diff --git a/For_NEW_Sovran_Pros_Upload/flake.nix b/For_NEW_Sovran_Pros_Upload/flake.nix
new file mode 100644
index 0000000..7d9c4e8
--- /dev/null
+++ b/For_NEW_Sovran_Pros_Upload/flake.nix
@@ -0,0 +1,14 @@
+{
+ description = "The Ultimate Sovran Pro Configuration from Sovran Systems";
+
+ inputs = {
+ Sovran_Systems.url = "git+https://git.sovransystems.com/Sovran_Systems/Sovran_Pro";
+ };
+
+ outputs = { self, Sovran_Systems, ... }@inputs: {
+ nixosConfigurations."nixos" = Sovran_Systems.inputs.nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [ Sovran_Systems.nixosModules.Sovran_Pro ];
+ };
+ };
+}
\ No newline at end of file
diff --git a/For_NEW_Sovran_Pros_Upload/sp b/For_NEW_Sovran_Pros_Upload/sp
new file mode 100644
index 0000000..701e52e
--- /dev/null
+++ b/For_NEW_Sovran_Pros_Upload/sp
@@ -0,0 +1,197 @@
+#!/usr/bin/env bash
+
+GREEN="\e[32m"
+LIGHTBLUE="\e[94m"
+ENDCOLOR="\e[0m"
+
+#
+
+pushd /etc/nixos/
+
+sudo wget https://git.sovransystems.com/Sovran_Systems/Sovran_Pro/raw/branch/main/For_NEW_Sovran_Pros_Upload/flake.nix
+
+sudo chown root:root /etc/nixos/ -R
+
+sudo chmod 770 /etc/nixos/ -R
+
+popd
+
+#
+
+sudo rsync -av -e "ssh -i /root/sovransystems" root@192.168.1.32:/home/ /home
+
+sudo rsync -av -e "ssh -i /root/sovransystems" root@192.168.1.32:/var/lib/www/ /var/lib/www
+
+sudo rsync -av -e "ssh -i /root/sovransystems" root@192.168.1.32:/var/lib/domains/ /var/lib/domains
+
+sudo rsync -av -e "ssh -i /root/sovransystems" root@192.168.1.32:/var/lib/nextcloudaddition/ /var/lib/nextcloudaddition
+
+sudo rsync -av -e "ssh -i /root/sovransystems" root@192.168.1.32:/var/lib/njalla/ /var/lib/njalla
+
+sudo rsync -av -e "ssh -i /root/sovransystems" root@192.168.1.32:/var/lib/external_ip/ /var/lib/external_ip
+
+sudo rsync -av -e "ssh -i /root/sovransystems" root@192.168.1.32:/var/lib/secrets/ /var/lib/secrets
+
+#
+
+nixos-rebuild switch --flake '/etc/nixos/#' --impure --update-input Sovran_Systems --commit-lock-file
+
+#
+
+sudo chown root:root /var/lib/secrets/main -R
+
+sudo chown matrix-synapse:matrix-synapse /var/lib/secrets/matrix_reg_secret -R
+
+sudo chown matrix-synapse:matrix-synapse /var/lib/secrets/matrixdb -R
+
+sudo chown postgres:postgres /var/lib/secrets/nextclouddb -R
+
+sudo chown turnserver:turnserver /var/lib/secrets/turn -R
+
+sudo chown mysql:mysql /var/lib/secrets/wordpressdb -R
+
+sudo chmod 770 /var/lib/secrets/ -R
+
+#
+
+sudo echo -e "${GREEN}What is your New Matrix (Element Chat) domain name?${ENDCOLOR}"
+read
+sudo echo -n $REPLY > /var/lib/domains/matrix
+
+sudo echo -e "${GREEN}What is your New Wordpress domain name?${ENDCOLOR}"
+read
+sudo echo -n $REPLY > /var/lib/domains/wordpress
+
+sudo echo -e "${GREEN}What is your New Nextcloud domain name?${ENDCOLOR}"
+read
+sudo echo -n $REPLY > /var/lib/domains/nextcloud
+
+sudo echo -e "${GREEN}What is your New BTCPayserver domain name?${ENDCOLOR}"
+read
+sudo echo -n $REPLY > /var/lib/domains/btcpayserver
+
+sudo echo -e "${GREEN}What is your New Vaultwarden domain name?${ENDCOLOR}"
+read
+sudo echo -n $REPLY > /var/lib/domains/vaultwarden
+
+sudo echo -e "${GREEN}What is the email you would like to use to manage the SSL certificates for your domains?${ENDCOLOR}"
+read
+sudo echo -n $REPLY > /var/lib/domains/sslemail
+
+
+sudo chown caddy:php /var/lib/domains -R
+
+sudo chmod 770 /var/lib/domains -R
+
+#
+
+set -x
+
+
+sudo rm -rf /home/free/.config/BraveSoftware
+
+sudo rm -rf /home/free/.local/share/fish/fish_history
+
+#
+
+sudo rm -rf /var/lib/www/wordpress/wp-config.php
+
+sudo rm -rf /var/lib/www/nextcloud/config/config.php
+
+sudo touch /var/lib/www/nextcloud/config/CAN_INSTALL
+
+sudo sed -i '$e cat /var/lib/nextcloudaddition/nextcloudaddition' /var/lib/www/nextcloud/config/config.php
+
+
+sudo chown caddy:php /var/lib/www -R
+
+sudo chmod 770 /var/lib/www -R
+
+#
+
+sudo mkdir /var/lib/nextcloud
+
+sudo chown caddy:php /var/lib/nextcloud -R
+
+sudo chmod 770 /var/lib/nextcloud -R
+
+#
+
+sudo mkdir /var/lib/coturn
+
+sudo chown turnserver:turnserver /var/lib/coturn -R
+
+sudo chmod 770 /var/lib/coturn -R
+
+#
+
+sudo touch /var/lib/vaultwarden.env
+
+sudo chown vaultwarden:vaultwarden /var/lib/vaultwarden.env
+
+sudo chmod 770 /var/lib/vaultwarden.env
+
+#
+
+sudo echo -n $(pwgen -s 17 -1) > /var/lib/secrets/nextclouddb
+sudo echo -n $(pwgen -s 17 -1) > /var/lib/secrets/wordpressdb
+sudo echo -n $(pwgen -s 17 -1) > /var/lib/secrets/matrixdb
+sudo echo -n $(pwgen -s 17 -1) > /var/lib/secrets/turn
+sudo echo -n $(pwgen -s 17 -1) > /var/lib/secrets/matrix_reg_secret
+sudo echo -n $(pwgen -s 17 -1) > /var/lib/secrets/main
+sudo echo -n ADMIN_TOKEN=$(openssl rand -base64 48
+) > /var/lib/vaultwarden.env
+
+#
+
+sudo echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512
+
+#
+
+flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+flatpak update
+
+#
+
+sudo echo "free:a" | chpasswd -c SHA512
+
+#
+
+sudo rm -rf /root/sp
+
+sudo rm -rf /root/Step_2_psp
+
+sudo rm -rf /root/.ssh
+
+sudo rm -rf /home/free/.ssh
+
+sudo rm -rf /root/sovransystems
+
+
+sudo chown bitcoin:bitcoin /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R
+
+sudo chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R
+
+sudo chown electrs:electrs /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R
+
+sudo chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R
+
+nixos-rebuild switch --flake '/etc/nixos/#' --impure --update-input Sovran_Systems --commit-lock-file
+
+
+#
+
+set +x
+
+sudo echo -e "${GREEN}These four passwords are generated for convenience to use for the Web front end setup UI accounts for Nextcloud, Wordpress, VaultWarden, and BTCPayserver (if you want to use them).${ENDCOLOR} \n"
+
+sudo echo -e "$(pwgen -s 17 -1) \n"
+sudo echo -e "$(pwgen -s 17 -1) \n"
+sudo echo -e "$(pwgen -s 17 -1) \n"
+sudo echo -e "$(pwgen -s 17 -1) \n"
+
+#
+
+sudo echo -e "${LIGHTBLUE}One last thing, you need to put the Njalla DDNS info from Njalla into njalla.sh.${ENDCOLOR} \n"
+
+sudo echo -e "${GREEN}All Finished! Please Reboot then Enjoy your New Sovran Pro!${ENDCOLOR} \n"
\ No newline at end of file
diff --git a/README.md b/README.md
index b8fcfa8..62621c7 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,29 @@
-# Sovran_SystemsOS
+
+
-The Official Repository of Sovran_SystemsOS.
\ No newline at end of file
+
+
+
+
+
+# Complete Configuration for Sovran_SystemsOS and the Sovran Pro
+________________________________________________________
+
+A Nix Flake Implementation
+
+Thanks to all the NixOS creators and developers for creating what is the future of computing.
+
+https://www.sovransystems.com
+
+Connect on Matrix here: https://matrix.to/#/#sovran-systems:anarchyislove.xyz
+
+_________________________________________________________
+GNU GPL 3.0+
+
+All Open Source Software Used Falls Under Its Specific Open Source License.
+
+Created, Handcrafted, and Headquartered in Southern California – 2022-2023 🏖️.
+
+This Gitea is Proudly Powered by a Sovran Pro 💚.
+
+All Is Love. Fear Is Illusion. All Beings Are Free. Truth Can Never Be Destroyed.
\ No newline at end of file
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..8a39b31
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,122 @@
+{
+ "nodes": {
+ "extra-container": {
+ "inputs": {
+ "flake-utils": [
+ "nix-bitcoin",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nix-bitcoin",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1678566036,
+ "narHash": "sha256-dq+gCYplCTkbHOH1ERCzuTnwY/RvwMyw/kijPy7C3vE=",
+ "owner": "erikarvstedt",
+ "repo": "extra-container",
+ "rev": "a4fe3227bf63bf8479938e1457ebe1c04fe51ef5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "erikarvstedt",
+ "repo": "extra-container",
+ "type": "github"
+ }
+ },
+ "flake-utils": {
+ "locked": {
+ "lastModified": 1678901627,
+ "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "nix-bitcoin": {
+ "inputs": {
+ "extra-container": "extra-container",
+ "flake-utils": "flake-utils",
+ "nixpkgs": "nixpkgs",
+ "nixpkgs-unstable": "nixpkgs-unstable"
+ },
+ "locked": {
+ "lastModified": 1679384842,
+ "narHash": "sha256-SMJW+QZt3iRuoezjE12sopBsdLHDihXe/RerLfRpqoI=",
+ "owner": "fort-nix",
+ "repo": "nix-bitcoin",
+ "rev": "481050bdf75106bff652016bfe5c39736bdd03ef",
+ "type": "github"
+ },
+ "original": {
+ "owner": "fort-nix",
+ "ref": "release",
+ "repo": "nix-bitcoin",
+ "type": "github"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1679139072,
+ "narHash": "sha256-Gtw2Yj8DfETie3u7iHv1y5Wt+plGRmp6nTQ0EEfaPho=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "08ef7dc8334521605a5c8b7086cc248e74ee338b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-22.11",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-unstable": {
+ "locked": {
+ "lastModified": 1679198465,
+ "narHash": "sha256-VfXpHpniNWgg7pBzxb20pRX7kqn80LApPDQYTReiFCw=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "5a05160f7671434e1c833b1b01284b876e04eca4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1681217261,
+ "narHash": "sha256-RbxCHWN3Vhyv/WEsXcJlDwF7bpvZ9NxDjfSouQxXEKo=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "3fb8eedc450286d5092e4953118212fa21091b3b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "nix-bitcoin": "nix-bitcoin",
+ "nixpkgs": "nixpkgs_2"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
\ No newline at end of file
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..243b4e3
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,28 @@
+{
+ description = "The Ultimate Sovran Pro Configuration from Sovran Systems";
+
+ inputs = {
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+ nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release";
+ };
+
+ outputs = { self, nixpkgs, nix-bitcoin, ... }:
+ {
+
+ nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+ system ="x86_64-linux";
+ };
+
+ nixosModules.Sovran_Pro = { pkgs, ... }: {
+
+ imports = [
+
+ ./modules/modules.nix
+
+ nix-bitcoin.nixosModules.default
+
+ ];
+ };
+ };
+}
\ No newline at end of file
diff --git a/modules/bitcoinecosystem.nix b/modules/bitcoinecosystem.nix
new file mode 100644
index 0000000..0f8e45d
--- /dev/null
+++ b/modules/bitcoinecosystem.nix
@@ -0,0 +1,76 @@
+{ config, pkgs, lib, ... }:
+
+{
+ nix-bitcoin.generateSecrets = true;
+
+ services.bitcoind = {
+ enable = true;
+ dataDir = "/run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node";
+ txindex = true;
+ tor.proxy = true;
+ disablewallet = true;
+ extraConfig = ''
+ peerbloomfilters=1
+ server=1
+ '';
+ };
+
+ nix-bitcoin.onionServices.bitcoind.enable = true;
+ nix-bitcoin.onionServices.electrs.enable = true;
+
+ services.lnd = {
+ enable = true;
+ };
+
+ services.lightning-loop = {
+ enable = true;
+ };
+
+ services.lightning-pool = {
+ enable = true;
+ };
+
+ services.rtl = {
+ enable = true;
+ port = 3050;
+ nightTheme = true;
+ nodes = {
+ lnd = {
+ enable = true;
+ loop = true;
+ };
+ reverseOrder = true;
+ };
+ };
+
+ nix-bitcoin.onionServices.lnd.public = true;
+ services.lnd.lndconnect = {
+ enable = true;
+ onion = true;
+ };
+ services.charge-lnd.enable = true;
+
+ services.btcpayserver.lightningBackend = "lnd";
+
+
+ services.electrs = {
+ enable = true;
+ tor.enforce = true;
+ dataDir = "/run/media/Second_Drive/BTCEcoandBackup/Electrs_Data";
+ };
+
+
+ services.btcpayserver = {
+ enable = true;
+ };
+
+
+ nix-bitcoin.nodeinfo.enable = true;
+
+
+ nix-bitcoin.operator = {
+ enable = true;
+ name = "free";
+ };
+
+}
diff --git a/modules/configuration.nix b/modules/configuration.nix
new file mode 100644
index 0000000..bf43b2e
--- /dev/null
+++ b/modules/configuration.nix
@@ -0,0 +1,434 @@
+{ config, pkgs, lib, ... }:
+
+
+let
+ personalization = import ./personalization.nix;
+
+
+ custom-php = pkgs.php81.buildEnv {
+ extensions = { enabled, all }: enabled ++ (with all; [ apcu imagick memcached ]);
+ extraConfig = ''
+ display_errors = On
+ display_startup_errors = On
+ max_execution_time = 6000
+ max_input_time = 3000
+ memory_limit = 8G;
+ opcache.enable=1;
+ opcache.memory_consumption=512;
+ opcache_revalidate_freq = 240;
+ opcache.max_accelerated_files=4000;
+ auto_prepend_file = '/var/lib/www/wordpress/wordfence-waf.php'
+ post_max_size = 2048M
+ upload_max_filesize = 2048M
+ opcache.interned_strings_buffer = 32
+ apc.enable_cli=1
+ '';
+ };
+in
+{
+ # Bootloader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.efi.efiSysMountPoint = "/boot/efi";
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+
+ # Enable Automount without Fail for Internal Drive.
+ fileSystems."/run/media/Second_Drive" = {
+ device = "LABEL=BTCEcoandBackup";
+ fsType = "ext4";
+ options = [ "nofail" ];
+ };
+
+ nix = {
+ package = pkgs.nixUnstable;
+ extraOptions = ''
+ experimental-features = nix-command flakes
+ '';
+ };
+
+ networking.hostName = "nixos"; # Define your hostname.
+ # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+
+ # Enable networking
+ networking.networkmanager.enable = true;
+
+ # Set your time zone.
+ time.timeZone = "America/Los_Angeles";
+
+ # Select internationalisation properties.
+ i18n.defaultLocale = "en_US.UTF-8";
+
+ # Enable the X11 windowing system.
+ services.xserver.enable = true;
+
+ # Enable the GNOME Desktop Environment.
+ services.xserver.displayManager.gdm.enable = true;
+ services.xserver.desktopManager.gnome.enable = true;
+
+ # Configure keymap in X11
+ services.xserver = {
+ layout = "us";
+ xkbVariant = "";
+ };
+
+ # Enable CUPS to print documents.
+ services.printing.enable = true;
+
+ # Systemd Settings
+ systemd.enableEmergencyMode = false;
+
+ # Enable sound with pipewire.
+ sound.enable = true;
+ hardware.pulseaudio.enable = false;
+ security.rtkit.enable = true;
+ services.pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ };
+
+ users.users = {
+ free = {
+ isNormalUser = true;
+ description = "free";
+ extraGroups = [ "networkmanager" ];
+ };
+
+
+####### PHP user for PHPFPM #######
+ php = {
+ isSystemUser = true;
+ createHome = false;
+ uid = 7777;
+ };
+ };
+
+ users.users.php.group = "php";
+ users.groups.php = {};
+
+
+
+ # Enable automatic login for the user.
+ services.xserver.displayManager.autoLogin.enable = true;
+ services.xserver.displayManager.autoLogin.user = "free";
+
+ # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
+ systemd.services."getty@tty1".enable = true;
+ systemd.services."autovt@tty1".enable = true;
+
+ # Allow Flatpak
+ services.flatpak.enable = true;
+
+ # Allow unfree packages
+ nixpkgs.config.allowUnfree = true;
+
+ # List packages installed in system profile. To search, run:
+ # $ nix search wget
+ environment.systemPackages = with pkgs; [
+ git
+ wget
+ librewolf
+ fish
+ htop
+ gnomeExtensions.dash-to-dock-for-cosmic
+ gnomeExtensions.vitals
+ gnomeExtensions.pop-shell
+ gnomeExtensions.transparent-top-bar
+ gnomeExtensions.just-perfection
+ gnomeExtensions.appindicator
+ gnomeExtensions.systemd-manager
+ gnome.gnome-tweaks
+ papirus-icon-theme
+ ranger
+ gnome.gnome-tweaks
+ sparrow
+ bisq-desktop
+ neofetch
+ gnome.gedit
+ matrix-synapse
+ openssl
+ pwgen
+ aspell
+ aspellDicts.en
+ lm_sensors
+ hunspell
+ hunspellDicts.en_US
+ custom-php
+ matrix-synapse-tools.synadm
+ brave
+ ncdu_2
+ bitwarden
+ gparted
+ pv
+ unzip
+ parted
+ screen
+ gnome.zenity
+
+ ];
+
+ nixpkgs.config.permittedInsecurePackages = [
+ "nodejs-16.20.0"
+ "nodejs-slim-16.20.0"
+ ];
+
+
+ programs.bash.promptInit = "fish";
+ programs.fish = {
+ enable = true;
+ promptInit = "neofetch";
+ };
+
+
+####### PHPFMP #######
+ services.phpfpm.pools = {
+ mypool = {
+ user = "caddy";
+ group = "php";
+ phpPackage = custom-php;
+ settings = {
+ "pm" = "dynamic";
+ "pm.max_children" = 75;
+ "pm.start_servers" = 10;
+ "pm.min_spare_servers" = 5;
+ "pm.max_spare_servers" = 20;
+ "pm.max_requests" = 500;
+ "clear_env" = "no";
+ };
+ };
+ };
+
+
+
+####### CADDY #######
+ services.caddy = {
+ enable = true;
+ package = pkgs.caddy;
+ user = "caddy";
+ group = "root";
+ email = "${personalization.caddy_email_for_zerossl}";
+ acmeCA = "https://acme.zerossl.com/v2/DV90";
+ virtualHosts = {
+ "${personalization.wordpress_url}" = {
+ extraConfig = ''
+ encode gzip zstd
+ root * /var/lib/www/wordpress
+ php_fastcgi unix//run/phpfpm/mypool.sock
+ file_server browse
+ '';
+ };
+
+ "www.${personalization.wordpress_url}" = {
+ extraConfig = ''
+ encode gzip zstd
+ root * /var/lib/www/wordpress
+ php_fastcgi unix//run/phpfpm/mypool.sock
+ file_server browse
+ '';
+ };
+
+ "${personalization.nextcloud_url}" = {
+ extraConfig = ''
+ encode gzip zstd
+ root * /var/lib/www/nextcloud
+ php_fastcgi unix//run/phpfpm/mypool.sock
+ file_server
+ redir /.well-known/carddav /remote.php/carddav 301
+ redir /.well-known/caldav /remote.php/caldav 301
+ header {
+ Strict-Transport-Security max-age=31536000;
+ }
+ '';
+ };
+
+ "${personalization.matrix_url}" = {
+ extraConfig = ''
+ reverse_proxy /_matrix/* http://localhost:8008
+ reverse_proxy /_synapse/client/* http://localhost:8008
+ '';
+ };
+
+ "${personalization.matrix_url}:8448" = {
+ extraConfig = ''
+ reverse_proxy http://localhost:8008
+ '';
+ };
+
+ "${personalization.btcpayserver_url}" = {
+ extraConfig = ''
+ reverse_proxy http://localhost:23000
+ encode gzip zstd
+ '';
+ };
+
+ "https://${personalization.vaultwarden_url}" = {
+ extraConfig = ''
+ reverse_proxy http://localhost:8777
+ encode gzip zstd
+ '';
+ };
+
+ ":3051" = {
+ extraConfig = ''
+ reverse_proxy :3050
+ encode gzip zstd
+ tls internal
+ '';
+ };
+ };
+ };
+
+
+###### CREATE DATABASE (WORDPRESS, MATRIX_SYNAPSE, AND NEXTCLOUD) #######
+ services.postgresql = {
+ enable = true;
+ package = pkgs.postgresql_14;
+ };
+
+ services.postgresql.authentication = lib.mkForce ''
+ # Generated file; do not edit!
+ # TYPE DATABASE USER ADDRESS METHOD
+ local all all trust
+ host all all 127.0.0.1/32 trust
+ host all all ::1/128 trust
+ '';
+
+
+ services.mysql = {
+ enable = true;
+ package = pkgs.mariadb_1011;
+ };
+
+ services.postgresql.initialScript = pkgs.writeText "begin-init.sql" ''
+ CREATE ROLE "ncusr" WITH LOGIN PASSWORD '${personalization.nextclouddb_pass}';
+ CREATE DATABASE "nextclouddb" WITH OWNER "ncusr"
+ TEMPLATE template0
+ LC_COLLATE = "C"
+ LC_CTYPE = "C";
+
+
+ CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${personalization.matrix-synapsedb_pass}';
+ CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
+ TEMPLATE template0
+ LC_COLLATE = "C"
+ LC_CTYPE = "C";
+
+ ''
+ ;
+
+ services.mysql.initialScript = pkgs.writeText "wordpress-init.sql" ''
+ CREATE DATABASE wordpressdb;
+ GRANT ALL ON *.* TO 'wpusr'@'localhost' IDENTIFIED BY '${personalization.wordpressdb_pass}';
+ FLUSH PRIVILEGES;
+ ''
+ ;
+
+
+
+####### KEEP AWAKE for DISPLAY and HEADLESS #######
+ services.xserver.displayManager.gdm.autoSuspend = false;
+
+
+
+####### BACKUP TO INTERNAL DRIVE #######
+ services.rsnapshot = {
+ enable = true;
+ extraConfig = ''
+snapshot_root /run/media/Second_Drive/BTCEcoandBackup/NixOS_Snapshot_Backup
+retain hourly 12
+retain daily 12
+backup /home/ localhost/
+backup /var/lib/ localhost/
+backup /etc/nixos/ localhost/
+backup /etc/nix-bitcoin-secrets/ localhost/
+ '';
+ cronIntervals = {
+ daily = "50 21 * * *";
+ hourly = "0 * * * *";
+ };
+ };
+
+
+
+####### CRON #######
+ services.cron = {
+ enable = true;
+ systemCronJobs = [
+ "*/5 * * * * caddy /run/current-system/sw/bin/php -f /var/lib/www/nextcloud/cron.php"
+ "15 * * * * root /var/lib/njalla/njalla.sh"
+ "0 */2 * * * root /var/lib/external_ip/external_ip.sh"
+ ];
+ };
+
+
+####### TOR #######
+ services.tor = {
+ enable = true;
+ client.enable = true;
+ torsocks.enable = true;
+ };
+ services.privoxy.enableTor = true;
+
+
+
+
+####### Enable the OpenSSH daemon #######
+ services.openssh = {
+ enable = true;
+ settings = {
+ PasswordAuthentication = false;
+ KbdInteractiveAuthentication = false;
+ PermitRootLogin = "yes";
+ };
+ };
+
+
+#######FailtoBan#######
+ services.fail2ban = {
+ enable = true;
+ ignoreIP = [
+ "127.0.0.0/8"
+ "10.0.0.0/8"
+ "172.16.0.0/12"
+ "192.168.0.0/16"
+ "8.8.8.8"
+ ];
+ };
+
+
+####### Open ports in the firewall #######
+ networking.firewall.allowedTCPPorts = [ 80 443 5349 8448 3050 3051 ];
+ networking.firewall.allowedUDPPorts = [ 80 443 5349 8448 3050 3051 ];
+ networking.firewall.allowedUDPPortRanges = [
+ { from=49152; to=65535; } # TURN relay
+ ];
+
+ # Or disable the firewall altogether.
+ networking.firewall.enable = true;
+
+
+
+
+####### AUTO UPDATE #######
+# system.autoUpgrade = {
+# enable = true;
+# flags = [ "--impure" "--update-input" "Sovran_Systems" "--commit-lock-file" ];
+# flake = "/etc/nixos";
+# persistent = true;
+# allowReboot = true;
+# rebootWindow = { lower = "02:00"; upper = "05:00"; };
+# };
+
+
+
+####### AUTO COLLECT GARABAGE #######
+ nix.gc = {
+ automatic = true;
+ dates = "weekly";
+ options = "--delete-older-than 7d";
+ };
+
+ system.stateVersion = "22.05";
+
+}
diff --git a/modules/coturn.nix b/modules/coturn.nix
new file mode 100644
index 0000000..d6de653
--- /dev/null
+++ b/modules/coturn.nix
@@ -0,0 +1,51 @@
+{config, pkgs, lib, ...}:
+
+let
+ personalization = import ./personalization.nix;
+ in
+{
+ systemd.services.sslcoturn = {
+ script = ''
+ cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${personalization.matrix_url}/${personalization.matrix_url}.crt /var/lib/coturn/${personalization.matrix_url}.crt.pem
+
+ cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${personalization.matrix_url}/${personalization.matrix_url}.key /var/lib/coturn/${personalization.matrix_url}.key.pem
+
+ chown turnserver:turnserver /var/lib/coturn -R
+
+ chmod 770 /var/lib/coturn -R
+
+ systemctl restart coturn
+ '';
+
+ unitConfig = {
+ Type = "simple";
+ After = "NetworkManager.service";
+ Requires = "network-online.target";
+ };
+
+ serviceConfig = {
+ RemainAfterExit = "yes";
+ Type = "oneshot";
+ };
+
+ wantedBy = [ "multi-user.target" ];
+ };
+
+
+ services.coturn = {
+ enable = true;
+ use-auth-secret = true;
+ static-auth-secret = "${personalization.turn_shared}";
+ realm = personalization.matrix_url;
+ cert = "/var/lib/coturn/${personalization.matrix_url}.crt.pem";
+ pkey = "/var/lib/coturn/${personalization.matrix_url}.key.pem";
+ min-port = 49152;
+ max-port = 65535;
+ no-cli = true;
+ #listening-ips = [ "127.0.0.1" ];
+ extraConfig = ''
+ verbose
+ external-ip=${personalization.external_ip_secret}
+ '';
+ };
+}
diff --git a/modules/modules.nix b/modules/modules.nix
new file mode 100644
index 0000000..518304e
--- /dev/null
+++ b/modules/modules.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, lib, ... }:
+
+{
+
+ imports = [
+ ./configuration.nix
+ ./synapse.nix
+ ./coturn.nix
+ ./bitcoinecosystem.nix
+ ./vaultwarden.nix
+ /etc/nixos/hardware-configuration.nix
+ ];
+}
\ No newline at end of file
diff --git a/modules/personalization.nix b/modules/personalization.nix
new file mode 100644
index 0000000..3310da5
--- /dev/null
+++ b/modules/personalization.nix
@@ -0,0 +1,17 @@
+{
+
+matrix_url = builtins.readFile /var/lib/domains/matrix;
+wordpress_url = builtins.readFile /var/lib/domains/wordpress;
+nextcloud_url = builtins.readFile /var/lib/domains/nextcloud;
+btcpayserver_url = builtins.readFile /var/lib/domains/btcpayserver;
+caddy_email_for_zerossl = builtins.readFile /var/lib/domains/sslemail;
+vaultwarden_url = builtins.readFile /var/lib/domains/vaultwarden;
+
+wordpressdb_pass = builtins.readFile /var/lib/secrets/wordpressdb;
+matrix-synapsedb_pass = builtins.readFile /var/lib/secrets/matrixdb;
+nextclouddb_pass = builtins.readFile /var/lib/secrets/nextclouddb;
+turn_shared = builtins.readFile /var/lib/secrets/turn;
+matrix_reg_secret = builtins.readFile /var/lib/secrets/matrix_reg_secret;
+external_ip_secret = builtins.readFile /var/lib/secrets/external_ip;
+
+}
diff --git a/modules/synapse.nix b/modules/synapse.nix
new file mode 100644
index 0000000..76839ae
--- /dev/null
+++ b/modules/synapse.nix
@@ -0,0 +1,75 @@
+{ config, pkgs, lib, ... }:
+
+
+####### CREATE NEW USER (ADMIN OR NOT) VIA TERMINAL #######
+
+# (Run as root in terminal) matrix-synapse-register_new_matrix_user #
+
+####### #######
+
+let
+ personalization = import ./personalization.nix;
+in
+{
+ services.matrix-synapse = {
+ enable = true;
+ settings = {
+ include_content = false;
+ group_unread_count_by_room = false;
+ encryption_enabled_by_default_for_room_type = "invite";
+ allow_profile_lookup_over_federation = false;
+ allow_device_name_lookup_over_federation = false;
+ server_name = personalization.matrix_url;
+ url_preview_enabled = true;
+ max_upload_size = "1024M";
+ url_preview_ip_range_blacklist = [
+ "10.0.0.0/8"
+ "100.64.0.0/10"
+ "169.254.0.0/16"
+ "172.16.0.0/12"
+ "192.0.0.0/24"
+ "192.0.2.0/24"
+ "192.168.0.0/16"
+ "192.88.99.0/24"
+ "198.18.0.0/15"
+ "198.51.100.0/24"
+ "2001:db8::/32"
+ "203.0.113.0/24"
+ "224.0.0.0/4"
+ "::1/128"
+ "fc00::/7"
+ "fe80::/10"
+ "fec0::/10"
+ "ff00::/8"
+ ];
+ url_preview_ip_ranger_whitelist = [ "127.0.0.1" ];
+ turn_shared_secret = "${personalization.turn_shared}";
+ turn_uris = [
+ "turn:${personalization.matrix_url}:5349?transport=udp"
+ "turn:${personalization.matrix_url}:5349?transport=tcp"
+ "turns:${personalization.matrix_url}:5349?transport=udp"
+ "turns:${personalization.matrix_url}:5349?transport=tcp"
+ ];
+ presence.enabled = true;
+ enable_registration = false;
+ registration_shared_secret = "${personalization.matrix_reg_secret}";
+ listeners = [
+ {
+ port = 8008;
+ bind_addresses = [ "::1" ];
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [ {
+ names = [ "client" ];
+ compress = true;
+ }
+ {
+ names = [ "federation" ];
+ compress = false;
+ } ];
+ }
+ ];
+ };
+ };
+}
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
new file mode 100644
index 0000000..46b0678
--- /dev/null
+++ b/modules/vaultwarden.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, lib, ... }:
+
+let
+ personalization = import ./personalization.nix;
+in
+{
+
+ services.vaultwarden = {
+ enable = true;
+ config = {
+
+ DOMAIN = "https://${personalization.vaultwarden_url}";
+ SIGNUPS_ALLOWED = false;
+ ROCKET_ADDRESS = "127.0.0.1";
+ ROCKET_PORT = 8777;
+ ROCKET_LOG = "critical";
+ };
+ dbBackend = "sqlite";
+ environmentFile = "/var/lib/vaultwarden.env";
+ };
+}
\ No newline at end of file
diff --git a/sovran_systems.png b/sovran_systems.png
new file mode 100644
index 0000000..618f61e
Binary files /dev/null and b/sovran_systems.png differ