[App Request] - Mastodon (bounty offered)

[WhiteRabbitBTC]

Would be great to see a Mastodon app available for Umbrel. I'll stake $500 USD (paid in bitcoin) to anyone who can help make this a reality.

[jgmontoya]

There seems to already be a docker image: https://hub.docker.com/r/tootsuite/mastodon/ this should make integration easier.

[ronnicek]

Hi,

I will just write my 2 cents.

I like that Umbrel gets apps, so you can install all needed software to get your bitcoin node up and running. But I feel that adding application which have nothing to do with Bitcoin can bring more security issues (or at least extend attack surface), because people should keep bitcoin node secure as much as possible, mainly, if they have lightning node and channels with others.

It will start with Mastodon, then there will be Nextcloud, PixelFed, Diaspora*..

[AaronDewes]

then there will be Nextcloud

Actually yes, I'm planning to do that :-)

I also have a test version already ready.

[jgmontoya]

I like that Umbrel gets apps, so you can install all needed software to get your bitcoin node up and running. But I feel that adding application which have nothing to do with Bitcoin can bring more security issues (or at least extend attack surface), because people should keep bitcoin node secure as much as possible, mainly, if they have lightning node and channels with others.

I disagree, I see Umbrel as the way to get all sorts of self-hosted things integrated. Apps such as a Mastodon instance will always be optional, so if you're not comfortable with running one on the same hardware as your Bitcoin node you can always just ignore it and not install it.

[ronnicek]

I disagree, I see Umbrel as the way to get all sorts of self-hosted things integrated. Apps such as a Mastodon instance will always be optional, so if you're not comfortable with running one on the same hardware as your Bitcoin node you can always just ignore it and not install it.

For sure I will not do it, problem is, that I know what I am doing (at least I think I know :D), but new people which have no idea what they are doing.. I am trying to protect these :-)

PS: If you want to have "self-hosted things" check YunoHost or some other alternative, which are build to do it - https://alternativeto.net/software/yunohost/about/

[AaronDewes]

Takes a bit longer because I have to recompile mastadon to work on the RPi, but I'm working on it

[nolim1t]

The image is only amd64, but getting this on arm might actually be cool for ARM devices and laptops (such as the new Apple Silicon laptops which are actually arm arch) too.

[louneskmt]

I think you can ask Mastodon devs to build for arm too, it can be useful for a lot of people @AaronDewes

[nolim1t]

Takes a bit longer because I have to recompile mastadon to work on the RPi, but I'm working on it

QEMU doesn't work?

That's how we build a lot of the images.

[AaronDewes]

It does, I've got the image, it just takes a bit longer to get it working in Umbrel.

[nolim1t]

I would see if they do it ifrst if its that trivial to do, maybe even add a PR into their repo

[esackbauer]

I do not feel comfortable to have my funds on an OS instance together with Mastodon or Nextcloud. There are other things like Yunohost or even Home Assistant which are more geared toward that.

[louneskmt]

I do not feel comfortable to have my funds on an OS instance together with Mastodon or Nextcloud.

There are other things like Yunohost or even Home Assistant which are more geared toward that.

As @jgmontoya said, it's totally up to you. If you don't feel comfortable with some apps, you can just ignore them. Not installed apps will never be potential security holes.

Apps such as a Mastodon instance will always be optional, so if you're not comfortable with running one on the same hardware as your Bitcoin node you can always just ignore it and not install it.

[esackbauer]

But it does add a lot of dependencies, doesn't it? Nginx proxy, hardware ressources, network layout etc.etc. What happens if Nextcloud fills up your SSD and you cannot send/receive funds? There will be for sure a lot of additional issues which could be avoided.

[louneskmt]

Umbrel uses a containers structure with Docker. Apps are isolated. Dependencies are installed in the app container, at the app installation.

For future apps (not sure atm), we can always add ressources limit for its container (e.g. in case of Nextcloud, limit the storage to like 200 GB).

[esackbauer]

These limits or possible workarounds like another attached USB device will open up a box of pandora of new support topics and feature requests (please integrate letsencrypt, unraid etc), just saying that there will be a lot of effort needed for supporting those additional apps, which are not the core business of Umbrel. Just my 0.02 as a Solution Architect with 20 years experience ;)

[jgmontoya]

The burden of maintenance of such apps should be upon the app maintainers and not directly upon the Umbrel maintainers. Of course atm there is an overlap between the two but that doesn't need to be so.

[ronnicek]

@esackbauer I would understand it when the product would be in "final" version and have solved all things from SECURITY.md :)

[louneskmt]

The way I've understood, Umbrel will stick to bitcoin-related apps for now. Once it reaches a comfortable level of security, stability, etc, other apps will be considered.

[nolim1t]

I would check out this implementation if you wanted something that works with the fediverse.

[lukechilds]

Hey guys just wanted to chime in to clear up a few things.

Firstly @ronnicek / @esackbauer just wanted to address the security concerns you raised.

I feel that adding application which have nothing to do with Bitcoin can bring more security issues (or at least extend attack surface)

Apps in Umbrel are isolated at both the filesystem and execution level. One app can't read files from another app or execute binaries in the same context as another app. One compromised app cannot easily compromise another app. We are also working on taking this further to implement network level isolation, so one app can't even ping another app unless it has been specifically allowed access to it.

But it does add a lot of dependencies, doesn't it? Nginx proxy, hardware resources, network layout etc.etc.

The way Umbrel apps work is that they are installed on the fly at runtime, just like the app store on your phone. If you haven't installed an app on your device, none of it's code/binaries/dependencies exist on your device. You are not open to any extra attack surface if you don't install extra apps.

In terms of whether we will or will not specifically support Mastodon, we're open minded and always listening to user feedback. The generous bounty from @WhiteRabbitBTC is definitely a great signal to us that there's demand for Mastodon. However, the most commonly requested apps so far have been Dojo, Whirpool, LNDHub, mempool.space, and LNbits. So for now we want to keep the app store focused only around Bitcoin/LN apps.

[PMK]

Can I kick this request?

With the new app store, this should be much easier, I suppose.

[almino]

Is this bounty still valid?

Is it a Mastodon client or a Mastodon instance?

[michaelachrisco]

I would be using this OS if only it had a Mastodon/fediverse software working. It takes a bit to get a working Mastodon server up and running so it would be nice if this would be a thing in the new app store.