updated branding and some retooling

.gitignore.txt

@@ -0,0 +1,2 @@
+custom.nix
+role-state.nix

configuration.nix

@@ -3,7 +3,8 @@
 {
   imports = [
     ./modules/modules.nix
-    ./custom.nix
+    /etc/nixos/role-state.nix
+    /etc/nixos/custom.nix
     ./iso/branding.nix
   ];
 
@@ -153,13 +154,11 @@ backup	/etc/nix-bitcoin-secrets/	localhost/
     systemCronJobs = [
       "*/15 * * * * root /run/current-system/sw/bin/bash /var/lib/njalla/njalla.sh"
       "*/15 * * * * root /run/current-system/sw/bin/bash /var/lib/external_ip/external_ip.sh"
-      "0 0 * * 0 docker-user yes | /run/current-system/sw/bin/docker system prune -a"
     ];
   };
 
   # ── Tor ────────────────────────────────────────────────────
   services.tor = { enable = true; client.enable = true; torsocks.enable = true; };
-  services.privoxy.enableTor = true;
 
   # ── SSH ────────────────────────────────────────────────────
   services.openssh = {

custom.template.nix

@@ -10,7 +10,7 @@
   #                                                         #
   #  After making changes, rebuild with:                    #
   #                                                         #
-  #       nixos-rebuild switch --impure                     #
+  #       sudo nixos-rebuild switch --impure                #
   #                                                         #
   ###########################################################
 
@@ -19,25 +19,16 @@
   #  STEP 1: CHOOSE YOUR ROLE
   # ═══════════════════════════════════════════════════════════
   #
-  #  Pick ONE role by uncommenting it. If none is chosen,
+  #  Your initial role was selected during installation. 
-  #  you get the Server-Desktop role by default.
+  #  To CHANGE your role, uncomment exactly ONE of the lines below.
   #
-  #  Server-Desktop (default):
+  #  Server+Desktop: Full server + desktop environment
-  #    - Full server + desktop environment
+  #  Desktop Only: Desktop environment, no server services
-  #    - All services ON by default
+  #  Node (Bitcoin Only): Bitcoin ecosystem
-  #    - All features OFF by default
-  #
-  #  Desktop Only:
-  #    - Desktop environment, no server services
-  #    - All services OFF by default
-  #
-  #  Bitcoin Node Only:
-  #    - Bitcoin ecosystem, mempool, bip110
-  #    - BTCPay runs but is NOT exposed to the web
-  #    - All other services OFF by default
   #
   # ───────────────────────────────────────────────────────────
 
+  # sovran_systemsOS.roles.server_plus_desktop = true;
   # sovran_systemsOS.roles.desktop = true;
   # sovran_systemsOS.roles.node = true;
 
@@ -46,7 +37,7 @@
   #  STEP 2: SERVICES (default: ON)
   # ═══════════════════════════════════════════════════════════
   #
-  #  These are all ON by default in the Server-Desktop role.
+  #  These are all ON by default in the Server+Desktop role.
   #  Set any to "false" to disable it.
   #
   #  ┌─────────────────────┬────────────────────────────────┐
@@ -67,53 +58,41 @@
   #
   # ───────────────────────────────────────────────────────────
 
-  # sovran_systemsOS.services.synapse = false;
-  # sovran_systemsOS.services.bitcoin = false;
-  # sovran_systemsOS.services.vaultwarden = false;
   # sovran_systemsOS.services.wordpress = false;
-  # sovran_systemsOS.services.nextcloud = false;
 
 
   # ═══════════════════════════════════════════════════════════
   #  STEP 3: FEATURES (default: OFF)
   # ═══════════════════════════════════════════════════════════
   #
-  #  These are all OFF by default. Set to "true" to enable.
+  #  These are OFF by default. Set to "true" to enable.
   #
   #  ┌─────────────────────┬────────────────────────────────┐
   #  │ Feature              │ What it does                   │
   #  ├─────────────────────┼────────────────────────────────┤
-  #  │ haven                │ Haven NOSTR relay              │
+  #  │ haven                │ Haven NOSTR relay & Blossom    │
-  #  │                      │  (requires nostr_npub below)   │
-  #  │ element-calling      │ Element video/audio calls      │
-  #  │                      │  (LiveKit + lk-jwt-service)    │
-  #  │ mempool              │ Bitcoin Mempool Explorer        │
   #  │ bip110               │ BIP-110 Bitcoin Better Money   │
-  #  │ bitcoin-core         │ Bitcoin Core (standalone)       │
+  #  │ mempool              │ Mempool.space block explorer   │
+  #  │ element-calling      │ LiveKit server for Matrix      │
   #  │ rdp                  │ GNOME Remote Desktop (RDP)     │
-  #  └─────────────────────┴────────────────────────────────┘
+  #  │ bitcoin-core         │ Bitcoin Core GUI desktop app   │
+  #  └─────────────────────┴─────<E29480><E29480><EFBFBD>──────────────────────────┘
   #
-  #  Example — enable Haven and Element Calling:
+  #  Example — enable element video calling:
   #
-  #    sovran_systemsOS.features.haven = true;
   #    sovran_systemsOS.features.element-calling = true;
   #
   # ───────────────────────────────────────────────────────────
 
-  # sovran_systemsOS.features.haven = true;
   # sovran_systemsOS.features.element-calling = true;
-  # sovran_systemsOS.features.mempool = true;
-  # sovran_systemsOS.features.bip110 = true;
-  # sovran_systemsOS.features.bitcoin-core = true;
-  # sovran_systemsOS.features.rdp = true;
 
 
   # ═══════════════════════════════════════════════════════════
-  #  STEP 4: WEB EXPOSURE (controls Caddy reverse proxy)
+  #  STEP 4: WEB EXPOSURE (default: ON)
   # ═══════════════════════════════════════════════════════════
   #
-  #  These control whether a service gets a public Caddy
+  #  Controls whether Caddy serves this application to the web.
-  #  vhost. The service itself still runs regardless.
+  #  (Does not stop the application itself from running).
   #
   #  ┌─────────────────────┬────────────────────────────────┐
   #  │ Option               │ Default                        │
@@ -145,46 +124,4 @@
 
   # sovran_systemsOS.nostr_npub = "";
 
-
-  # ═══════════════════════════════════════════════════════════
-  #  QUICK REFERENCE — COMMON SETUPS
-  # ═══════════════════════════════════════════════════════════
-  #
-  #  ── Full Server (default, change nothing) ──────────────
-  #
-  #    All services ON, all features OFF.
-  #    Just leave this file as-is.
-  #
-  #
-  #  ── Server without WordPress ───────────────────────────
-  #
-  #    sovran_systemsOS.services.wordpress = false;
-  #
-  #
-  #  ── Server with Haven + Element Calling ────────────────
-  #
-  #    sovran_systemsOS.features.haven = true;
-  #    sovran_systemsOS.features.element-calling = true;
-  #    sovran_systemsOS.nostr_npub = "npub1your_key_here";
-  #
-  #
-  #  ── Bitcoin Node Only ──────────────────────────────────
-  #
-  #    sovran_systemsOS.roles.node = true;
-  #
-  #    (Gives you: bitcoind, electrs, lnd, rtl, btcpay,
-  #     mempool, bip110 — no web services)
-  #
-  #
-  #  ── Desktop Only (no server) ───────────────────────────
-  #
-  #    sovran_systemsOS.roles.desktop = true;
-  #
-  #
-  #  ── Node with BTCPay web access ────────────────────────
-  #
-  #    sovran_systemsOS.roles.node = true;
-  #    sovran_systemsOS.web.btcpayserver = true;
-  #
-  # ═══════════════════════════════════════════════════════════
 }

iso/installer.sh

@@ -14,7 +14,25 @@ human_size() {
   numfmt --to=iec --suffix=B "$1"
 }
 
-zenity --info --window-icon="$LOGO" --text="Sovran SystemsOS Installer\n\nWARNING:\nThis installer will ERASE ALL DATA on selected disks.\n\nPress OK to continue."
+# ── 1. WELCOME & ROLE SELECTION ──────────────────────────────────────────
+
+ROLE=$(zenity --list --radiolist \
+  --window-icon="$LOGO" \
+  --width=1000 --height=400 \
+  --title="Welcome to Sovran SystemsOS" \
+  --text="<span font='36' weight='heavy'>Sovran Systems</span>\n<span font='16' style='italic' foreground='#aaaaaa'>Be Digitally Sovereign</span>\n\nPlease select your preferred installation type:" \
+  --print-column=3 \
+  --column="Select" --column="Logo" --column="Role" --column="Description" \
+  TRUE "🖥️" "Server+Desktop" "Gives you the full Sovereign Experience. A beautiful, easy-to-use, powerful daily driver desktop computer plus your very own cloud, website, secure messaging, video calling, password manager, and full Bitcoin node with Bitcoin Lightning and non-KYC buying and selling." \
+  FALSE "💻" "Desktop Only" "The same beautiful, easy-to-use desktop experience, but just the desktop without the background server applications." \
+  FALSE "₿" "Node (Bitcoin-only)" "Full Bitcoin node with Bitcoin Lightning and non-KYC buying and selling." || true)
+
+if [ -z "$ROLE" ]; then
+  zenity --error --window-icon="$LOGO" --text="Installation cancelled."
+  exit 1
+fi
+
+# ── 2. FETCH DISKS ───────────────────────────────────────────────────────
 
 # Filter out USB drives and loop/cdrom devices so it doesn't try to install to the installation media
 mapfile -t DISKS < <(lsblk -b -dno NAME,SIZE,TYPE,RO,TRAN -e 7,11 | awk '$3=="disk" && $4=="0" && $5!="usb" {print $1":"$2}')
@@ -52,18 +70,6 @@ else
   SUMMARY="${SUMMARY}\nData disk: none"
 fi
 
-ROLE=$(zenity --list --radiolist \
-  --window-icon="$LOGO" \
-  --title="Choose Install Role" \
-  --column="" --column="Role" \
-  TRUE "Server-Desktop (default)" \
-  FALSE "Desktop" \
-  FALSE "Node (Bitcoin-only)" || true)
-
-if [ -z "$ROLE" ]; then
-  ROLE="Server-Desktop (default)"
-fi
-
 CONFIRM=$(zenity --entry --window-icon="$LOGO" --text="WARNING: This will ERASE ALL DATA on:\n\n${SUMMARY}\n\nType ERASE to continue.")
 if [ "$CONFIRM" != "ERASE" ]; then
   zenity --error --window-icon="$LOGO" --text="Install cancelled."
@@ -87,18 +93,34 @@ rm -rf /mnt/etc/nixos/*
 cp -a /etc/sovran/flake/* /mnt/etc/nixos/
 cp /tmp/hardware-configuration.nix /mnt/etc/nixos/hardware-configuration.nix
 
-cat > /mnt/etc/nixos/custom.nix <<EOF
+# ── 3. APPLY ROLE STATE & TEMPLATE ───────────────────────────────────────
+
+IS_SERVER="false"
+IS_DESKTOP="false"
+IS_NODE="false"
+
+case "$ROLE" in
+  "Server+Desktop") IS_SERVER="true" ;;
+  "Desktop Only") IS_DESKTOP="true" ;;
+  "Node (Bitcoin-only)") IS_NODE="true" ;;
+esac
+
+cat > /mnt/etc/nixos/role-state.nix <<EOF
+# THIS FILE IS AUTO-GENERATED BY THE INSTALLER. DO NOT EDIT.
+# To change your role later, edit custom.nix instead.
 { config, lib, ... }:
 {
-  sovran_systemsOS.roles.server-desktop = ${ROLE == "Server-Desktop (default)"};
+  sovran_systemsOS.roles.server_plus_desktop = lib.mkDefault ${IS_SERVER};
-  sovran_systemsOS.roles.desktop = ${ROLE == "Desktop"};
+  sovran_systemsOS.roles.desktop = lib.mkDefault ${IS_DESKTOP};
-  sovran_systemsOS.roles.node = ${ROLE == "Node (Bitcoin-only)"};
+  sovran_systemsOS.roles.node = lib.mkDefault ${IS_NODE};
 }
 EOF
 
-nixos-install --root /mnt --flake /mnt/etc/nixos#nixos
+# Copy the pristine custom.template.nix for the user to edit
+cp /mnt/etc/nixos/custom.template.nix /mnt/etc/nixos/custom.nix
 
-EOF
+
+# ── 4. FINAL INSTALL & REBOOT ────────────────────────────────────────────
 
 nixos-install --root /mnt --flake /mnt/etc/nixos#nixos
 

modules/core/role-logic.nix

@@ -3,8 +3,8 @@
 {
   config = lib.mkMerge [
 
-    # ── Server-Desktop Role (default) ─────────────────────────
+    # ── Server+Desktop Role (default) ─────────────────────────
-    (lib.mkIf config.sovran_systemsOS.roles.server-desktop {
+    (lib.mkIf config.sovran_systemsOS.roles.server_plus_desktop {
     })
 
     # ── Desktop Only Role ─────────────────────────────────────

modules/core/roles.nix

@@ -3,7 +3,7 @@
 {
   options.sovran_systemsOS = {
     roles = {
-      server-desktop = lib.mkOption {
+      server_plus_desktop = lib.mkOption {
         type = lib.types.bool;
         default = !config.sovran_systemsOS.roles.desktop && !config.sovran_systemsOS.roles.node;
       };