[eightysixfour]

In the middle of building a self-hosting setup at home so I went ahead and installed this to give it a trial run. I generally like the interface and think it is a nice take on making self-hosting easier, but I have some pure stream of conscious criticism:

1. There sure are a lot of crypto apps. I'm not vehemently anti-crypto, but it is missing some "obvious" applications and full of those, so I'm curious what the play was there. They're all spread all over the place isntead of in a single category too. There are non-crypto finance apps that are self-hosted (Actual, BudgE, etc.), please don't mix them.

2. Plex and/or jellyfin stand out as huge misses right out of the gate.

3. I am surprised that it doesn't use nginx proxy manager with preset configs to make this all available from a single domain. Needs letsencrypt + a DDNS provider too while you're at it.

4. Why no blog/cms?

5. Can I give it the docker-compose config for an application not on the app store somewhere in GUI?

6. Wait, why is this accessible from Tor? And I can't turn it off? Nope nope nope.

[mayankchhabra]

Thanks for the taking the time to try Umbrel out, great observations!

1. Re crypto apps, I figured some additional context may help. Before our today's release, Umbrel was a self-hosting OS primarily geared towards Bitcoin node users. Today, we migrated the Bitcoin node to the Umbrel App Store and took the last step in our transition to becoming an app-agnostic general purpose OS. So expect to see a lot more non-Bitcoin apps hereon!

2. Yes, agree. We'll have Plex and Jellyfin live in the app store soon.

3. The main issue we found with using a single domain on the local network is that many Android phones and PCS have flaky mDNS support, in which case name resolution for "*.local" would simply fail. This is why we decided to use ports. Perhaps we can look into using ports on the local network and domain on a VPS.

4. Good suggestion! Feel free to share your recommendations.

5. That's not possible using the UI, but you can create your own custom docker-compose app by following our app framework documentation: https://github.com/getumbrel/umbrel-apps/blob/master/README....

6. Until now, a common use case of our users has been remote connection between Umbrel and their Bitcoin wallets over Tor. This is why remote access was baked directly into Umbrel and turned-on by default.

However, as we've now evolved from the Bitcoin space, we'll prioritize offering the ability to disable remote Tor access functionality in the next update, and make it opt-in instead of opt-out.

[mholt]

Re 3: What you really need is Caddy [0] with this dynamic DNS module: https://github.com/mholt/caddy-dynamicdns

Caddy has state-of-the-art certificate automation and TLS support, and with that module, it automatically updates DNS records if users have non-static IPs. It'll also serve certs for localhost domains (use *.localhost IMO).

[0]: https://caddyserver.com (I'm the author, for disclosure)

[etewiah]

Caddy is awesome. Personally, I'm delighted with it and I'm glad Matt is here promoting it. The more people use it the better it gets.

Thanks for an awesome product Matt!!

[mholt]

Glad your experience has been good, thanks for the reinforcement!

[francislavoie]

Re 3, that's why you need to run a DNS server in your LAN, like pihole or adguard or coredns. And don't use .local, use .home.arpa instead, or use a DDNS domain like DuckDNS and make it resolve to your LAN IP with your DNS server. And use Caddy (shameless plug)

[eightysixfour]

Thanks for the response!

1. Makes sense, looking forward to progress there.

2. Excellent. I’d consider one of the Wireguard VPN servers be prioritized as well.

3. I wouldn’t use mDNS for it, I would either require and integrate the PiHole configuration or come with a DNS server as well (leaning towards PiHole here). I’d suggest long-term planning on integrating DNS/DDNS and LetsEncrypt. I use a combo of a DDNS container for CloudFlare and a wildcard DNS generated by nginx proxy manager.

4. I’d go for one “simple” CMS, like Ghost, and one fully featured, like WordPress.

5. Will check it out.

6. Appreciate it being an option, I’ve signed up for the mailing list to get a notification when it is available so I can make another run at it.

Great work and I appreciate the engagement.

[pbronez]

I’m pleased to see the support for deploying directly to your own Umbrel without going through the App Store / pull request process. This is one of my biggest frustrations with Unraid.

It would be nice to have first class support for deploying stuff this way - not just for testing. I would like to deploy custom containers / compositions on my Umbrel and see them alongside stuff installed from the official repository. Ok to require an external guy repo as upstream for this, but better to work entirely local.

[southerntofu]

> Today, we migrated the Bitcoin node to the Umbrel App Store and took the last step in our transition to becoming an app-agnostic general purpose OS

Hello, do you have plans to interop with an established selfhosting distro and package scheme? Yunohost, Freedombox and Libreserver come to mind. If you'd rather go the containerized/virtualized way, there's a dozen or so distros based on Docker/LXC/K8S to make selfhosting easier.

I'm always happy that people are building stuff for selfhosting (though like others i'm skeptical of anything cryptocurrency-related), so please don't take it as a dismissal of your work, but i don't understand the appeal of building yet another solution and package format that's not interoperable with the others who have been out there for 5/10 years and provide good services to plenty of users already.

To be fair, apart from Dockerfiles there's not exactly any decent specification for declarative sysadmin (network ports, filesystem access..). The selfhosting field could certainly use a specification for selfhosted packages across distros, because the current situation places a strong burden on volunteer maintainers to keep up with updates.

[ignoramous]

> If you'd rather go the containerized/virtualized way, there's a dozen or so distros based on Docker/LXC/K8S to make selfhosting easier.

Which ones do you have in mind? Would you count ChromeOS as one of those, too?

[southerntofu]

> Which ones do you have in mind? Would you count ChromeOS as one of those, too?

A few i had in mind (from my bookmarks): Cloudron, Sandstorm, HomelabOS, libre.sh, UBOS, Unraid, Helm, CasaOS, servers.coop's Capsul. In my opinion, in those virtualized solutions Sandstorm is the only one that's not a simple GUI for docker/LXC and had some actually interesting research going on (especially in terms of security). That's for generic selfhosting solutions, and i personally have no strong opinion about these as i'm more interested about bare-metal solutions that work on low-end hardware (Freedombox/Yunohost/LibreServer).

To this list you can add the free ansible/docker recipes used by friendly hosting coops such as webarch.coop or disroot.org. I'm guessing many other CHATONS.org/Libreho.st federation members also publish their recipes, but i wouldn't know for sure.

I don't count ChromeOS as anything as my understanding is it's just a web browser with a custom kernel? I may be missing something as i've never used it, and if i don't have the source code and/or have to pay Google a single cent to use it i most probably will never try it out.

[ignoramous]

Thanks for the pointers. Btw, you may want to give ChromeOS a second look: https://news.ycombinator.com/item?id=25884262

[southerntofu]

Thanks for the information! To be honest, i'm still not interesting to fall into anything maintained by Google, but i see the value you're proposing.

Personally, when it comes to desktop virtualization, i'm very happy with QubesOS. It's not designed for graphics performance, but it's to my knowledge the only distro providing decent security for multi-VM graphical workloads, and their research keeps going!

[adastra22]

You should add an ability to turn off tor access if you don’t currently have it for sure. But why make it opt-in?

[MacsHeadroom]

Please keep Tor access opt-out!

Encouraging usage of privacy enabling services by default is good.

[wmf]

Umbrel started as a crypto-focused project before branching out to general self-hosting: http://web.archive.org/web/20200726114748/https://getumbrel....

[pbronez]

#5 is very interesting to me. I use (and paid for!) Unraid. It’s generally quite good. Their Community Apps plug-in scratches the same itch as the Umbrel App Store. I run several community-maintained of services with it, but it is… unclear… how to spin up your own image.

From what I can tell (and I might be dumb) you can’t really run a Docker image on Unraid unless you:

1) write an XML file using an undocumented schema

2) build and upload your image to Docker hub

3) get your container listed in community apps

Now I’m SURE it’s not actually that dumb. But I couldn’t figure it out before I got distracted, and thus I haven’t done it. All the “documentation” is exclusively forum threads. What little formal documentation exists is obsolete. It really feels like it’s set up for a core community of developers rather than the users.

Coming from that experience, I was impressed with a couple things about Umbrel as I read through OP:

(1) they have clear documentation on how to publish something to their App Store

(2) they have a documented YAML that handles most of the configuration

(3) they take an active role in curating the App Store. They claim to help you put together a nice listing.

(4) they have some actual tools to test your package

(5) the App Store has a concept of cross-app dependencies. They give the example of a blockchain explorer that needs a bitcoin node running. Very cool! I want to use this functionality to have one RDBMS, one git host, one logging service, etc all shared by the various apps I deploy.

[francislavoie]

Yeah, that's my biggest gripe with Unraid. Give me a way to write my own Dockerfile without having to SSH into the server! As an OSS maintainer of a project that supports custom builds with plugins, this is basically necessary for some users to use our project.

[nullcipher]

why is there so much crypto stuff? Probably me but by default I don't trust things that are crypto related.

[ibz]

Umbrel started as a way to easily host a Bitcoin node, so naturally there is plenty of Bitcoin related stuff. I think they only have one crypto (ie non-Bitcoin) app though.

[jonstaab]

It's accessible by tor because it's primarily a bitcoin/lightning node. If you're not interested in that core value prop, umbrel isn't for you.

[pooper]

I am amazed to see people are interested in running Bitcoin nodes. As far as I know, none of the people I have talked to about Bitcoin or shit coins have any interest in running a full node. This is the thing that convinced me that cryptocurrency is a fad or worse a place people see to make a quick buck.

When I looked into it, a Bitcoin node took over 300GB of space on your computer. I'd imagine that is over 600 GB now. Is anyone running full nodes on a raspberry pi?

[jonstaab]

I run one, it's quite easy and reasonably cheap. I admit the main value prop is feeling smug about your opsec, but the self-sovereignty thesis and culture of bitcoin are genuinely important. A small minority of people (nerds) running their own nodes is a way to keep the wider network more honest and help regular people benefit from using it.

[janandonly]

There have never been more people that run their own bitcoin/lightning node then there are right now.

See also: https://news.ycombinator.com/item?id=31673886

[pooper]

I'm glad to see that there are sixteen thousand full nodes because the last I heard there were fewer than ten thousand.

I have never spent actual currency to get Bitcoin but I cannot imagine being serious enough about Bitcoin to put tens of thousands of dollars in Bitcoin but then putting that money in Coinbase or something like that. (sorry YC, I know I was wrong about Dropbox and but I think I am still correct about Coinbase).

[3np]

Many people do. A large part of Umbrels initial user base falls in that category. A reliable enough 1TB SSD costs <$100. A full bitcoin node takes ~500GB today.

[PontifexMinimus]

> 4. Why no blog/cms?

Would it be possible to run Mastodon on this? With it being behind a domestic firewall, would that make it harder to other Mastodon instances to talk to it? Ditto for other ActivityPub software.

I'd like to see a world where anyone can easily set up and run their own social media from a Pi running on their home network.

[SLWW]

With Tailscale, and the Tor accessibility you would think even a simple blog application as well as plex/Jellyfin would be default out the gate.

Right now my home theater setup could use something easier then what i kludged together over a weekend.

[forum_ghost]

> missing some "obvious" applications

what would that be?

[declon]

> Plex and/or jellyfin stand out as huge misses right out of the gate.