I'm looking forward to some backup service - ideally one I can also self host offsite - but don't mind a sensible paid service. I assume the Blockchain itself doesn't need to be backed up but my apps data, yes.
I'd love to have another umbrel server being used as backup in case the primary one "goes down"
and I dabble in cryptocurrency.
I would suggest that you will struggle to grow in the mainstream with that theme.
It means they care about beauty in the first place, which is already a huge plus.
(I’m putting “beautiful” in quotes because it’s largely subjective what that means for UIs and software.)
Say I have a knife - of course I want it first and foremost to be a "good" knife (again, "good" between quotes, because that is also subjective). But for a good knife that I'll have around for many years I want it to be also beautiful. I would not want a good knife with an ugly plastic handle. But of course, like you say, I would also not want a beautifully carved knife that is unusable.
This Umbrel thing we are discussing here - I happen to love it, and I've been using it constantly for more than half a year. I looked at the competition as well, and guess what - the alternatives with ugly UIs have a terrible architecture behind the scenes. Take RaspiBlitz for example, the most beloved competitor of Umbrel - I went through the source code trying to understand how it works and I was horrified. All just files full of magic commands placed in magic locations. Good luck trying to deploy an app you create on RaspiBlitz! Sure you can, but it's not "nice". Umbrel on the other hand has a clean architecture and a short tutorial on how to make any app run on it - dockerize it, create a yaml to describe it, BAM!
Never tried the Start9 Embassy, but I think it's at least equally good, and maybe a little bit less beautiful. I'll try it anyway. But I don't see myself trying the outright ugly alternatives.
I guess somebody that tries to make something beautiful also tends to find beautiful solutions to otherwise mundane problems.
1. There sure are a lot of crypto apps. I'm not vehemently anti-crypto, but it is missing some "obvious" applications and full of those, so I'm curious what the play was there. They're all spread all over the place isntead of in a single category too. There are non-crypto finance apps that are self-hosted (Actual, BudgE, etc.), please don't mix them.
2. Plex and/or jellyfin stand out as huge misses right out of the gate.
3. I am surprised that it doesn't use nginx proxy manager with preset configs to make this all available from a single domain. Needs letsencrypt + a DDNS provider too while you're at it.
4. Why no blog/cms?
5. Can I give it the docker-compose config for an application not on the app store somewhere in GUI?
6. Wait, why is this accessible from Tor? And I can't turn it off? Nope nope nope.
1. Re crypto apps, I figured some additional context may help. Before our today's release, Umbrel was a self-hosting OS primarily geared towards Bitcoin node users. Today, we migrated the Bitcoin node to the Umbrel App Store and took the last step in our transition to becoming an app-agnostic general purpose OS. So expect to see a lot more non-Bitcoin apps hereon!
2. Yes, agree. We'll have Plex and Jellyfin live in the app store soon.
3. The main issue we found with using a single domain on the local network is that many Android phones and PCS have flaky mDNS support, in which case name resolution for "*.local" would simply fail. This is why we decided to use ports. Perhaps we can look into using ports on the local network and domain on a VPS.
4. Good suggestion! Feel free to share your recommendations.
5. That's not possible using the UI, but you can create your own custom docker-compose app by following our app framework documentation: https://github.com/getumbrel/umbrel-apps/blob/master/README....
6. Until now, a common use case of our users has been remote connection between Umbrel and their Bitcoin wallets over Tor. This is why remote access was baked directly into Umbrel and turned-on by default.
However, as we've now evolved from the Bitcoin space, we'll prioritize offering the ability to disable remote Tor access functionality in the next update, and make it opt-in instead of opt-out.
Caddy has state-of-the-art certificate automation and TLS support, and with that module, it automatically updates DNS records if users have non-static IPs. It'll also serve certs for localhost domains (use *.localhost IMO).
[0]: https://caddyserver.com (I'm the author, for disclosure)
1. Makes sense, looking forward to progress there.
2. Excellent. I’d consider one of the Wireguard VPN servers be prioritized as well.
3. I wouldn’t use mDNS for it, I would either require and integrate the PiHole configuration or come with a DNS server as well (leaning towards PiHole here). I’d suggest long-term planning on integrating DNS/DDNS and LetsEncrypt. I use a combo of a DDNS container for CloudFlare and a wildcard DNS generated by nginx proxy manager.
4. I’d go for one “simple” CMS, like Ghost, and one fully featured, like WordPress.
5. Will check it out.
6. Appreciate it being an option, I’ve signed up for the mailing list to get a notification when it is available so I can make another run at it.
Great work and I appreciate the engagement.
It would be nice to have first class support for deploying stuff this way - not just for testing. I would like to deploy custom containers / compositions on my Umbrel and see them alongside stuff installed from the official repository. Ok to require an external guy repo as upstream for this, but better to work entirely local.
Hello, do you have plans to interop with an established selfhosting distro and package scheme? Yunohost, Freedombox and Libreserver come to mind. If you'd rather go the containerized/virtualized way, there's a dozen or so distros based on Docker/LXC/K8S to make selfhosting easier.
I'm always happy that people are building stuff for selfhosting (though like others i'm skeptical of anything cryptocurrency-related), so please don't take it as a dismissal of your work, but i don't understand the appeal of building yet another solution and package format that's not interoperable with the others who have been out there for 5/10 years and provide good services to plenty of users already.
To be fair, apart from Dockerfiles there's not exactly any decent specification for declarative sysadmin (network ports, filesystem access..). The selfhosting field could certainly use a specification for selfhosted packages across distros, because the current situation places a strong burden on volunteer maintainers to keep up with updates.
Encouraging usage of privacy enabling services by default is good.
From what I can tell (and I might be dumb) you can’t really run a Docker image on Unraid unless you:
1) write an XML file using an undocumented schema
2) build and upload your image to Docker hub
3) get your container listed in community apps
Now I’m SURE it’s not actually that dumb. But I couldn’t figure it out before I got distracted, and thus I haven’t done it. All the “documentation” is exclusively forum threads. What little formal documentation exists is obsolete. It really feels like it’s set up for a core community of developers rather than the users.
Coming from that experience, I was impressed with a couple things about Umbrel as I read through OP:
(1) they have clear documentation on how to publish something to their App Store
(2) they have a documented YAML that handles most of the configuration
(3) they take an active role in curating the App Store. They claim to help you put together a nice listing.
(4) they have some actual tools to test your package
(5) the App Store has a concept of cross-app dependencies. They give the example of a blockchain explorer that needs a bitcoin node running. Very cool! I want to use this functionality to have one RDBMS, one git host, one logging service, etc all shared by the various apps I deploy.
When I looked into it, a Bitcoin node took over 300GB of space on your computer. I'd imagine that is over 600 GB now. Is anyone running full nodes on a raspberry pi?
Would it be possible to run Mastodon on this? With it being behind a domestic firewall, would that make it harder to other Mastodon instances to talk to it? Ditto for other ActivityPub software.
I'd like to see a world where anyone can easily set up and run their own social media from a Pi running on their home network.
Right now my home theater setup could use something easier then what i kludged together over a weekend.
what would that be?
These people have put a good deal of effort into their landing screen, unfortunately this effort has made it worse than it would have been if it was simple text descriptions. Please improve this.
Self hosting in 2022 is not exactly a walk in the park. Besides the obvious security risks of data loss/theft through exploits, you also have a challenge making anything as redundant as a cloud service.
Most major cloud services offer multi geographical redundancy, meaning if one data center completely vanishes (like the OVH fire), your data is safe in another data center, and hastily restoring redundancy to yet another data center.
You get versioning as well, i.e. OneDrive offers unlimited versions for 30 days, allowing you to roll back your entire account to a date 30 days in the past in case of malware attacks.
Add to that redundant hardware, power, internet, spare parts, physical access control, fire prevention and more.
On the other side of the fence, we have that old gaming PC that has been repurposed as a "home server", running Unraid, or slightly better TrueNAS in Raid-Z1, and not a backup in sight because "raid". Furthermore it probably hasn't been patched in months unless it defaults to auto updating.
I'm well aware that there are people that are serious about self hosting (i used to be one), but the above repurposed gaming PC is what you'll get in A LOT of the cases.
And to top it all off, with electricity prices in Europe as they are right now, the cloud is cheaper than running your own hardware, except of course for multi TB storage. A 4 bay Synology consuming 45W costs about €18/month in electricity alone, and a 60W server costs €23.5/month.
Even with my favourite distro, being a sys-admin gets annoying after a while.
There is nothing "free as in beer" that even comes close to this in polish. This is gorgeous.
Are security updates and DevOps automatic? How fine grained are the security updates i.e. Kernel level or app level? How long does it take end-to-end from CVE patch release to end user applying the update?
I would not want to lose my pictures, contacts or NextCloud files due to some update failure, hardware failure or my own mistake in managing the system.
Btw can't sign up for the newsletter although tried multiple emails and disabled adblocker. Just says "Oops! Something went wrong. Can you please try again?"...
Everybody can "spy" on your transactions by design, isn't it so? Isn't mixing the only way to go if you don't want everybody to see your entire shopping history?
What support, if any, is there for reading S.M.A.R.T. Stats, ZFS, and BTRFS? You mention CPU temps, but what about things that actually matter in regular use cases?
The major problem with Umbrel is that even though they package all in one-solutions. If something goes wrong you rely on umbrel for issues (against decentralization). You will rely on their updates for any problems.
start9 built an linux os group up. all services are individually packaged from source.
umbrel packages all dependencies together (via docker container) which could causes issues for maintenace.
// start9 vs umbrel https://youtu.be/kmfzATMxCj4
// what is start9 embassy? https://www.youtube.com/watch?v=GfMvXJxYamw
> I recently tried to set up an SSH server on NixOS and gave up after a day. And I love NixOS.
Setting up OpenSSH is one of the more trivial tasks on any Unix-like operating system. So I'm curious as to why you "love" NixOS despite it sounding like you aren't comfortable with (at least what I consider) a very trivial system setting change?
If you add the following to your configuration.nix and rebuild your system this will setup OpenSSH:
``` services.openssh.enable = true; ```
And if you have enabled the firewall you can make sure that port 22 is allowed with this:
``` networking.firewall.allowedTCPPorts = [ 22 ]; ```
And then just rebuild your system.
Being unable to enable SSH on NixOS sounds more of like a lack of understanding of how to use NixOS. Again, I'm exceedingly curious as to why you love NixOS but are unable to make such a trivial change to your system? Did you actually install NixOS on your system?
I am a huge fan of people at any stage of expertise loving NixOS and playing with it and I apologize if this question sounds like me being a dick or trying to police your experience -- please continue to love NixOS!
I have never spent actual currency to get Bitcoin but I cannot imagine being serious enough about Bitcoin to put tens of thousands of dollars in Bitcoin but then putting that money in Coinbase or something like that. (sorry YC, I know I was wrong about Dropbox and but I think I am still correct about Coinbase).
I'm imagining something like Synology NAS with it's apps [1], but with more user submitted services, and better connectivity between them. If Umbrel/Yunohost/Sandstorm/Cloudron released a pre-configured raspberry pi with some sane defaults, that could be a step in the right direction.
For something like a home server to take off it really needs to have that killer app. For most that would probably be something like Plex/Jellyfin, but your average user is just going to sign up for streaming services instead. And if a media server is all you want, Synology can take care of that pretty well. I recently moved my Plex server from a Mac mini (which I used in some form since Plex was first launched) over to a Synology NAS using Docker. Of course that’s not very user friendly, but assuming the native Plex app is better for the average Joe.
With so many cloud providers that make it easy to get to your data anywhere in the world via your laptop or phone, it’s hard to argue in favor of moving to home servers for much of anything. Sure, you can access it remotely if you set it up, but it’s going to be more hit and miss, and when things don’t work you’re just stuck hoping you can fix it.
Which ones do you have in mind? Would you count ChromeOS as one of those, too?
A few i had in mind (from my bookmarks): Cloudron, Sandstorm, HomelabOS, libre.sh, UBOS, Unraid, Helm, CasaOS, servers.coop's Capsul. In my opinion, in those virtualized solutions Sandstorm is the only one that's not a simple GUI for docker/LXC and had some actually interesting research going on (especially in terms of security). That's for generic selfhosting solutions, and i personally have no strong opinion about these as i'm more interested about bare-metal solutions that work on low-end hardware (Freedombox/Yunohost/LibreServer).
To this list you can add the free ansible/docker recipes used by friendly hosting coops such as webarch.coop or disroot.org. I'm guessing many other CHATONS.org/Libreho.st federation members also publish their recipes, but i wouldn't know for sure.
I don't count ChromeOS as anything as my understanding is it's just a web browser with a custom kernel? I may be missing something as i've never used it, and if i don't have the source code and/or have to pay Google a single cent to use it i most probably will never try it out.
Where in the license does it forbid such a thing? Commercial use != an individual paying for third party support/service/development.
> Selling Umbrel, including selling cloud-hosted instances with Umbrel or its derivates, home server hardware with Umbrel or its derivates, support services for Umbrel or its derivates, etc is not permitted under our license.
>> used for selling goods or providing services for money, rather than for personal use
(https://dictionary.cambridge.org/dictionary/english/commerci...)
An individual being paid to provide a service is commercial under that, and most legal definitions of the word.
The license only forbids third-party to offer Umbrel by themselves. If you pay for hosting, and install it on your own, it would be fine.
Maybe Umbrel could sell that as an extra -- you have an Umbrel box, it automatically sends an encrypted copy of your data to its servers.
45×24×30×0.2/1000=2.6$/month
45W for a month is 32.85 KWh (452430.4/1000), so i rounded up to 33 KWh.
Electricity where i live is currently averaging about €0.54/KWh, though this winter has seen prices as high as €1.14/KWh. Normal price is around €0.3.
33 * 0.54 = 17,8 ~= €18
The difference lies in electricity price.
Personally, when it comes to desktop virtualization, i'm very happy with QubesOS. It's not designed for graphics performance, but it's to my knowledge the only distro providing decent security for multi-VM graphical workloads, and their research keeps going!
Here's our post that explains our licensing in detail: https://blog.getumbrel.com/everything-you-need-to-know-about...
Yes, your license means that individual users can make little patches to customize the product to their needs, and even share these customizations with other users. That's great!
But the license effectively prohibits borrowing code from your codebase for use in other projects, meaning your code does not become part of the aether of Open Source code that anyone can build upon. That's a very important part of what it means to be "Open Source".
It also effectively prevents any large-scale modification or forking effort, since maintaining patches as the underlying codebase evolves is a hard job, and the license prohibits people from funding such effort. If users want timely security updates, they will need to stick close to your version of the codebase. So the lock-in is there.
Again, this is all a perfectly justified direction for you to take. I don't blame you at all, and I definitely understand that it's Amazon's fault that we cannot have nice things. But it's not Open Source.
On a tangentially-related note, a little tip: You have defined all noncommercial organizations -- including education, public research, and government -- as being permitted users. That may be dangerous. I was the founder of Sandstorm, and these organizations were exactly the ones most interested in paying for our product -- literally the only big sales we ever made were a couple universities, a big research org, and a government. Despite being non-profit, these orgs have lots of money and a need for self-hosting.
These are all rights I have with Open Source software that is denied by your non-commercial license. Reading your blog post, you seem to not understand Open Source nor do you seem to understand the implications of your own license very well.
Re noncommercial organizations being permitted users, this was a conscious decision on our part. We're purposefully building Umbrel purely for consumers, and don't plan to serve any commercial or noncommercial organizations. We want to align our incentives directly with consumers instead of enterprises, and this is purely to help us focus on building for the user-base that excites us the most.
I'm a big fan of Sandstorm btw. It was way ahead of its time.
Despite a lot of noise on HN, we had only a few hundred signups for our paid hosting service. We built super-scalable hosting tech but it turned out we could have hosted them on a single big VM all along... oops.
I think the problem is that the apps, while functional, weren't competitive with their SaaS competitors, and so the only reason to use the hosting service was if you really cared about the Open Source aspect. Maybe if we had a killer app that was actually better than any SaaS alternative, we could have gotten somewhere? But we never found that.
Meanwhile, we got a lot of feedback from people working at big orgs that were forced to self-host for regulatory reasons. Such orgs are terribly served by the current software market, since they can essentially only buy software from companies that specialize in building regulated software, and those companies generally build software that is expensive and terrible.
Real-time collaboration essentially didn't exist in this market, making our apps actually better than what these organizations had! But we had absolutely no expertise in selling to orgs like this, and we never really figured it out. We should have hired for it much earlier, or maybe even brought on another co-founder with enterprise sales experience.
So, we were unable to get anywhere before investors pulled the plug.
With that said, I always say you should not trust anyone's advice. Your story is different and you need to do what makes intuitive sense to you. If your intuition is right, you succeed. But you certainly can't succeed by going against your own intuition, so if someone says something that doesn't make intuitive sense to you, ignore it.
I agree that the overall functionality for the apps wasn't quite up to snuff. The problem is, self-hosted apps are structurally under-resourced relative to their hosted peers. This is because SaaS providers can amortize development costs over a much bigger user base while simultaneously capturing operations efficiencies.
In my world, we want all the latest stuff, but refuse to let anyone host our data. We wind up with a small vendor pool that specializes in meeting regulatory requirements instead of making good software. I am very interested in finding technical solutions to this problem. Or at least, technical solutions that create new options to solve the operational and cultural problems!
And a key difference is that Cloudron and Umbrel may monetize selfhosters, which I believe Sandstorm did not endeavor to do at all.
Especially when one of the VC firms that funds your project is also the one behind formulation of the PolyForm set of licenses, I'd imagine. At least, PolyForm is better, in some sense, than fully closed source projects built atop other MIT/BSD/Apache licensed projects (say, the V8 JavaScript engine ;), and never shared.
The only reason I dislike non-OSI approved licenses are, the "users" of such licenses want to have their cake and eat it too: As in, they want to project open source ethos while also denying the advantages/rights otherwise afforded by Open Source, as defined by the OSI.
Imo, source-available licenses are justified only when companies using it are honest about their intentions and forthcoming about the license's limitations. Nothing specific on Umbrel, but generally, misdirection by firms insistent on source-available licenses as being some convenient 'middle-ground' is off-putting, to say the least!
I've followed Umbrel since I first stumbled upon it in August 2020, and of course, I'd have liked them to be open-source (since I don't believe software is their core advantage, rather their brand is; but then again, what do I know): https://github.com/getumbrel/umbrel/issues/291#issuecomment-...
That said, Umbrel already brings a lot to the table... its licensing is a predictable HN distraction from discussion on its true potential.
With Sandstorm we did plan to have paid apps and in-app purchases eventually, believe it or not...
I think personal servers is pretty key, so I'm glad there are a few endeavors working on it.