From e103bfbda84c5570f17c57dd13b28aa57da44cca Mon Sep 17 00:00:00 2001
From: Justin Moeller <jumoell@protonmail.com>
Date: Thu, 19 Mar 2026 05:02:51 -0500
Subject: [PATCH] App Submission: Fedimint Lightning Gateway (#4554)

---
 fedimint-gateway/data/entrypoint.sh |  9 ++++++
 fedimint-gateway/docker-compose.yml | 33 +++++++++++++++++++
 fedimint-gateway/umbrel-app.yml     | 50 +++++++++++++++++++++++++++++
 fedimintd/umbrel-app.yml            |  5 +--
 4 files changed, 95 insertions(+), 2 deletions(-)
 create mode 100755 fedimint-gateway/data/entrypoint.sh
 create mode 100644 fedimint-gateway/docker-compose.yml
 create mode 100644 fedimint-gateway/umbrel-app.yml

diff --git a/fedimint-gateway/data/entrypoint.sh b/fedimint-gateway/data/entrypoint.sh
new file mode 100755
index 00000000..0f9bd810
--- /dev/null
+++ b/fedimint-gateway/data/entrypoint.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# Bcrypt hash the password before giving it to the gateway
+export FM_GATEWAY_BCRYPT_PASSWORD_HASH=$(gateway-cli create-password-hash $APP_PASSWORD \
+  | sed 's/^"//; s/"$//' \
+  | sed 's/\$/$$/g'
+)
+
+gatewayd lnd
diff --git a/fedimint-gateway/docker-compose.yml b/fedimint-gateway/docker-compose.yml
new file mode 100644
index 00000000..68238f59
--- /dev/null
+++ b/fedimint-gateway/docker-compose.yml
@@ -0,0 +1,33 @@
+version: '3.7'
+
+services:
+  app_proxy:
+    environment:
+      APP_HOST: fedimint-gateway_gatewayd_1
+      APP_PORT: 8178 # ui
+
+  gatewayd:
+    image: fedimint/gatewayd:v0.10.0@sha256:4e9a41fe0f0705c463709fa34bdcbc4e29e396bb99ab5c2cc101fc5db2ac3069
+    restart: on-failure
+    ports:
+      - 8177:8177/udp # iroh
+    volumes:
+      - ${APP_DATA_DIR}/data:/data
+      - ${APP_LIGHTNING_NODE_DATA_DIR}:/lnd:ro
+    environment:
+      FM_GATEWAY_DATA_DIR: "/data"
+      FM_GATEWAY_NETWORK: ${APP_BITCOIN_NETWORK_ELECTRS}
+      FM_GATEWAY_LISTEN_ADDR: 0.0.0.0:8178
+      FM_GATEWAY_IROH_LISTEN_ADDR: 0.0.0.0:8177
+      APP_PASSWORD: "${APP_PASSWORD}"
+
+      # LND connection environment variables
+      FM_LND_RPC_ADDR: "https://${APP_LIGHTNING_NODE_IP}:${APP_LIGHTNING_NODE_GRPC_PORT}"
+      FM_LND_TLS_CERT: "/lnd/tls.cert"
+      FM_LND_MACAROON: "/lnd/data/chain/bitcoin/${APP_BITCOIN_NETWORK}/admin.macaroon"
+
+      # Bitcoind connection environment variables
+      FM_BITCOIND_USERNAME: ${APP_BITCOIN_RPC_USER}
+      FM_BITCOIND_PASSWORD: ${APP_BITCOIN_RPC_PASS}
+      FM_BITCOIND_URL: "http://${APP_BITCOIN_NODE_IP}:${APP_BITCOIN_RPC_PORT}"
+    entrypoint: /data/entrypoint.sh
diff --git a/fedimint-gateway/umbrel-app.yml b/fedimint-gateway/umbrel-app.yml
new file mode 100644
index 00000000..5b88d15a
--- /dev/null
+++ b/fedimint-gateway/umbrel-app.yml
@@ -0,0 +1,50 @@
+manifestVersion: 1
+id: fedimint-gateway
+category: bitcoin
+name: Fedimint Lightning Gateway
+version: "v0.10.0"
+tagline: Lightning routing for Fedimints
+description: >-
+  The Fedimint Lightning Gateway is an ecash wallet that connects Fedimint users to the broader Lightning Network. Operators can earn fees by providing outbound
+  and inbound Lightning liquidity via their existing LND node.
+
+  # Key Characteristics
+   - Trust Model: Just like a Lightning node, a Lightning Gateway is not a custodian of the payments it is routing. Lightning Gateways should trust the federations they provide liquidity services to, but users do not need to trust the Lightning Gateway.
+
+   - Multi-federation support: A single gateway can service multiple Fedimints simultaneously and swap ecash when payments occur between federations, bypassing the Lightning Network altogether.
+
+   - Liquidity Management: Also like a Lightning node, gateways must maintain ecash balances in each federation to facilitate incoming payments, similar to inbound liquidity in Lightning.
+
+  # Operating a Lightning Gateway
+
+  1. Installing a Lightning Gateway is easy, just one click and it connects to your already provisioned LND node!
+
+  2. Make sure your LND node has sufficient connectivity to the broader Lightning Network, ideally with balanced outbound and inbound liquidity.
+
+  3. Operators must then connect to a federation using the federation's invite code.
+
+  4. After connected, operators must pegin some ecash to the federation so that there is inbound liquidity.
+
+  5. After the operator has obtained the ecash, the connection URL of the Lightning Gateway can be provided to the guardians. The guardians will then advertise that this Lightning Gateway is providing Lightning services to the federation.
+    
+  6. All set! The Fedimint can now send and receive payments over the Lightning Network.
+  
+developer: Fedimint Developers
+website: https://fedimint.org/
+dependencies:
+  - bitcoin
+  - lightning
+repo: https://github.com/fedimint/fedimint
+support: https://github.com/fedimint/fedimint/issues
+port: 8178
+gallery:
+  - 1.jpg
+  - 2.jpg
+  - 3.jpg
+path: ""
+deterministicPassword: true
+defaultUsername: ""
+defaultPassword: ""
+submitter: Fedimint Developers
+submission: https://github.com/getumbrel/umbrel-apps/pull/4554
+releaseNotes: ""
diff --git a/fedimintd/umbrel-app.yml b/fedimintd/umbrel-app.yml
index b14b75dd..1d739ba6 100644
--- a/fedimintd/umbrel-app.yml
+++ b/fedimintd/umbrel-app.yml
@@ -43,9 +43,10 @@ description: >-
 
   Fedimint supports Lightning payments via a Lightning Gateway. To use Lightning in your federation, there are two options:
 
-  1. Use an existing Lightning Gateway. [Reach out on Discord to get setup](https://chat.fedimint.org).
+  1. Run your own! - [Deploy a Lightning Gateway on your Umbrel](https://apps.umbrel.com/app/fedimint-gateway).
+
+  2. Use an existing Lightning Gateway. [Reach out on Discord to get setup](https://chat.fedimint.org).
 
-  2. Run your own - [see Lightning Gateway docs for more information](https://github.com/fedimint/fedimint/blob/master/docs/gateway.md).
   
 developer: Fedimint Developers
 website: https://fedimint.org/