App Submission: AlbyHub v1.8.0

[bumi]

AlbyHub is Alby's new self-custodial wallet. It is build around the NWC protocol to allow users connect their Umbrel lightning nodes to the growing number applications supporting NWC for payments. Most known are the various nostr apps to enable zapping.
Alby Hub is also the continuation of the Nostr Wallet Connect application with is already in the store.

Links:

• https://nwc.dev/
• https://albyhub.com/

App Submission

App name

Alby Hub

256x256 SVG icon

https://svgur.com/s/19oF

Gallery images

PNG:

JPG:

I have tested my app on:

• umbrelOS on a Raspberry Pi
• umbrelOS on an Umbrel Home
• umbrelOS on Linux VM

[bumi]

what is the warning with the container user? The app needs to be able to write to the data directory. for this root is needed, isn't it?

[nmfretz]

Have been looking forward to this one @bumi! I will review and test tomorrow.

what is the warning with the container user?

Ideally, we want containers to run as non-root as part of app sandboxing measures, but it is not a strict requirement right now which is why the github actions linter is showing a severity indicator of "info" here. If the getalby/hub container requires a root user then this is fine for now.

The app needs to be able to write to the data directory. for this root is needed, isn't it?

On app install, umbrelOS will create any host bind mounts that are committed to this directory (in this case ${APP_DATA_DIR}/data) with user:group 1000:1000 ownership. So if getalby/hub were to run as 1000:1000 it could write to the data directory.

[nmfretz]

I've tested and this is working really well @bumi. Fantastic work by the whole alby team 🐝

I've left some comments/suggestions below. After they are addressed we can go live.

[nmfretz]

If this container can run as a non-root user (which should be possible based on this Dockerfile https://github.com/getAlby/hub/blob/master/Dockerfile) then we can change this to:

Suggested change

	server:
	image: ghcr.io/getalby/hub:v1.6.0@sha256:45ec367860a8f42c6f66317dd5889d8e2af8b0df1e0bc59b33e67c08770e4e17
	volumes:
	server:
	image: ghcr.io/getalby/hub:v1.6.0@sha256:45ec367860a8f42c6f66317dd5889d8e2af8b0df1e0bc59b33e67c08770e4e17
	user: "1000:1000"
	volumes:

When the app is installed, umbrelOS creates the data directory that's commited to this repo with 1000:1000 ownership/permissions, so a getalby/hub container running as user 1000 will have write permissions to ${APP_DATA_DIR}/data

[bumi]

My docker and docker compose knowledge is limited. We do not want to change the image now as it is used in various places and I would be worried to break other deployments.

The app only writes to the configured volume. (log files and SQLite DB files)
If we configure this user here what does that exactly mean? can you point me to some docs?

It also binds to ports > 1024 - 8080 for the webapp and the lightning port 9375 (if the embedded LDK node is used and not the default Umbrel LND node) - so no root is needed for that.

[nmfretz]

No worries. The user key in a docker-compose.yml file allows you to run the container as a certain user WITHOUT having to change the underlying image.

Setting user in the docker-compose.yml overrides the user used to run the container process. If you don't set a user in the docker-compose.yml file then Docker uses whatever has been defined in the Dockerfile with the USER instruction. In the case of your Dockerfile, the lack of USER instruction means that by default it runs as root.

As long as the container can write to it's log and db files as user 1000:1000 then we should be good. I can give this a test for you.

Docs:
https://docs.docker.com/reference/dockerfile/#user
https://docs.docker.com/reference/compose-file/services/#user

[nmfretz]

Hey @bumi, just pinging you again in case you missed the above review from last week.

[nmfretz]

@bumi - I forgot to ask: with the addition of Alby Hub should we be removing Nostr Wallet Connect from the app store?
https://github.com/getumbrel/umbrel-apps/tree/master/alby-nostr-wallet-connect

If so, what I can do is add disabled: true to the umbrel-app.yml of nostr wallet connect and it will make it so that existing installs can continue to use the app, but users will no longer see the app as available in the app store.

[bumi]

@nmfretz thanks a lot for the feedback and improvements.

should we be removing Nostr Wallet Connect from the app store?

I am not sure what's best here. We are not actively working on it anymore and for us Alby Hub is the successor of that old NWC app. We recommend people to update to Alby Hub. So to me disabled: true sounds good - but some people also still liked the original NWC app it seemed.

[bumi]

fyi. we have one patch release coming this week which I would like to have in this release.

[nmfretz]

I am not sure what's best here. We are not actively working on it anymore and for us Alby Hub is the successor of that old NWC app. We recommend people to update to Alby Hub. So to me disabled: true sounds good - but some people also still liked the original NWC app it seemed.

If you'd like to keep NWC available for new users still then perhaps for now we can just add a note at the top of NWC's app description saying that it is recommended to use the successor app Alby Hub instead. Although I imagine that since you're not working on NWC anymore, there will come a time when you'd want the app retired (e.g., it's not receiving security updates, etc).

fyi. we have one patch release coming this week which I would like to have in this release.

Great, thanks for letting me know. Ping me when it's ready and I'll give it a final test before we go live!

[nmfretz]

Here's a checklist for us:

• Update ghcr.io/getalby/hub image tag and digest in docker-compose.yml with latest patch release (@bumi)
• Update the version in the umbrel-app.yml to match the patch release version (@bumi)
• Test user 1000:1000 (@nmfretz)
• Check gallery assets resolution (@nmfretz)