlitz having some proxy service for people without a static IP for when Tor isn't feasible.

I remember @EthnTuttle doing something with StartOS and @Kodylow has experience with dockerizing Fedimint. @douglaz you have the most operational experience, any concerns with beginning packaging?

[EthnTuttle]

I remember @EthnTuttle doing something with StartOS and @Kodylow has experience with dockerizing Fedimint. @douglaz you have the most operational experience, any concerns with beginning packaging?

Yup! https://github.com/EthnTuttle/fedimintd-startos

I have successfully packaged up fedimintd to run on StartOS and am (slowly) making some UI (https://github.com/fedimint/ui) changes to accomodate the packaging. If you're working on bundling for Umbrel, please join us in the Discord (chat.fedimint.org) if you want to chat about it. Also, feel free to tag me here.

In addition to Umbrel, I have considered packaging for AMI/Terraform/Ansible, as this seems helpful for devs/admins. There are a couple more "nodes in a box" that might be a fit too: My Citadel, raspi-blitz, My Node.

Glad someone else is thinking of this!

[bijeebuss]

Good point about needing to be being publicly reachable. I could see how that would be tricky if each guardian node needs to have their FM_API_URL set to a publicly reachable IP/domain when they start up. There is a cloudflare tunnel app in the umbrel store that I think can accomplish getting a publicly reachable IP/domain. What I'm not sure on is whether there a way to make sure that is configured first and then either automatically or have the user manually update the fedimint parameters. I'll start looking into it more.

[Kodylow]

gonna take a look at this tonight, hop in the discord and we'll move forward on it

[bijeebuss]

What if (for now) the Umbrel app didn't expose anything publicly? The use case would would go like this:

1. As a tech savvy user I run a fedimint and gateway as the leader with public access and tls setup.
2. Trusted community members run fedimint on their umbrel as followers only. They input the websocket link to connect to me.

Would this work? This would allow less technical users to still be guardians while only one of the guardians needs to have a more complex setup. I think this might break the invite code on the followers' guardian UI since it would have the local network address encoded in it, if that works the way I think it does. Other than that, would this setup break anything?

[Kodylow]

Couple things:

1. generally the fedimint guardian should not also be running a gateway, running both on the same machine removes the separation of concerns that's fundamental to fedimint's custody model.
2. the follower/leader distinction only applies for the setup process, after the setup all the nodes are just equal guardians and any user facing app using the federation will attempt to get threshold responses from the guardians (depending on the method) so all the guardians would have to be online with good uptime
3. Highly recommend you prioritize and first go with the lightning gateway: that's a light side service to the lightning node that generally will have infrequent comms to end users when they attempt lightning payments, vs running a guardian node is an entirely separate service than the lightning node and will generally have longer and more frequent comms with every member of the fedimint

[elsirion]

The client requires in many cases to talk to t out of n (e.g. 3 of 4) guardians to be sure they aren't being lied to.

[Kodylow]

Update here after working with bijeebuss for a bit:

1. We require a couple ports to be openly accessible for clients to connect to for both gateway and guardian nodes. Umbrel doesn't expose publicly ports normally and requires you to use Tor hidden services, @elsirion what's the status on gateway/guardian support over Tor have we tested that? Think I remember you had something like last year for Tor?

2. Going to try to get the gateway working first because it only requires the 1 public port for clients to connect to plus umbrel already runs an LND lightning node so makes things nice and easy (unless there's other umbrel apps using the grpc interceptor since it's only got the one hook in? they probably have a check for that on lightning terminal, should see how that works)

3. After gateway working do guardian, but we should do some testing around it since running both over Tor + on little RasPis will be different than what we normally cover and use for guardians

[douglaz]

In addition to Umbrel, I have considered packaging for AMI/Terraform/Ansible, as this seems helpful for devs/admins. There are a couple more "nodes in a box" that might be a fit too: My Citadel, raspi-blitz, My Node.

Glad someone else is thinking of this!

FYI, I'm starting to test things in kubernetes, which is widely used in enterprise setups (but it could also be used in home environments)

[douglaz]

@douglaz you have the most operational experience, any concerns with beginning packaging?

I'm not sure fedimint is mature enough for these kind of setups. Ideally umbrel apps should work out of box with minimal configuration. We definitely should find some way of automatically exposing the guardians to the internet (perhaps using some third-party service).

[bijeebuss]

@douglaz thanks for chiming in. I think @Kodylow also mentioned somebody might be working on a one-click deploy solution. Something like this I imagine. That might be the best way to get regular users to be able to become a guardian.

However, I think Umbrel is still worth pursuing because:

1. It already includes a bitcoin and lightning node

2. It has one-click app infrastructure

3. People in the community are already familiar with it and run one

4. It provides a way to self-host a guardian in a way that a one-click cloud solution wouldn't necessarily provide

   The concerns can mostly be addressed.

5. Exposing ports: There is a cloudflare tunnel app in the umbrel app store that can achieve this. The only issue is that the FM_API_URL and FM_P2P_URL parameters need to be set as environment variables before starting fedimintd. The way umbrel apps work is you provide a docker compose file and an environment variables file and together they define the service. Umbrel doesn't provide a way to set these variables on a per user basis so either we could A: update fedimintd and/or the UI to be able to change these variables without having to set them in the compose file. B: See if we can create a PR to umbrel to add a way to set initialization parameters when installing an app.

6. Many people run on a raspberry pi which might not be able to handle the traffic: I think a solid warning about this would suffice. It is pretty easy to run Umbrel on beefier hardware

7. Separation of concerns (gateway/guardian): I agree with splitting the gateway and guardian into different apps but I'm not totally clear on why one couldn't run both on the same machine unless there's something I'm missing. I think it's a choice the user should make for themself. Especially for small or just starting mints there needs to be at least one gateway initially for it to work.

[bijeebuss]

I think tor would also solve the port issue and would work as long as the client apps support connecting over tor. However, I'm not a big fan of tor for anything that needs to work reliably so I think tunneling is the way to go

[douglaz]

1. Exposing ports: There is a cloudflare tunnel app in the umbrel app store that can achieve this. The only issue is that the FM_API_URL and FM_P2P_URL parameters need to be set as environment variables before starting fedimintd. The way umbrel apps work is you provide a docker compose file and an environment variables file and together they define the service. Umbrel doesn't provide a way to set these variables on a per user basis so either we could A: update fedimintd and/or the UI to be able to change these variables without having to set them in the compose file. B: See if we can create a PR to umbrel to add a way to set initialization parameters when installing an app.

Note that these values can be arguments to fedimintd on command line and if you can figure out some way of pulling these configurations from somewhere they can be set up somewhat dynamically. For instance on k8s I'm testing something like:

            - sh
            - -c
            - fedimintd --api-url ws://${POD_IP}:80 --p2p-url fedimint://${POD_IP}:8173

but this value may also come from another binary, so you could think of something like:

fedimintd --api-url $(magical-tunnel get-or-create-tls --to localhost:80 --ws-address) --p2p-url fedimint://$(magical-tunnel get-or-create-tcp --to localhost:8173 --address) 

[bijeebuss]

but this value may also come from another binary, so you could think of something like:

fedimintd --api-url $(magical-tunnel get-or-create-tls --to localhost:80 --ws-address) --p2p-url fedimint://$(magical-tunnel get-or-create-tcp --to localhost:8173 --address) 

Ok thanks this is giving me some ideas. Ill get back to you on this

[justinmoon]

dev call: P2P ports over TOR will be hard to do (will slow down consensus), API has MVP that @oleonardolima is looking into (useful for Umbrel). But having different API connections going through different circuits is harder.

[bijeebuss]

dev call: P2P ports over TOR will be hard to do (will slow down consensus), API has MVP that @oleonardolima is looking into (useful for Umbrel). But having different API connections going through different circuits is harder.

I agree, I think the cloudflare tunnel app will do the job there. For setting the parameters I like this idea proposed here:

• Create a configuration service with a UI to make all the preparations; The service writes the parameters to a .env file
• Add this configuration service to the compose with custom healthcheck for it, so it reports healthy status only if successfully configured;
• Make the main service dependent on the configuration with depends_on.

I started working on the configuration service with a simple web app. I think with this approach I can configure it so that I don't need to create another image (besides the config UI) that builds on top of fedimint's images.