updated branding and some retooling

2026-03-29 07:13:22 -05:00
parent bea98d56b8
commit 33e3db9998
6 changed files with 66 additions and 106 deletions
--- a/.gitignore.txt
+++ b/.gitignore.txt
@@ -0,0 +1,2 @@
+custom.nix
+role-state.nix
--- a/configuration.nix
+++ b/configuration.nix
@@ -3,7 +3,8 @@
 {
  imports = [
    ./modules/modules.nix
-    ./custom.nix
+    /etc/nixos/role-state.nix
+    /etc/nixos/custom.nix
    ./iso/branding.nix
  ];

@@ -153,13 +154,11 @@ backup	/etc/nix-bitcoin-secrets/	localhost/
    systemCronJobs = [
      "*/15 * * * * root /run/current-system/sw/bin/bash /var/lib/njalla/njalla.sh"
      "*/15 * * * * root /run/current-system/sw/bin/bash /var/lib/external_ip/external_ip.sh"
-      "0 0 * * 0 docker-user yes | /run/current-system/sw/bin/docker system prune -a"
    ];
  };

  # ── Tor ────────────────────────────────────────────────────
  services.tor = { enable = true; client.enable = true; torsocks.enable = true; };
-  services.privoxy.enableTor = true;

  # ── SSH ────────────────────────────────────────────────────
  services.openssh = {
--- a/custom.template.nix
+++ b/custom.template.nix
@@ -10,7 +10,7 @@
  #                                                         #
  #  After making changes, rebuild with:                    #
  #                                                         #
-  #       nixos-rebuild switch --impure                     #
+  #       sudo nixos-rebuild switch --impure                #
  #                                                         #
  ###########################################################

@@ -19,25 +19,16 @@
  #  STEP 1: CHOOSE YOUR ROLE
  # ═══════════════════════════════════════════════════════════
  #
-  #  Pick ONE role by uncommenting it. If none is chosen,
-  #  you get the Server-Desktop role by default.
+  #  Your initial role was selected during installation. 
+  #  To CHANGE your role, uncomment exactly ONE of the lines below.
  #
-  #  Server-Desktop (default):
-  #    - Full server + desktop environment
-  #    - All services ON by default
-  #    - All features OFF by default
-  #
-  #  Desktop Only:
-  #    - Desktop environment, no server services
-  #    - All services OFF by default
-  #
-  #  Bitcoin Node Only:
-  #    - Bitcoin ecosystem, mempool, bip110
-  #    - BTCPay runs but is NOT exposed to the web
-  #    - All other services OFF by default
+  #  Server+Desktop: Full server + desktop environment
+  #  Desktop Only: Desktop environment, no server services
+  #  Node (Bitcoin Only): Bitcoin ecosystem
  #
  # ───────────────────────────────────────────────────────────

+  # sovran_systemsOS.roles.server_plus_desktop = true;
  # sovran_systemsOS.roles.desktop = true;
  # sovran_systemsOS.roles.node = true;

@@ -46,7 +37,7 @@
  #  STEP 2: SERVICES (default: ON)
  # ═══════════════════════════════════════════════════════════
  #
-  #  These are all ON by default in the Server-Desktop role.
+  #  These are all ON by default in the Server+Desktop role.
  #  Set any to "false" to disable it.
  #
  #  ┌─────────────────────┬────────────────────────────────┐
@@ -67,53 +58,41 @@
  #
  # ───────────────────────────────────────────────────────────

-  # sovran_systemsOS.services.synapse = false;
-  # sovran_systemsOS.services.bitcoin = false;
-  # sovran_systemsOS.services.vaultwarden = false;
  # sovran_systemsOS.services.wordpress = false;
-  # sovran_systemsOS.services.nextcloud = false;


  # ═══════════════════════════════════════════════════════════
  #  STEP 3: FEATURES (default: OFF)
  # ═══════════════════════════════════════════════════════════
  #
-  #  These are all OFF by default. Set to "true" to enable.
+  #  These are OFF by default. Set to "true" to enable.
  #
  #  ┌─────────────────────┬────────────────────────────────┐
  #  │ Feature              │ What it does                   │
  #  ├─────────────────────┼────────────────────────────────┤
-  #  │ haven                │ Haven NOSTR relay              │
-  #  │                      │  (requires nostr_npub below)   │
-  #  │ element-calling      │ Element video/audio calls      │
-  #  │                      │  (LiveKit + lk-jwt-service)    │
-  #  │ mempool              │ Bitcoin Mempool Explorer        │
+  #  │ haven                │ Haven NOSTR relay & Blossom    │
  #  │ bip110               │ BIP-110 Bitcoin Better Money   │
-  #  │ bitcoin-core         │ Bitcoin Core (standalone)       │
+  #  │ mempool              │ Mempool.space block explorer   │
+  #  │ element-calling      │ LiveKit server for Matrix      │
  #  │ rdp                  │ GNOME Remote Desktop (RDP)     │
-  #  └─────────────────────┴────────────────────────────────┘
+  #  │ bitcoin-core         │ Bitcoin Core GUI desktop app   │
+  #  └─────────────────────┴─────<E29480><E29480><EFBFBD>──────────────────────────┘
  #
-  #  Example — enable Haven and Element Calling:
+  #  Example — enable element video calling:
  #
-  #    sovran_systemsOS.features.haven = true;
  #    sovran_systemsOS.features.element-calling = true;
  #
  # ───────────────────────────────────────────────────────────

-  # sovran_systemsOS.features.haven = true;
  # sovran_systemsOS.features.element-calling = true;
-  # sovran_systemsOS.features.mempool = true;
-  # sovran_systemsOS.features.bip110 = true;
-  # sovran_systemsOS.features.bitcoin-core = true;
-  # sovran_systemsOS.features.rdp = true;


  # ═══════════════════════════════════════════════════════════
-  #  STEP 4: WEB EXPOSURE (controls Caddy reverse proxy)
+  #  STEP 4: WEB EXPOSURE (default: ON)
  # ═══════════════════════════════════════════════════════════
  #
-  #  These control whether a service gets a public Caddy
-  #  vhost. The service itself still runs regardless.
+  #  Controls whether Caddy serves this application to the web.
+  #  (Does not stop the application itself from running).
  #
  #  ┌─────────────────────┬────────────────────────────────┐
  #  │ Option               │ Default                        │
@@ -145,46 +124,4 @@

  # sovran_systemsOS.nostr_npub = "";

-
-  # ═══════════════════════════════════════════════════════════
-  #  QUICK REFERENCE — COMMON SETUPS
-  # ═══════════════════════════════════════════════════════════
-  #
-  #  ── Full Server (default, change nothing) ──────────────
-  #
-  #    All services ON, all features OFF.
-  #    Just leave this file as-is.
-  #
-  #
-  #  ── Server without WordPress ───────────────────────────
-  #
-  #    sovran_systemsOS.services.wordpress = false;
-  #
-  #
-  #  ── Server with Haven + Element Calling ────────────────
-  #
-  #    sovran_systemsOS.features.haven = true;
-  #    sovran_systemsOS.features.element-calling = true;
-  #    sovran_systemsOS.nostr_npub = "npub1your_key_here";
-  #
-  #
-  #  ── Bitcoin Node Only ──────────────────────────────────
-  #
-  #    sovran_systemsOS.roles.node = true;
-  #
-  #    (Gives you: bitcoind, electrs, lnd, rtl, btcpay,
-  #     mempool, bip110 — no web services)
-  #
-  #
-  #  ── Desktop Only (no server) ───────────────────────────
-  #
-  #    sovran_systemsOS.roles.desktop = true;
-  #
-  #
-  #  ── Node with BTCPay web access ────────────────────────
-  #
-  #    sovran_systemsOS.roles.node = true;
-  #    sovran_systemsOS.web.btcpayserver = true;
-  #
-  # ═══════════════════════════════════════════════════════════
 }
--- a/iso/installer.sh
+++ b/iso/installer.sh
@@ -14,7 +14,25 @@ human_size() {
  numfmt --to=iec --suffix=B "$1"
 }

-zenity --info --window-icon="$LOGO" --text="Sovran SystemsOS Installer\n\nWARNING:\nThis installer will ERASE ALL DATA on selected disks.\n\nPress OK to continue."
+# ── 1. WELCOME & ROLE SELECTION ──────────────────────────────────────────
+
+ROLE=$(zenity --list --radiolist \
+  --window-icon="$LOGO" \
+  --width=1000 --height=400 \
+  --title="Welcome to Sovran SystemsOS" \
+  --text="<span font='36' weight='heavy'>Sovran Systems</span>\n<span font='16' style='italic' foreground='#aaaaaa'>Be Digitally Sovereign</span>\n\nPlease select your preferred installation type:" \
+  --print-column=3 \
+  --column="Select" --column="Logo" --column="Role" --column="Description" \
+  TRUE "🖥️" "Server+Desktop" "Gives you the full Sovereign Experience. A beautiful, easy-to-use, powerful daily driver desktop computer plus your very own cloud, website, secure messaging, video calling, password manager, and full Bitcoin node with Bitcoin Lightning and non-KYC buying and selling." \
+  FALSE "💻" "Desktop Only" "The same beautiful, easy-to-use desktop experience, but just the desktop without the background server applications." \
+  FALSE "₿" "Node (Bitcoin-only)" "Full Bitcoin node with Bitcoin Lightning and non-KYC buying and selling." || true)
+
+if [ -z "$ROLE" ]; then
+  zenity --error --window-icon="$LOGO" --text="Installation cancelled."
+  exit 1
+fi
+
+# ── 2. FETCH DISKS ───────────────────────────────────────────────────────

 # Filter out USB drives and loop/cdrom devices so it doesn't try to install to the installation media
 mapfile -t DISKS < <(lsblk -b -dno NAME,SIZE,TYPE,RO,TRAN -e 7,11 | awk '$3=="disk" && $4=="0" && $5!="usb" {print $1":"$2}')
@@ -52,18 +70,6 @@ else
  SUMMARY="${SUMMARY}\nData disk: none"
 fi

-ROLE=$(zenity --list --radiolist \
-  --window-icon="$LOGO" \
-  --title="Choose Install Role" \
-  --column="" --column="Role" \
-  TRUE "Server-Desktop (default)" \
-  FALSE "Desktop" \
-  FALSE "Node (Bitcoin-only)" || true)
-
-if [ -z "$ROLE" ]; then
-  ROLE="Server-Desktop (default)"
-fi
-
 CONFIRM=$(zenity --entry --window-icon="$LOGO" --text="WARNING: This will ERASE ALL DATA on:\n\n${SUMMARY}\n\nType ERASE to continue.")
 if [ "$CONFIRM" != "ERASE" ]; then
  zenity --error --window-icon="$LOGO" --text="Install cancelled."
@@ -87,18 +93,34 @@ rm -rf /mnt/etc/nixos/*
 cp -a /etc/sovran/flake/* /mnt/etc/nixos/
 cp /tmp/hardware-configuration.nix /mnt/etc/nixos/hardware-configuration.nix

-cat > /mnt/etc/nixos/custom.nix <<EOF
+# ── 3. APPLY ROLE STATE & TEMPLATE ───────────────────────────────────────
+
+IS_SERVER="false"
+IS_DESKTOP="false"
+IS_NODE="false"
+
+case "$ROLE" in
+  "Server+Desktop") IS_SERVER="true" ;;
+  "Desktop Only") IS_DESKTOP="true" ;;
+  "Node (Bitcoin-only)") IS_NODE="true" ;;
+esac
+
+cat > /mnt/etc/nixos/role-state.nix <<EOF
+# THIS FILE IS AUTO-GENERATED BY THE INSTALLER. DO NOT EDIT.
+# To change your role later, edit custom.nix instead.
 { config, lib, ... }:
 {
-  sovran_systemsOS.roles.server-desktop = ${ROLE == "Server-Desktop (default)"};
-  sovran_systemsOS.roles.desktop = ${ROLE == "Desktop"};
-  sovran_systemsOS.roles.node = ${ROLE == "Node (Bitcoin-only)"};
+  sovran_systemsOS.roles.server_plus_desktop = lib.mkDefault ${IS_SERVER};
+  sovran_systemsOS.roles.desktop = lib.mkDefault ${IS_DESKTOP};
+  sovran_systemsOS.roles.node = lib.mkDefault ${IS_NODE};
 }
 EOF

-nixos-install --root /mnt --flake /mnt/etc/nixos#nixos
+# Copy the pristine custom.template.nix for the user to edit
+cp /mnt/etc/nixos/custom.template.nix /mnt/etc/nixos/custom.nix

-EOF
+
+# ── 4. FINAL INSTALL & REBOOT ────────────────────────────────────────────

 nixos-install --root /mnt --flake /mnt/etc/nixos#nixos

--- a/modules/core/role-logic.nix
+++ b/modules/core/role-logic.nix
@@ -3,8 +3,8 @@
 {
  config = lib.mkMerge [

-    # ── Server-Desktop Role (default) ─────────────────────────
-    (lib.mkIf config.sovran_systemsOS.roles.server-desktop {
+    # ── Server+Desktop Role (default) ─────────────────────────
+    (lib.mkIf config.sovran_systemsOS.roles.server_plus_desktop {
    })

    # ── Desktop Only Role ─────────────────────────────────────
--- a/modules/core/roles.nix
+++ b/modules/core/roles.nix
@@ -3,7 +3,7 @@
 {
  options.sovran_systemsOS = {
    roles = {
-      server-desktop = lib.mkOption {
+      server_plus_desktop = lib.mkOption {
        type = lib.types.bool;
        default = !config.sovran_systemsOS.roles.desktop && !config.sovran_systemsOS.roles.node;
      };