diff --git a/.gitignore.txt b/.gitignore.txt
new file mode 100644
index 0000000..e608e23
--- /dev/null
+++ b/.gitignore.txt
@@ -0,0 +1,2 @@
+custom.nix
+role-state.nix
diff --git a/configuration.nix b/configuration.nix
index a3d3848..712ca06 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -3,7 +3,8 @@
{
imports = [
./modules/modules.nix
- ./custom.nix
+ /etc/nixos/role-state.nix
+ /etc/nixos/custom.nix
./iso/branding.nix
];
@@ -153,13 +154,11 @@ backup /etc/nix-bitcoin-secrets/ localhost/
systemCronJobs = [
"*/15 * * * * root /run/current-system/sw/bin/bash /var/lib/njalla/njalla.sh"
"*/15 * * * * root /run/current-system/sw/bin/bash /var/lib/external_ip/external_ip.sh"
- "0 0 * * 0 docker-user yes | /run/current-system/sw/bin/docker system prune -a"
];
};
# ── Tor ────────────────────────────────────────────────────
services.tor = { enable = true; client.enable = true; torsocks.enable = true; };
- services.privoxy.enableTor = true;
# ── SSH ────────────────────────────────────────────────────
services.openssh = {
diff --git a/custom.nix b/custom.template.nix
similarity index 64%
rename from custom.nix
rename to custom.template.nix
index 98052ca..d50c99a 100644
--- a/custom.nix
+++ b/custom.template.nix
@@ -10,7 +10,7 @@
# #
# After making changes, rebuild with: #
# #
- # nixos-rebuild switch --impure #
+ # sudo nixos-rebuild switch --impure #
# #
###########################################################
@@ -19,25 +19,16 @@
# STEP 1: CHOOSE YOUR ROLE
# ═══════════════════════════════════════════════════════════
#
- # Pick ONE role by uncommenting it. If none is chosen,
- # you get the Server-Desktop role by default.
+ # Your initial role was selected during installation.
+ # To CHANGE your role, uncomment exactly ONE of the lines below.
#
- # Server-Desktop (default):
- # - Full server + desktop environment
- # - All services ON by default
- # - All features OFF by default
- #
- # Desktop Only:
- # - Desktop environment, no server services
- # - All services OFF by default
- #
- # Bitcoin Node Only:
- # - Bitcoin ecosystem, mempool, bip110
- # - BTCPay runs but is NOT exposed to the web
- # - All other services OFF by default
+ # Server+Desktop: Full server + desktop environment
+ # Desktop Only: Desktop environment, no server services
+ # Node (Bitcoin Only): Bitcoin ecosystem
#
# ───────────────────────────────────────────────────────────
+ # sovran_systemsOS.roles.server_plus_desktop = true;
# sovran_systemsOS.roles.desktop = true;
# sovran_systemsOS.roles.node = true;
@@ -46,7 +37,7 @@
# STEP 2: SERVICES (default: ON)
# ═══════════════════════════════════════════════════════════
#
- # These are all ON by default in the Server-Desktop role.
+ # These are all ON by default in the Server+Desktop role.
# Set any to "false" to disable it.
#
# ┌─────────────────────┬────────────────────────────────┐
@@ -67,53 +58,41 @@
#
# ───────────────────────────────────────────────────────────
- # sovran_systemsOS.services.synapse = false;
- # sovran_systemsOS.services.bitcoin = false;
- # sovran_systemsOS.services.vaultwarden = false;
# sovran_systemsOS.services.wordpress = false;
- # sovran_systemsOS.services.nextcloud = false;
# ═══════════════════════════════════════════════════════════
# STEP 3: FEATURES (default: OFF)
# ═══════════════════════════════════════════════════════════
#
- # These are all OFF by default. Set to "true" to enable.
+ # These are OFF by default. Set to "true" to enable.
#
# ┌─────────────────────┬────────────────────────────────┐
# │ Feature │ What it does │
# ├─────────────────────┼────────────────────────────────┤
- # │ haven │ Haven NOSTR relay │
- # │ │ (requires nostr_npub below) │
- # │ element-calling │ Element video/audio calls │
- # │ │ (LiveKit + lk-jwt-service) │
- # │ mempool │ Bitcoin Mempool Explorer │
+ # │ haven │ Haven NOSTR relay & Blossom │
# │ bip110 │ BIP-110 Bitcoin Better Money │
- # │ bitcoin-core │ Bitcoin Core (standalone) │
+ # │ mempool │ Mempool.space block explorer │
+ # │ element-calling │ LiveKit server for Matrix │
# │ rdp │ GNOME Remote Desktop (RDP) │
- # └─────────────────────┴────────────────────────────────┘
+ # │ bitcoin-core │ Bitcoin Core GUI desktop app │
+ # └─────────────────────┴─────���──────────────────────────┘
#
- # Example — enable Haven and Element Calling:
+ # Example — enable element video calling:
#
- # sovran_systemsOS.features.haven = true;
# sovran_systemsOS.features.element-calling = true;
#
# ───────────────────────────────────────────────────────────
- # sovran_systemsOS.features.haven = true;
# sovran_systemsOS.features.element-calling = true;
- # sovran_systemsOS.features.mempool = true;
- # sovran_systemsOS.features.bip110 = true;
- # sovran_systemsOS.features.bitcoin-core = true;
- # sovran_systemsOS.features.rdp = true;
# ═══════════════════════════════════════════════════════════
- # STEP 4: WEB EXPOSURE (controls Caddy reverse proxy)
+ # STEP 4: WEB EXPOSURE (default: ON)
# ═══════════════════════════════════════════════════════════
#
- # These control whether a service gets a public Caddy
- # vhost. The service itself still runs regardless.
+ # Controls whether Caddy serves this application to the web.
+ # (Does not stop the application itself from running).
#
# ┌─────────────────────┬────────────────────────────────┐
# │ Option │ Default │
@@ -145,46 +124,4 @@
# sovran_systemsOS.nostr_npub = "";
-
- # ═══════════════════════════════════════════════════════════
- # QUICK REFERENCE — COMMON SETUPS
- # ═══════════════════════════════════════════════════════════
- #
- # ── Full Server (default, change nothing) ──────────────
- #
- # All services ON, all features OFF.
- # Just leave this file as-is.
- #
- #
- # ── Server without WordPress ───────────────────────────
- #
- # sovran_systemsOS.services.wordpress = false;
- #
- #
- # ── Server with Haven + Element Calling ────────────────
- #
- # sovran_systemsOS.features.haven = true;
- # sovran_systemsOS.features.element-calling = true;
- # sovran_systemsOS.nostr_npub = "npub1your_key_here";
- #
- #
- # ── Bitcoin Node Only ──────────────────────────────────
- #
- # sovran_systemsOS.roles.node = true;
- #
- # (Gives you: bitcoind, electrs, lnd, rtl, btcpay,
- # mempool, bip110 — no web services)
- #
- #
- # ── Desktop Only (no server) ───────────────────────────
- #
- # sovran_systemsOS.roles.desktop = true;
- #
- #
- # ── Node with BTCPay web access ────────────────────────
- #
- # sovran_systemsOS.roles.node = true;
- # sovran_systemsOS.web.btcpayserver = true;
- #
- # ═══════════════════════════════════════════════════════════
}
diff --git a/iso/installer.sh b/iso/installer.sh
index 0f64e09..eeeeae1 100644
--- a/iso/installer.sh
+++ b/iso/installer.sh
@@ -14,7 +14,25 @@ human_size() {
numfmt --to=iec --suffix=B "$1"
}
-zenity --info --window-icon="$LOGO" --text="Sovran SystemsOS Installer\n\nWARNING:\nThis installer will ERASE ALL DATA on selected disks.\n\nPress OK to continue."
+# ── 1. WELCOME & ROLE SELECTION ──────────────────────────────────────────
+
+ROLE=$(zenity --list --radiolist \
+ --window-icon="$LOGO" \
+ --width=1000 --height=400 \
+ --title="Welcome to Sovran SystemsOS" \
+ --text="Sovran Systems\nBe Digitally Sovereign\n\nPlease select your preferred installation type:" \
+ --print-column=3 \
+ --column="Select" --column="Logo" --column="Role" --column="Description" \
+ TRUE "🖥️" "Server+Desktop" "Gives you the full Sovereign Experience. A beautiful, easy-to-use, powerful daily driver desktop computer plus your very own cloud, website, secure messaging, video calling, password manager, and full Bitcoin node with Bitcoin Lightning and non-KYC buying and selling." \
+ FALSE "💻" "Desktop Only" "The same beautiful, easy-to-use desktop experience, but just the desktop without the background server applications." \
+ FALSE "₿" "Node (Bitcoin-only)" "Full Bitcoin node with Bitcoin Lightning and non-KYC buying and selling." || true)
+
+if [ -z "$ROLE" ]; then
+ zenity --error --window-icon="$LOGO" --text="Installation cancelled."
+ exit 1
+fi
+
+# ── 2. FETCH DISKS ───────────────────────────────────────────────────────
# Filter out USB drives and loop/cdrom devices so it doesn't try to install to the installation media
mapfile -t DISKS < <(lsblk -b -dno NAME,SIZE,TYPE,RO,TRAN -e 7,11 | awk '$3=="disk" && $4=="0" && $5!="usb" {print $1":"$2}')
@@ -52,18 +70,6 @@ else
SUMMARY="${SUMMARY}\nData disk: none"
fi
-ROLE=$(zenity --list --radiolist \
- --window-icon="$LOGO" \
- --title="Choose Install Role" \
- --column="" --column="Role" \
- TRUE "Server-Desktop (default)" \
- FALSE "Desktop" \
- FALSE "Node (Bitcoin-only)" || true)
-
-if [ -z "$ROLE" ]; then
- ROLE="Server-Desktop (default)"
-fi
-
CONFIRM=$(zenity --entry --window-icon="$LOGO" --text="WARNING: This will ERASE ALL DATA on:\n\n${SUMMARY}\n\nType ERASE to continue.")
if [ "$CONFIRM" != "ERASE" ]; then
zenity --error --window-icon="$LOGO" --text="Install cancelled."
@@ -87,18 +93,34 @@ rm -rf /mnt/etc/nixos/*
cp -a /etc/sovran/flake/* /mnt/etc/nixos/
cp /tmp/hardware-configuration.nix /mnt/etc/nixos/hardware-configuration.nix
-cat > /mnt/etc/nixos/custom.nix < /mnt/etc/nixos/role-state.nix <