Add Nix flake and systemd deployment for Alby Hub#2142
Add Nix flake and systemd deployment for Alby Hub#2142jmikedupont2 wants to merge 2 commits intogetAlby:masterfrom
Conversation
- flake.nix: Build configuration using existing nixpkgs package - albyhub.service: User systemd service template - deploy.sh: Automated build and deployment script - INSTALL.md: Installation and usage documentation - Runs on port 8087 to avoid conflicts
📝 WalkthroughWalkthroughAdds Nix-based deployment for Alby Hub: a flake, build-and-deploy script, systemd user service unit, installation and funding docs, a funding helper script, and a .gitignore change replacing Changes
Sequence Diagram(s)sequenceDiagram
participant Dev as Developer (runs deploy.sh)
participant Nix as Nix Build
participant FS as Files (flake.nix, albyhub.service -> generated)
participant Systemd as systemd --user
participant Alby as albyhub process
participant Browser as User Browser
Dev->>Nix: nix build (resolve STORE_PATH)
Nix-->>FS: produce store path -> binary
Dev->>FS: substitute STORE_PATH into albyhub.service -> albyhub-generated.service
Dev->>Systemd: install & reload user units, enable & restart service
Systemd->>Alby: start albyhub (ExecStart, WORK_DIR, PORT=8087)
Browser->>Alby: HTTP requests (http://localhost:8087)
Alby-->>Browser: HTTP responses
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment Tip You can make CodeRabbit's review stricter and more nitpicky using the `assertive` profile, if that's what you prefer.Change the |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (2)
deploy.sh (1)
17-23: Write rendered unit directly to systemd user dir.Current flow creates an extra generated file in the repo root. Render directly to
~/.config/systemd/user/albyhub.serviceto avoid local artifact churn.Suggested simplification
-sed "s|STORE_PATH_PLACEHOLDER|$STORE_PATH|g" albyhub.service > albyhub-generated.service +mkdir -p ~/.config/systemd/user/ +sed "s|STORE_PATH_PLACEHOLDER|$STORE_PATH|g" albyhub.service > ~/.config/systemd/user/albyhub.service ... -mkdir -p ~/.config/systemd/user/ -cp albyhub-generated.service ~/.config/systemd/user/albyhub.service systemctl --user daemon-reload🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@deploy.sh` around lines 17 - 23, The script currently renders the unit into a temporary file albyhub-generated.service then copies it into the user systemd dir; change the sed invocation so it writes directly to ~/.config/systemd/user/albyhub.service (replace the pipeline that creates albyhub-generated.service and the subsequent cp) — update the sed command that operates on albyhub.service to output straight to the target path and remove the creation/reference to albyhub-generated.service.INSTALL.md (1)
3-13: Add prerequisites and use a shell-invoked command in Quick Start.Quick Start should state required environment (Linux + user systemd + Nix with flakes) and prefer
bash ./deploy.shfor reliability when executable bit is missing.Doc tweak
## Quick Start ```bash -./deploy.sh +bash ./deploy.sh+## Prerequisites
+
+- Linux withsystemd --user
+- Nix installed with flakes enabled</details> <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In
@INSTALL.mdaround lines 3 - 13, Update the "## Quick Start" section to use a
shell-invoked command (change "./deploy.sh" to "bash ./deploy.sh") and add a new
"## Prerequisites" section above or before Quick Start listing "Linux with
systemd --user" and "Nix installed with flakes enabled"; edit the text around
the Quick Start bullets (the content under the "## Quick Start" heading) to
reflect the command change and ensure the new "## Prerequisites" heading and its
two bullet points appear in INSTALL.md.</details> </blockquote></details> </blockquote></details> <details> <summary>🤖 Prompt for all review comments with AI agents</summary>Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.gitignore:
- Line 33: The .gitignore currently contains a likely accidental entry
"albyhub-dataresult"; remove or correct this line to the actual local artifact
directory your build produces (replace "albyhub-dataresult" with the real
directory name used by your tooling), and add an entry to ignore the service
file that deploy.sh creates by adding "albyhub-generated.service" to .gitignore
so the generated unit file is not committed.In
@deploy.sh:
- Line 7: Replace the impure build invocation in deploy.sh: remove the
--impureflag and invoke a pure flake build of the repository package (use the
flake attributepackages.default) so the deployment uses a reproducible build;
specifically update thenix build --impurecall to a pure flake build
targetingpackages.default(e.g., usenix build .#packages.default) in
deploy.sh.In
@flake.nix:
- Line 15: The package reference uses a machine-local absolute path
(packages.default = pkgs.callPackage /mnt/.../albyhub/package.nix {}) which is
not portable; replace this with the nixpkgs attribute for that package (use
pkgs.albyhub or the appropriate pkgs. directly) so the flake
uses the upstream nixpkgs package instead of a host-specific file; update the
expression in the packages.default assignment to reference pkgs.albyhub (or the
correct attribute name) and remove the absolute callPackage path.
Nitpick comments:
In@deploy.sh:
- Around line 17-23: The script currently renders the unit into a temporary file
albyhub-generated.service then copies it into the user systemd dir; change the
sed invocation so it writes directly to ~/.config/systemd/user/albyhub.service
(replace the pipeline that creates albyhub-generated.service and the subsequent
cp) — update the sed command that operates on albyhub.service to output straight
to the target path and remove the creation/reference to
albyhub-generated.service.In
@INSTALL.md:
- Around line 3-13: Update the "## Quick Start" section to use a shell-invoked
command (change "./deploy.sh" to "bash ./deploy.sh") and add a new "##
Prerequisites" section above or before Quick Start listing "Linux with systemd
--user" and "Nix installed with flakes enabled"; edit the text around the Quick
Start bullets (the content under the "## Quick Start" heading) to reflect the
command change and ensure the new "## Prerequisites" heading and its two bullet
points appear in INSTALL.md.</details> --- <details> <summary>ℹ️ Review info</summary> <details> <summary>⚙️ Run configuration</summary> **Configuration used**: defaults **Review profile**: CHILL **Plan**: Pro **Run ID**: `63624d6c-5d88-48ef-9e68-5532994c0ff7` </details> <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 15ef0fb68efc7a99d7f7fcd8ba7296add69ae7c0 and 749339e8c89eaba05a394e3b8edf365bd7be7e5d. </details> <details> <summary>⛔ Files ignored due to path filters (1)</summary> * `flake.lock` is excluded by `!**/*.lock` </details> <details> <summary>📒 Files selected for processing (5)</summary> * `.gitignore` * `INSTALL.md` * `albyhub.service` * `deploy.sh` * `flake.nix` </details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
| *.db-wal | ||
| *.db-journal | ||
| albyhub-data No newline at end of file | ||
| albyhub-dataresult |
There was a problem hiding this comment.
Possible typo in ignored artifact path.
Line 33 (albyhub-dataresult) looks accidental and may fail to ignore the intended local artifact directory. Also, deploy.sh generates albyhub-generated.service in the repo root and that file should be ignored.
Proposed .gitignore update
-albyhub-dataresult
+albyhub-data
+albyhub-generated.service📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| albyhub-dataresult | |
| albyhub-data | |
| albyhub-generated.service |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.gitignore at line 33, The .gitignore currently contains a likely accidental
entry "albyhub-dataresult"; remove or correct this line to the actual local
artifact directory your build produces (replace "albyhub-dataresult" with the
real directory name used by your tooling), and add an entry to ignore the
service file that deploy.sh creates by adding "albyhub-generated.service" to
.gitignore so the generated unit file is not committed.
| echo "=== Deploying Alby Hub ===" | ||
|
|
||
| # Build with Nix | ||
| nix build --impure |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify impure flag is removed and default flake output is buildable.
rg -n -- '--impure' deploy.sh
rg -n 'nix build' deploy.sh
nix build .#default --dry-runRepository: getAlby/hub
Length of output: 157
🏁 Script executed:
fd -name "flake.nix" -o -name "flake.lock"Repository: getAlby/hub
Length of output: 285
🏁 Script executed:
rg -n "default\s*=" | head -20Repository: getAlby/hub
Length of output: 287
🏁 Script executed:
cat -n deploy.shRepository: getAlby/hub
Length of output: 1116
Avoid impure builds in deployment.
Line 7 uses --impure, which weakens reproducibility and should not be used in deployment workflows. The repository's flake.nix defines packages.default, so build it purely instead.
Suggested change
-nix build --impure
+nix build .#default📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| nix build --impure | |
| nix build .#default |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@deploy.sh` at line 7, Replace the impure build invocation in deploy.sh:
remove the `--impure` flag and invoke a pure flake build of the repository
package (use the flake attribute `packages.default`) so the deployment uses a
reproducible build; specifically update the `nix build --impure` call to a pure
flake build targeting `packages.default` (e.g., use `nix build
.#packages.default`) in deploy.sh.
| pkgs = nixpkgs.legacyPackages.${system}; | ||
| in | ||
| { | ||
| packages.default = pkgs.callPackage /mnt/data1/time2/time/2023/07/06/nixpkgs/pkgs/by-name/al/albyhub/package.nix { }; |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify no absolute callPackage path remains, and default package is exposed.
rg -n 'callPackage\s+/' flake.nix
nix flake show . | rg -n 'packages\..*\.default'Repository: getAlby/hub
Length of output: 242
🏁 Script executed:
# Check the full flake.nix structure to understand nixpkgs setup
cat -n flake.nixRepository: getAlby/hub
Length of output: 1089
🏁 Script executed:
# Search for albyhub references in the repo
rg -i albyhub --type nixRepository: getAlby/hub
Length of output: 270
🏁 Script executed:
# Check if package.nix exists at the referenced path (or any package.nix in repo)
fd -name 'package.nix' -type fRepository: getAlby/hub
Length of output: 285
🌐 Web query:
albyhub nixpkgs package NixOS
💡 Result:
albyhub is already packaged in nixpkgs, so you can install it directly on NixOS as a normal package (there doesn’t appear to be an official services.albyhub.* NixOS module in nixpkgs—just the package). The nixpkgs package description is “Control lightning wallets over nostr”, and MyNixOS currently shows version 1.21.0. (mynixos.com)
Install on NixOS (system-wide)
Add to your configuration (e.g., /etc/nixos/configuration.nix):
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.albyhub
];
}Then:
sudo nixos-rebuild switchInstall ad-hoc (flakes / CLI)
nix shell nixpkgs#albyhub
# or
nix profile install nixpkgs#albyhubNotes
- Package homepage is
getAlby/hub. (mynixos.com) - If you want it to run as a background daemon on NixOS, you’ll typically create your own
systemd.services.<name>unit (since nixpkgs doesn’t expose a dedicatedservices.albyhubmodule). (mynixos.com)
Citations:
- 1: https://mynixos.com/nixpkgs/package/albyhub
- 2: https://mynixos.com/nixpkgs/package/albyhub
- 3: https://mynixos.com/nixpkgs/package/albyhub
🏁 Script executed:
# Check if there's a local package.nix or similar in the repo
fd package.nixRepository: getAlby/hub
Length of output: 37
🏁 Script executed:
# Check git history to see if the absolute path was recently added
git log --oneline -20 flake.nixRepository: getAlby/hub
Length of output: 112
Replace machine-local package path with nixpkgs package reference.
Line 15 hardcodes a host-specific absolute path, which will break on any other machine/CI. Since albyhub is available in nixpkgs, use the upstream package attribute instead.
Portable fix
- packages.default = pkgs.callPackage /mnt/data1/time2/time/2023/07/06/nixpkgs/pkgs/by-name/al/albyhub/package.nix { };
+ packages.default = pkgs.albyhub;📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| packages.default = pkgs.callPackage /mnt/data1/time2/time/2023/07/06/nixpkgs/pkgs/by-name/al/albyhub/package.nix { }; | |
| packages.default = pkgs.albyhub; |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@flake.nix` at line 15, The package reference uses a machine-local absolute
path (packages.default = pkgs.callPackage /mnt/.../albyhub/package.nix {}) which
is not portable; replace this with the nixpkgs attribute for that package (use
pkgs.albyhub or the appropriate pkgs.<albyhub-attribute> directly) so the flake
uses the upstream nixpkgs package instead of a host-specific file; update the
expression in the packages.default assignment to reference pkgs.albyhub (or the
correct attribute name) and remove the absolute callPackage path.
There was a problem hiding this comment.
🧹 Nitpick comments (3)
fund-from-coinbase.sh (2)
11-16: Add-rflag toreadto prevent backslash interpretation.Without
-r, backslashes in user input are treated as escape characters, which could cause unexpected behavior.Proposed fix
-read -p "Paste your Bitcoin address here: " BTC_ADDRESS +read -rp "Paste your Bitcoin address here: " BTC_ADDRESS🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@fund-from-coinbase.sh` around lines 11 - 16, The read invocation that captures BTC_ADDRESS should use the -r flag to prevent backslash interpretation; update the read command (the line using read -p "Paste your Bitcoin address here: " BTC_ADDRESS) to include -r (i.e., read -r -p ...) so user-supplied backslashes are not treated as escape sequences before the subsequent BTC_ADDRESS emptiness check and exit logic.
13-16: Consider adding basic Bitcoin address format validation.The script only checks for empty input. A basic regex check could catch typos and prevent users from proceeding with clearly invalid addresses.
Optional: Add basic format validation
if [ -z "$BTC_ADDRESS" ]; then echo "Error: No address provided" exit 1 fi + +# Basic validation: Bitcoin addresses start with 1, 3, or bc1 +if ! [[ "$BTC_ADDRESS" =~ ^(1|3|bc1) ]]; then + echo "Warning: Address doesn't look like a valid Bitcoin address" + read -rp "Continue anyway? (y/N): " CONFIRM + [[ "$CONFIRM" =~ ^[Yy]$ ]] || exit 1 +fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@fund-from-coinbase.sh` around lines 13 - 16, The script only checks BTC_ADDRESS for emptiness; add a basic Bitcoin address format validation after the existing if [ -z "$BTC_ADDRESS" ] check by testing the BTC_ADDRESS variable against a regex that accepts common Bitcoin formats (legacy P2PKH starting with 1, P2SH starting with 3, and bech32 starting with bc1) and exit with an error message if it fails; update the validation logic around the BTC_ADDRESS variable so clearly invalid addresses are rejected before proceeding.FUNDING.md (1)
39-42: Node URIs may become stale over time.Consider adding a note that users should verify current node information from official sources, as node URIs (especially IP addresses like ACINQ's) can change. Alternatively, link to a dynamic source for recommended nodes.
Optional: Add freshness note
## Recommended Nodes +> **Note**: Node URIs may change. Verify current information at [1ML](https://1ml.com) or the node operator's official site. + - **Alby**: `031b301307574bbe9b9ac7b79cbe1700e31e544513eae0b5d7497483083f99e581@hub.getalby.com:9735` - **ACINQ**: `03864ef025fde8fb587d989186ce6a4a186895ee44a926bfc370e2c366597a3f8f@3.33.236.230:9735`🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@FUNDING.md` around lines 39 - 42, Add a short freshness note under "Recommended Nodes" advising users to verify node URIs before use because IPs and endpoints can change (mention the Alby and ACINQ entries as examples) and optionally replace the static ACINQ IP with a link to a dynamic source or the provider's official node list (e.g., Alby/ACINQ docs or a live node directory) so readers can fetch up-to-date URIs.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@fund-from-coinbase.sh`:
- Around line 11-16: The read invocation that captures BTC_ADDRESS should use
the -r flag to prevent backslash interpretation; update the read command (the
line using read -p "Paste your Bitcoin address here: " BTC_ADDRESS) to include
-r (i.e., read -r -p ...) so user-supplied backslashes are not treated as escape
sequences before the subsequent BTC_ADDRESS emptiness check and exit logic.
- Around line 13-16: The script only checks BTC_ADDRESS for emptiness; add a
basic Bitcoin address format validation after the existing if [ -z
"$BTC_ADDRESS" ] check by testing the BTC_ADDRESS variable against a regex that
accepts common Bitcoin formats (legacy P2PKH starting with 1, P2SH starting with
3, and bech32 starting with bc1) and exit with an error message if it fails;
update the validation logic around the BTC_ADDRESS variable so clearly invalid
addresses are rejected before proceeding.
In `@FUNDING.md`:
- Around line 39-42: Add a short freshness note under "Recommended Nodes"
advising users to verify node URIs before use because IPs and endpoints can
change (mention the Alby and ACINQ entries as examples) and optionally replace
the static ACINQ IP with a link to a dynamic source or the provider's official
node list (e.g., Alby/ACINQ docs or a live node directory) so readers can fetch
up-to-date URIs.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: f258fc0d-e099-4f80-a574-12d25b432cfe
📒 Files selected for processing (2)
FUNDING.mdfund-from-coinbase.sh
|
Hi, thanks for your PR. Could this go into a subdirectory? (e.g. |
| @@ -0,0 +1,37 @@ | |||
| #!/usr/bin/env bash | |||
There was a problem hiding this comment.
I don't think we should add coinbase-specific stuff. Alby Hub has some onramp options already
|
Yes sure and also I have to remove some of the hard coded stuff
…On Fri, Mar 13, 2026, 23:19 Roland ***@***.***> wrote:
*rolznz* left a comment (getAlby/hub#2142)
<#2142 (comment)>
Hi, thanks for your PR. Could this go into a subdirectory? (e.g.
scripts/nix)
—
Reply to this email directly, view it on GitHub
<#2142 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD5KQ2N7UNKXIJGUZP6HFAT4QTFTBAVCNFSM6AAAAACWRJ6JB2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DANJZGMZDCOBSGI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
2 participants
Summary by CodeRabbit
Documentation
Chores