Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md with new content

Browse Source
This commit is contained in:
Sovran_Systems
2026-04-05 01:32:15 -05:00
parent fc847a17cd
commit 61cf06b4c7
1 changed files with 44 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
README.md
View File

@@ -2,7 +2,6 @@
<img src="https://github.com/user-attachments/assets/f62d7a90-d8b5-4c74-aa7f-50961fbaeb5c" alt="Sovran Systems" width="300"/> <img src="https://github.com/user-attachments/assets/f62d7a90-d8b5-4c74-aa7f-50961fbaeb5c" alt="Sovran Systems" width="300"/>
</p> </p>
<h1 align="center">Sovran_SystemsOS</h1> <h1 align="center">Sovran_SystemsOS</h1>
<p align="center"> <p align="center">
@@ -21,7 +20,7 @@
## Overview ## Overview
Sovran_SystemsOS is a purpose-built, fully declarative operating system constructed entirely on [NixOS](https://nixos.org). It delivers a complete sovereign computing platform — integrating a Bitcoin financial stack, encrypted communications, self-hosted cloud services, and a professional web presence — all managed through a single, reproducible configuration. Sovran_SystemsOS is a purpose-built, fully declarative operating system constructed entirely on [NixOS](https://nixos.org). It delivers a complete sovereign computing platform — integrating a [Bitcoin](https://bitcoin.org) financial stack, encrypted communications via [Matrix](https://matrix.org), self-hosted cloud services, and a professional web presence — all managed through a single, reproducible configuration.
Every component of the system is defined in Nix. There are no imperative scripts, no hidden state, and no black boxes. What you declare is exactly what runs. The entire operating system can be rebuilt, replicated, or audited from source at any time. Every component of the system is defined in Nix. There are no imperative scripts, no hidden state, and no black boxes. What you declare is exactly what runs. The entire operating system can be rebuilt, replicated, or audited from source at any time.
@@ -34,14 +33,14 @@ Every component of the system is defined in Nix. There are no imperative scripts
<img width="1945" height="1000" alt="Screenshot From 2026-04-05 01-03-08" src="https://github.com/user-attachments/assets/00f0fbbe-1dfb-4128-a907-fca05ab4ace4" /> <img width="1945" height="1000" alt="Screenshot From 2026-04-05 01-03-08" src="https://github.com/user-attachments/assets/00f0fbbe-1dfb-4128-a907-fca05ab4ace4" />
</p> </p>
The **Sovran_SystemsOS Hub** is the central management dashboard for the entire operating system. Accessible through a local web interface, it provides a unified view of all running infrastructure, Bitcoin services, and application status in real time. The **Sovran_SystemsOS Hub** is the central management dashboard for the entire operating system. Accessible through a local web interface, it provides a unified view of all running infrastructure, [Bitcoin](https://bitcoin.org) services, and application status in real time.
From the Hub, operators can: From the Hub, operators can:
- Monitor the health and status of every service at a glance - Monitor the health and status of every service at a glance
- Access system administration tools including password management, backups, and tech support - Access system administration tools including password management, backups, and tech support
- Manage Bitcoin node infrastructure (Bitcoin Knots, Bitcoin Core, BIP-110) - Manage Bitcoin node infrastructure ([Bitcoin Knots](https://bitcoinknots.org), [Bitcoin Core](https://bitcoincore.org), BIP-110)
- Oversee the full Bitcoin application stack (Electrs, LND, Ride The Lightning, BTCPayServer, Zeus Connect, Mempool) - Oversee the full Bitcoin application stack ([Electrs](https://github.com/romanz/electrs), [LND](https://github.com/lightningnetwork/lnd), [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL), [BTCPayServer](https://btcpayserver.org), [Zeus](https://zeusln.com), [Mempool](https://github.com/mempool/mempool))
- Update the system with a single action - Update the system with a single action
- Perform manual backups to external storage - Perform manual backups to external storage
- Access remote desktop capabilities - Access remote desktop capabilities
@@ -56,21 +55,21 @@ Sovran_SystemsOS is architected around three distinct deployment roles, each tai
### Server + Desktop ### Server + Desktop
The complete deployment. This role activates every server service alongside a full GNOME desktop environment, delivering a workstation that simultaneously operates as a sovereign infrastructure node. The complete deployment. This role activates every server service alongside a full [GNOME](https://www.gnome.org) desktop environment, delivering a workstation that simultaneously operates as a sovereign infrastructure node.
**Includes:** Matrix Synapse homeserver, Bitcoin ecosystem (bitcoind, Electrs, LND, RTL, BTCPayServer), Vaultwarden password manager, WordPress, Nextcloud file hosting, Caddy reverse proxy, Tor, and the full desktop environment. **Includes:** [Matrix Synapse](https://github.com/element-hq/synapse) homeserver, Bitcoin ecosystem ([bitcoind](https://bitcoinknots.org), [Electrs](https://github.com/romanz/electrs), [LND](https://github.com/lightningnetwork/lnd), [RTL](https://github.com/Ride-The-Lightning/RTL), [BTCPayServer](https://btcpayserver.org)), [Vaultwarden](https://github.com/dani-garcia/vaultwarden) password manager, [WordPress](https://wordpress.org), [Nextcloud](https://nextcloud.com) file hosting, [Caddy](https://caddyserver.com) reverse proxy, [Tor](https://www.torproject.org), and the full desktop environment.
### Desktop Only ### Desktop Only
A clean, sovereign desktop environment without server services. Ideal for daily computing, secure communications, and Bitcoin wallet management without running full node infrastructure. A clean, sovereign desktop environment without server services. Ideal for daily computing, secure communications, and Bitcoin wallet management without running full node infrastructure.
**Includes:** GNOME desktop, Bitcoin desktop applications (Sparrow, Bisq, Bisq2, Bitcoin Core GUI), Tor, and all productivity tools. **Includes:** [GNOME](https://www.gnome.org) desktop, Bitcoin desktop applications ([Sparrow](https://sparrowwallet.com), [Bisq](https://bisq.network), Bisq2, [Bitcoin Core](https://bitcoincore.org) GUI), [Tor](https://www.torproject.org), and all productivity tools.
### Node (Bitcoin Only) ### Node (Bitcoin Only)
A dedicated Bitcoin infrastructure node. This role strips away desktop and web services to focus entirely on running and serving the Bitcoin network. A dedicated Bitcoin infrastructure node. This role strips away desktop and web services to focus entirely on running and serving the Bitcoin network.
**Includes:** Bitcoin Knots with BIP-110, Electrs, LND, Ride The Lightning, BTCPayServer, Mempool block explorer, and all supporting Bitcoin infrastructure. **Includes:** [Bitcoin Knots](https://bitcoinknots.org) with BIP-110, [Electrs](https://github.com/romanz/electrs), [LND](https://github.com/lightningnetwork/lnd), [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL), [BTCPayServer](https://btcpayserver.org), [Mempool](https://github.com/mempool/mempool) block explorer, and all supporting Bitcoin infrastructure.
--- ---
@@ -95,17 +94,17 @@ Services and features are organized into independently toggleable modules. Opera
| Category | Service | Default | | Category | Service | Default |
|----------|---------|---------| |----------|---------|---------|
| **Services** | Matrix Synapse | ON | | **Services** | [Matrix Synapse](https://github.com/element-hq/synapse) | ON |
| **Services** | Bitcoin Ecosystem | ON | | **Services** | [Bitcoin](https://bitcoin.org) Ecosystem | ON |
| **Services** | Vaultwarden | ON | | **Services** | [Vaultwarden](https://github.com/dani-garcia/vaultwarden) | ON |
| **Services** | WordPress | ON | | **Services** | [WordPress](https://wordpress.org) | ON |
| **Services** | Nextcloud | ON | | **Services** | [Nextcloud](https://nextcloud.com) | ON |
| **Features** | Haven (NOSTR Relay) | OFF | | **Features** | [Haven](https://github.com/bitvora/haven) (NOSTR Relay) | OFF |
| **Features** | BIP-110 | OFF | | **Features** | BIP-110 | OFF |
| **Features** | Mempool Explorer | OFF | | **Features** | [Mempool](https://github.com/mempool/mempool) Explorer | OFF |
| **Features** | Element Video Calling | OFF | | **Features** | [Element](https://element.io) Video Calling | OFF |
| **Features** | Remote Desktop (RDP) | OFF | | **Features** | Remote Desktop (RDP) | OFF |
| **Features** | Bitcoin Core GUI | OFF | | **Features** | [Bitcoin Core](https://bitcoincore.org) GUI | OFF |
--- ---
@@ -114,13 +113,13 @@ Services and features are organized into independently toggleable modules. Opera
Sovran_SystemsOS is engineered with security as a foundational principle, not an afterthought. Sovran_SystemsOS is engineered with security as a foundational principle, not an afterthought.
- **Declarative Firewall:** All network access is explicitly defined. Only ports required by enabled services are opened; everything else is denied by default. - **Declarative Firewall:** All network access is explicitly defined. Only ports required by enabled services are opened; everything else is denied by default.
- **Fail2Ban Integration:** Automated intrusion prevention monitors and blocks brute-force attacks across all exposed services. - **[Fail2Ban](https://github.com/fail2ban/fail2ban) Integration:** Automated intrusion prevention monitors and blocks brute-force attacks across all exposed services.
- **SSH Hardened:** Password authentication and keyboard-interactive authentication are disabled. Access is restricted to public key authentication only. - **SSH Hardened:** Password authentication and keyboard-interactive authentication are disabled. Access is restricted to public key authentication only.
- **Tor Built-In:** The Tor network is enabled system-wide, providing anonymized connectivity and the ability to operate hidden services for any exposed application. - **[Tor](https://www.torproject.org) Built-In:** The Tor network is enabled system-wide, providing anonymized connectivity and the ability to operate hidden services for any exposed application.
- **Automated Backups:** rsnapshot performs hourly and daily snapshots of all critical data — including home directories, system state, and Bitcoin secrets — to external storage. - **Automated Backups:** [rsnapshot](https://rsnapshot.org) performs hourly and daily snapshots of all critical data — including home directories, system state, and Bitcoin secrets — to external storage.
- **Vaultwarden (Self-Hosted Bitwarden):** All credentials are managed through a locally hosted, encrypted password vault with no external dependencies. - **[Vaultwarden](https://github.com/dani-garcia/vaultwarden) (Self-Hosted Bitwarden):** All credentials are managed through a locally hosted, encrypted password vault with no external dependencies.
- **NixOS Immutability:** The declarative model ensures that the running system always matches the defined configuration. Unauthorized modifications do not persist across rebuilds. - **NixOS Immutability:** The declarative model ensures that the running system always matches the defined configuration. Unauthorized modifications do not persist across rebuilds.
- **Nix Flake Pinning:** All dependencies — including nixpkgs, nix-bitcoin, and third-party modules — are pinned to exact revisions via `flake.lock`, eliminating supply-chain ambiguity. - **Nix Flake Pinning:** All dependencies — including nixpkgs, [nix-bitcoin](https://github.com/fort-nix/nix-bitcoin), and third-party modules — are pinned to exact revisions via `flake.lock`, eliminating supply-chain ambiguity.
- **Credential Isolation:** Bitcoin secrets and service credentials are stored in dedicated, permission-restricted directories and automatically generated during provisioning. - **Credential Isolation:** Bitcoin secrets and service credentials are stored in dedicated, permission-restricted directories and automatically generated during provisioning.
--- ---
@@ -129,26 +128,26 @@ Sovran_SystemsOS is engineered with security as a foundational principle, not an
| Layer | Technology | | Layer | Technology |
|-------|------------| |-------|------------|
| **Operating System** | NixOS (Unstable Channel) | | **Operating System** | [NixOS](https://nixos.org) (Unstable Channel) |
| **Desktop Environment** | GNOME (Wayland) | | **Desktop Environment** | [GNOME](https://www.gnome.org) (Wayland) |
| **Reverse Proxy** | Caddy | | **Reverse Proxy** | [Caddy](https://caddyserver.com) |
| **Bitcoin Node** | Bitcoin Knots / Bitcoin Core | | **Bitcoin Node** | [Bitcoin Knots](https://bitcoinknots.org) / [Bitcoin Core](https://bitcoincore.org) |
| **Lightning Network** | LND | | **Lightning Network** | [LND](https://github.com/lightningnetwork/lnd) |
| **Lightning Management** | Ride The Lightning | | **Lightning Management** | [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL) |
| **Payment Processing** | BTCPayServer | | **Payment Processing** | [BTCPayServer](https://btcpayserver.org) |
| **Block Explorer** | Mempool | | **Block Explorer** | [Mempool](https://github.com/mempool/mempool) |
| **Electrum Server** | Electrs | | **Electrum Server** | [Electrs](https://github.com/romanz/electrs) |
| **Communications** | Matrix Synapse + Element | | **Communications** | [Matrix Synapse](https://github.com/element-hq/synapse) + [Element](https://element.io) |
| **Video Calling** | LiveKit (Element Calling) | | **Video Calling** | [LiveKit](https://livekit.io) (Element Calling) |
| **File Hosting** | Nextcloud | | **File Hosting** | [Nextcloud](https://nextcloud.com) |
| **Website** | WordPress | | **Website** | [WordPress](https://wordpress.org) |
| **Password Management** | Vaultwarden | | **Password Management** | [Vaultwarden](https://github.com/dani-garcia/vaultwarden) |
| **NOSTR Relay** | Haven | | **NOSTR Relay** | [Haven](https://github.com/bitvora/haven) |
| **DNS Management** | Njalla Dynamic DNS | | **DNS Management** | [Njalla](https://njal.la) Dynamic DNS |
| **Network Privacy** | Tor | | **Network Privacy** | [Tor](https://www.torproject.org) |
| **Intrusion Prevention** | Fail2Ban | | **Intrusion Prevention** | [Fail2Ban](https://github.com/fail2ban/fail2ban) |
| **Backup** | rsnapshot | | **Backup** | [rsnapshot](https://rsnapshot.org) |
| **Package Management** | Nix Flakes | | **Package Management** | [Nix Flakes](https://nixos.wiki/wiki/Flakes) |
--- ---
@@ -203,9 +202,9 @@ staging_alpha/
Sovran_SystemsOS is built on the work of exceptional open-source contributors and projects. Sovran_SystemsOS is built on the work of exceptional open-source contributors and projects.
**[nix-bitcoin](https://github.com/fort-nix/nix-bitcoin)** — The Bitcoin infrastructure layer of Sovran_SystemsOS is made possible by the nix-bitcoin project. Their rigorous, security-focused NixOS modules for Bitcoin Core, LND, Electrs, BTCPayServer, and related services provide the foundation upon which the entire Bitcoin ecosystem in this operating system is constructed. The nix-bitcoin team's commitment to reproducible, auditable Bitcoin infrastructure is directly aligned with the mission of Sovran_SystemsOS, and their work is deeply appreciated. **[nix-bitcoin](https://github.com/fort-nix/nix-bitcoin)** — The Bitcoin infrastructure layer of Sovran_SystemsOS is made possible by the nix-bitcoin project. Their rigorous, security-focused NixOS modules for [Bitcoin Core](https://bitcoincore.org), [LND](https://github.com/lightningnetwork/lnd), [Electrs](https://github.com/romanz/electrs), [BTCPayServer](https://btcpayserver.org), and related services provide the foundation upon which the entire Bitcoin ecosystem in this operating system is constructed. The nix-bitcoin team's commitment to reproducible, auditable Bitcoin infrastructure is directly aligned with the mission of Sovran_SystemsOS, and their work is deeply appreciated.
**[Emmanuel Rosa](https://github.com/emmanuelrosa)** — The `btc-clients-nix` and `bitcoin-knots-bip-110-nix` packages, maintained by Emmanuel Rosa, bring essential Bitcoin desktop applications (Sparrow, Bisq, Bisq2) and the BIP-110 Bitcoin Knots implementation to NixOS. These ports fill a critical gap in the NixOS Bitcoin ecosystem and are integral to delivering a complete sovereign computing experience. His dedication to packaging and maintaining these tools for the Nix community is sincerely valued. **[Emmanuel Rosa](https://github.com/emmanuelrosa)** — The [`btc-clients-nix`](https://github.com/emmanuelrosa/btc-clients-nix) and [`bitcoin-knots-bip-110-nix`](https://github.com/emmanuelrosa/bitcoin-knots-bip-110-nix) packages, maintained by Emmanuel Rosa, bring essential Bitcoin desktop applications ([Sparrow](https://sparrowwallet.com), [Bisq](https://bisq.network), Bisq2) and the BIP-110 [Bitcoin Knots](https://bitcoinknots.org) implementation to NixOS. These ports fill a critical gap in the NixOS Bitcoin ecosystem and are integral to delivering a complete sovereign computing experience. His dedication to packaging and maintaining these tools for the Nix community is sincerely valued.
**[NixOS](https://nixos.org)** — The purely functional Linux distribution that makes all of this possible. Without the NixOS foundation of declarative, reproducible system management, a project of this scope and reliability would not be feasible. **[NixOS](https://nixos.org)** — The purely functional Linux distribution that makes all of this possible. Without the NixOS foundation of declarative, reproducible system management, a project of this scope and reliability would not be feasible.