Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merge sync

Browse Source
This commit is contained in:
naturallaw77
2026-02-15 18:50:03 -06:00
parent efdec08eae
commit a53dfd9271
13 changed files with 1097 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@@ -33,14 +33,14 @@ The DIY support chat on Matrix is located here:
https://matrix.to/#/%23DIY_Sovran_SystemsOS:anarchyislove.xyz https://matrix.to/#/%23DIY_Sovran_SystemsOS:anarchyislove.xyz
## License
Sovran_SystemsOS is licensed under the Apache 2 software licence.
## ##
Created, Handcrafted, and Headquartered in Southern California 2022-2025 🏖️. Created, Handcrafted, and Headquartered in the Midwest 2022-2026.
All Open Source Software Used Falls Under Its Specific Open Source License. This Gitea is Proudly Powered by a Sovran Pro.
This Gitea is Proudly Powered by a Sovran Pro 💚.
GNU GPL 3.0+
All Is Love. Fear Is Illusion. All Beings Are Free. Truth Can Never Be Destroyed. All Is Love. Fear Is Illusion. All Beings Are Free. Truth Can Never Be Destroyed.

46
README_1.md Executable file
View File

@@ -0,0 +1,46 @@
<br />
<br />
<p align="center">
<img width="600" src="sovran_systems_grey.png">
</p>
<br />
<br />
<br />
# Complete Configuration for Sovran_SystemsOS and the Sovran Pro
A Nix Flake Implementation
Thanks to all the NixOS creators and developers for creating what is the future of computing.
https://sovransystems.com
Connect on Matrix here: https://matrix.to/#/#sovran-systems:anarchyislove.xyz
Connect for Support on Matrix here: https://matrix.to/#/#sovran-systems-support:anarchyislove.xyz
###
## DIY Install Of Sovran_SystemsOS
The write-up to install Sovran_SystemsOS on your own hardware is located here:
https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/src/branch/main/DIY%20Install%20Sovran_SystemsOS.md
The DIY support chat on Matrix is located here:
https://matrix.to/#/%23DIY_Sovran_SystemsOS:anarchyislove.xyz
## License
Sovran_SystemsOS is licensed under the Apache 2 software licence.
##
Created, Handcrafted, and Headquartered in the Midwest 2022-2026.
This Gitea is Proudly Powered by a Sovran Pro.
All Is Love. Fear Is Illusion. All Beings Are Free. Truth Can Never Be Destroyed.

30
configuration.nix
View File

@@ -94,9 +94,11 @@ in
systemd.services.flatpak-repo = { systemd.services.flatpak-repo = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
path = [ pkgs.flatpak ]; path = [ pkgs.flatpak ];
script = '' script = ''
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
''; '';
}; };
@@ -108,14 +110,14 @@ in
"jitsi-meet-1.0.8043" "jitsi-meet-1.0.8043"
]; ];
# List packages installed in system profile. To search, run: # List packages installed
# $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
wget wget
fish fish
htop htop
btop btop
gnomeExtensions.transparent-top-bar-adjustable-transparency
gnomeExtensions.systemd-manager gnomeExtensions.systemd-manager
gnomeExtensions.dash-to-dock gnomeExtensions.dash-to-dock
gnomeExtensions.vitals gnomeExtensions.vitals
@@ -172,7 +174,7 @@ in
}; };
####### CADDY ####### ####### CADDY #######
services.caddy = { services.caddy = {
enable = true; enable = true;
user = "caddy"; user = "caddy";
@@ -241,7 +243,7 @@ in
}; };
}; };
###### AGENIX ###### ###### AGENIX ######
age.identityPaths = [ "/root/.ssh/agenix/agenix-secret-keys" ]; age.identityPaths = [ "/root/.ssh/agenix/agenix-secret-keys" ];
age.secrets.matrix_reg_secret = { age.secrets.matrix_reg_secret = {
@@ -254,7 +256,7 @@ in
###### CREATE DATABASE (WORDPRESS, MATRIX_SYNAPSE, AND NEXTCLOUD) ####### ###### CREATE DATABASE (WORDPRESS, MATRIX_SYNAPSE, AND NEXTCLOUD) #######
services.postgresql = { services.postgresql = {
enable = true; enable = true;
}; };
@@ -301,7 +303,7 @@ in
; ;
####### KEEP AWAKE for DISPLAY and HEADLESS ####### ####### KEEP AWAKE for DISPLAY and HEADLESS #######
services.displayManager.gdm.autoSuspend = false; services.displayManager.gdm.autoSuspend = false;
systemd.sleep.extraConfig = '' systemd.sleep.extraConfig = ''
@@ -312,7 +314,7 @@ in
''; '';
####### BACKUP TO INTERNAL DRIVE ####### ####### BACKUP TO INTERNAL DRIVE #######
services.rsnapshot = { services.rsnapshot = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
@@ -331,7 +333,7 @@ backup /etc/nix-bitcoin-secrets/ localhost/
}; };
####### CRON ####### ####### CRON #######
services.cron = { services.cron = {
enable = true; enable = true;
systemCronJobs = [ systemCronJobs = [
@@ -345,7 +347,7 @@ backup /etc/nix-bitcoin-secrets/ localhost/
}; };
####### TOR ####### ####### TOR #######
services.tor = { services.tor = {
enable = true; enable = true;
client.enable = true; client.enable = true;
@@ -355,7 +357,7 @@ backup /etc/nix-bitcoin-secrets/ localhost/
services.privoxy.enableTor = true; services.privoxy.enableTor = true;
####### Enable the OpenSSH daemon ####### ####### Enable the SSH #######
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
@@ -366,7 +368,7 @@ backup /etc/nix-bitcoin-secrets/ localhost/
}; };
#######FailtoBan####### #######FailtoBan#######
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
ignoreIP = [ ignoreIP = [
@@ -379,7 +381,7 @@ backup /etc/nix-bitcoin-secrets/ localhost/
}; };
####### Open ports in the firewall ####### ####### Open ports in the firewall #######
networking.firewall.allowedTCPPorts = [ 80 443 5349 8448 3051 ]; networking.firewall.allowedTCPPorts = [ 80 443 5349 8448 3051 ];
networking.firewall.allowedUDPPorts = [ 80 443 5349 8448 3051 ]; networking.firewall.allowedUDPPorts = [ 80 443 5349 8448 3051 ];
@@ -390,7 +392,7 @@ backup /etc/nix-bitcoin-secrets/ localhost/
networking.firewall.enable = true; networking.firewall.enable = true;
####### AUTO COLLECT GARABAGE ####### ####### AUTO COLLECT GARABAGE #######
nix.gc = { nix.gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";

405
configuration_1.nix Executable file
View File

@@ -0,0 +1,405 @@
{ config, pkgs, lib, ... }:
let
personalization = import ./modules/personalization.nix;
in
{
imports =
[
./modules/modules.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.kernelPackages = pkgs.linuxPackages_latest;
# Enable Automount without Fail for Internal Drive.
fileSystems."/run/media/Second_Drive" = {
device = "LABEL=BTCEcoandBackup";
fsType = "ext4";
options = [ "nofail" ];
};
fileSystems."/boot/efi".options = [ "umask=0077" "defaults" ];
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
download-buffer-size = 524288000;
};
networking.hostName = "nixos"; # Define your hostname.
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Systemd Settings
systemd.enableEmergencyMode = false;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
users.users = {
free = {
isNormalUser = true;
description = "free";
extraGroups = [ "networkmanager" ];
};
};
# Enable automatic login for the user.
services.displayManager.autoLogin.enable = true;
services.displayManager.autoLogin.user = "free";
# Allow Flatpak
services.flatpak.enable = true;
systemd.services.flatpak-repo = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
path = [ pkgs.flatpak ];
script = ''
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
'';
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
];
# List packages installed
environment.systemPackages = with pkgs; [
git
wget
fish
htop
btop
gnomeExtensions.transparent-top-bar-adjustable-transparency
gnomeExtensions.systemd-manager
gnomeExtensions.dash-to-dock
gnomeExtensions.vitals
gnomeExtensions.pop-shell
gnomeExtensions.just-perfection
gnomeExtensions.appindicator
gnomeExtensions.date-menu-formatter
gnome-tweaks
papirus-icon-theme
ranger
neofetch
gedit
matrix-synapse
openssl
pwgen
aspell
aspellDicts.en
lm_sensors
hunspell
hunspellDicts.en_US
synadm
brave
dua
bitwarden-desktop
gparted
pv
unzip
parted
screen
zenity
libargon2
gnome-terminal
libreoffice-fresh
dig
firefox
element-desktop
wp-cli
axel
];
programs.nixvim = {
enable = true;
colorschemes.catppuccin.enable = true;
plugins.lualine.enable = true;
};
programs.bash.promptInit = "fish";
programs.fish = {
enable = true;
promptInit = "neofetch";
};
####### CADDY #######
services.caddy = {
enable = true;
user = "caddy";
group = "root";
email = "${personalization.caddy_email_for_acme}";
virtualHosts = {
"${personalization.wordpress_url}" = {
extraConfig = ''
encode gzip zstd
root * /var/lib/www/wordpress
php_fastcgi unix//run/phpfpm/mypool.sock
file_server browse
'';
};
"${personalization.nextcloud_url}" = {
extraConfig = ''
encode gzip zstd
root * /var/lib/www/nextcloud
php_fastcgi unix//run/phpfpm/mypool.sock {
trusted_proxies private_ranges
}
file_server
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
header {
Strict-Transport-Security max-age=31536000;
}
'';
};
"${personalization.matrix_url}" = {
extraConfig = ''
reverse_proxy /_matrix/* http://localhost:8008
reverse_proxy /_synapse/client/* http://localhost:8008
'';
};
"${personalization.matrix_url}:8448" = {
extraConfig = ''
reverse_proxy http://localhost:8008
'';
};
"${personalization.btcpayserver_url}" = {
extraConfig = ''
reverse_proxy http://localhost:23000
encode gzip zstd
'';
};
"https://${personalization.vaultwarden_url}" = {
extraConfig = ''
reverse_proxy http://localhost:8777
encode gzip zstd
'';
};
":3051" = {
extraConfig = ''
reverse_proxy :3050
encode gzip zstd
'';
};
};
};
###### AGENIX ######
age.identityPaths = [ "/root/.ssh/agenix/agenix-secret-keys" ];
age.secrets.matrix_reg_secret = {
file = /var/lib/agenix-secrets/matrix_reg_secret.age;
mode = "770";
owner = "matrix-synapse";
group = "matrix-synapse";
};
###### CREATE DATABASE (WORDPRESS, MATRIX_SYNAPSE, AND NEXTCLOUD) #######
services.postgresql = {
enable = true;
};
services.postgresql.authentication = lib.mkForce ''
# Generated file; do not edit!
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
services.mysql = {
enable = true;
package = pkgs.mariadb;
};
services.postgresql.initialScript = pkgs.writeText "begin-init.sql" ''
CREATE ROLE "ncusr" WITH LOGIN PASSWORD '${personalization.nextclouddb}';
CREATE DATABASE "nextclouddb" WITH OWNER "ncusr"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${personalization.matrixdb}';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
''
;
services.mysql.initialScript = pkgs.writeText "wordpress-init.sql" ''
CREATE DATABASE wordpressdb;
CREATE USER 'wpusr'@'localhost' IDENTIFIED BY '${personalization.wordpressdb}';
GRANT ALL ON wordpressdb.* TO 'wpusr'@'localhost';
FLUSH PRIVILEGES;
''
;
####### KEEP AWAKE for DISPLAY and HEADLESS #######
services.displayManager.gdm.autoSuspend = false;
systemd.sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
####### BACKUP TO INTERNAL DRIVE #######
services.rsnapshot = {
enable = true;
extraConfig = ''
snapshot_root /run/media/Second_Drive/BTCEcoandBackup/NixOS_Snapshot_Backup
retain hourly 5
retain daily 5
backup /home/ localhost/
backup /var/lib/ localhost/
backup /etc/nixos/ localhost/
backup /etc/nix-bitcoin-secrets/ localhost/
'';
cronIntervals = {
daily = "50 21 * * *";
hourly = "0 * * * *";
};
};
####### CRON #######
services.cron = {
enable = true;
systemCronJobs = [
"*/5 * * * * caddy /run/current-system/sw/bin/php -f /var/lib/www/nextcloud/cron.php"
"*/15 * * * * root /run/current-system/sw/bin/bash /var/lib/njalla/njalla.sh"
"*/15 * * * * root /run/current-system/sw/bin/bash /var/lib/external_ip/external_ip.sh"
"0 0 * * 0 docker-user yes | /run/current-system/sw/bin/docker system prune -a"
];
};
####### TOR #######
services.tor = {
enable = true;
client.enable = true;
torsocks.enable = true;
};
services.privoxy.enableTor = true;
####### Enable the SSH #######
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "yes";
};
};
#######FailtoBan#######
services.fail2ban = {
enable = true;
ignoreIP = [
"127.0.0.0/8"
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
"8.8.8.8"
];
};
####### Open ports in the firewall #######
networking.firewall.allowedTCPPorts = [ 80 443 5349 8448 3051 ];
networking.firewall.allowedUDPPorts = [ 80 443 5349 8448 3051 ];
networking.firewall.allowedUDPPortRanges = [
{ from=49152; to=65535; } # TURN relay
];
networking.firewall.enable = true;
####### AUTO COLLECT GARABAGE #######
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
system.stateVersion = "22.05";
}

35
custom-add-ons.md
View File

@@ -7,12 +7,7 @@ Add-ons are extra features you can have installed before your Sovran Pro is ship
https://github.com/bitcoin/bitcoin https://github.com/bitcoin/bitcoin
2. By default Sovran_SystemsOS runs LND as the default Lightning node software for BTCpayserver. You are now able to run CLN as the backend to BTCpayserver instead of LND. 2. The Bitcoin Mempool can be added and can be accessed via Tor or on your local network.
https://blockstream.com/lightning/
3. There is Mempool to be added on via a Tor connection.
https://github.com/mempool/mempool https://github.com/mempool/mempool
@@ -27,16 +22,26 @@ services.bitcoind.package = lib.mkForce config.nix-bitcoin.pkgs.bitcoind;
``` ```
The code for CLN for BTCpayserver backend is as follows:
```nix
services.btcpayserver.lightningBackend = lib.mkForce "clightning";
```
The code for Mempool is as follows: The code for Mempool is as follows:
```nix ```nix
services.mempool.enable = true; services.mempool = {
``` enable = true;
frontend.enable = true;
};
services.mysql.package = lib.mkForce pkgs.mariadb;
nix-bitcoin.onionServices.mempool-frontend.enable = true;
services.caddy = {
virtualHosts = {
":60847" = {
extraConfig = ''
reverse_proxy :60845
encode gzip zstd
'';
};
};
};
```

47
custom-add-ons_1.md Normal file
View File

@@ -0,0 +1,47 @@
## Custom Add-ons for your Sovran Pro or Sovran Pro Max
Add-ons are extra features you can have installed before your Sovran Pro is shipped to you.
1. Since Sovran_SystemsOS runs Bitcoin Knots by default as opposed to Bitcion Core, you can customize your Sovran Pro or Sovran Pro Max node to run Bitcoin Core.
https://github.com/bitcoin/bitcoin
2. The Bitcoin Mempool can be added and can be accessed via Tor or on your local network.
https://github.com/mempool/mempool
The code will be installed in the `custom.nix` file.
The code for Bitcoin Core is as follows:
```nix
services.bitcoind.package = lib.mkForce config.nix-bitcoin.pkgs.bitcoind;
```
The code for Mempool is as follows:
```nix
services.mempool = {
enable = true;
frontend.enable = true;
};
services.mysql.package = lib.mkForce pkgs.mariadb;
nix-bitcoin.onionServices.mempool-frontend.enable = true;
services.caddy = {
virtualHosts = {
":60847" = {
extraConfig = ''
reverse_proxy :60845
encode gzip zstd
'';
};
};
};
```

174
flake.lock generated
View File

@@ -8,11 +8,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1761656077, "lastModified": 1762618334,
"narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -27,11 +27,11 @@
"oldNixpkgs": "oldNixpkgs" "oldNixpkgs": "oldNixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1760190224, "lastModified": 1766936379,
"narHash": "sha256-QHHgg35BikVeyhP8MvquKA3G+LY0rjBOHTCFgGkvTgA=", "narHash": "sha256-VBhwuhoz/byfK2OdYUKkzc1vTPqUddJaMr6elUOHeuM=",
"owner": "emmanuelrosa", "owner": "emmanuelrosa",
"repo": "btc-clients-nix", "repo": "btc-clients-nix",
"rev": "c76dcd51fba66f0bcf9f8c479e8d5337aef745a0", "rev": "36cbe17a6160121bbae1ea7521593314d55e023c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -52,16 +52,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734005403, "lastModified": 1766155727,
"narHash": "sha256-vgh3TqfkFdnPxREBedw4MQehIDc3N8YyxBOB45n+AvU=", "narHash": "sha256-XGp4HHH6D6ZKiO5RnMzqYJYnZB538EnEflvlTsOKpvo=",
"owner": "erikarvstedt", "owner": "erikarvstedt",
"repo": "extra-container", "repo": "extra-container",
"rev": "f4de6c329b306a9d3a9798a30e060c166f781baa", "rev": "b450bdb24fca1076973c852d87bcb49b8eb5fd49",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "erikarvstedt", "owner": "erikarvstedt",
"ref": "0.13", "ref": "0.14",
"repo": "extra-container", "repo": "extra-container",
"type": "github" "type": "github"
} }
@@ -74,11 +74,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1760948891, "lastModified": 1765835352,
"narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -105,24 +105,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -144,47 +126,20 @@
"type": "github" "type": "github"
} }
}, },
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1754860581,
"narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.1.1",
"repo": "ixx",
"type": "github"
}
},
"nix-bitcoin": { "nix-bitcoin": {
"inputs": { "inputs": {
"extra-container": "extra-container", "extra-container": "extra-container",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-25_05": "nixpkgs-25_05",
"nixpkgs-unstable": "nixpkgs-unstable" "nixpkgs-unstable": "nixpkgs-unstable"
}, },
"locked": { "locked": {
"lastModified": 1761560050, "lastModified": 1767721199,
"narHash": "sha256-dbMLlIEamKfXP/Ww205FGDMkfEKd6Pzs/VpxUbSsmtU=", "narHash": "sha256-UzRxDiJlopBGPTjyhCdMP+QdTwXK+l+y45urXCyH69A=",
"owner": "fort-nix", "owner": "fort-nix",
"repo": "nix-bitcoin", "repo": "nix-bitcoin",
"rev": "b217b6019c3bba6eba2f2f5a277464b7579c3ab9", "rev": "5b532698ce9e8bd79b07d77ab4fc60e1a8408f73",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -210,6 +165,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-25_05": {
"locked": {
"lastModified": 1767051569,
"narHash": "sha256-0MnuWoN+n1UYaGBIpqpPs9I9ZHW4kynits4mrnh1Pk4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "40ee5e1944bebdd128f9fbada44faefddfde29bd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1751274312, "lastModified": 1751274312,
@@ -228,11 +199,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1760965567, "lastModified": 1767364772,
"narHash": "sha256-0JDOal5P7xzzAibvD0yTE3ptyvoVOAL0rcELmDdtSKg=", "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cb82756ecc37fa623f8cf3e88854f9bf7f64af93", "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -244,11 +215,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1759360550, "lastModified": 1764255304,
"narHash": "sha256-feL8xklo97a8o8ISOszUU2tfHskJdu3zKbpcltzSblw=", "narHash": "sha256-oQPux8afXmkbb88ceRtz1lgSGqL9auOgdYnBSqpVgSA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "28b8fe20c34f94a537f71950a9b0c1dc7224d036", "rev": "6e86c955fc372d12face4a9c0d932a6e0f7bff4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -259,27 +230,27 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1761016216, "lastModified": 1767480499,
"narHash": "sha256-G/iC4t/9j/52i/nm+0/4ybBmAF4hzR8CNHC75qEhjHo=", "narHash": "sha256-8IQQUorUGiSmFaPnLSo2+T+rjHtiNWc+OAzeHck7N48=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "481cf557888e05d3128a76f14c76397b7d7cc869", "rev": "30a3c519afcf3f99e2c6df3b359aec5692054d92",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.05", "ref": "nixos-25.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1761373498, "lastModified": 1767767207,
"narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "rev": "5912c1772a44e31bf1c63c0390b90501e5026886",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -291,11 +262,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1761594641, "lastModified": 1767026758,
"narHash": "sha256-sImk6SJQASDLQo8l+0zWWaBgg7TueLS6lTvdH5pBZpo=", "narHash": "sha256-7fsac/f7nh/VaKJ/qm3I338+wAJa/3J57cOGpXi0Sbg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1666250dbe4141e4ca8aaf89b40a3a51c2e36144", "rev": "346dd96ad74dc4457a9db9de4f4f57dab2e5731d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -309,15 +280,14 @@
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_5",
"nuschtosSearch": "nuschtosSearch", "systems": "systems_3"
"systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1761657569, "lastModified": 1767608728,
"narHash": "sha256-2D4Tw5Vp52RU5amnBvq0/z+zgZqafwl4bhg8dJBBjXI=", "narHash": "sha256-kmSJCTgrx+BxgqQOTPHAOkohvO+lbRsPWqu+PSPcz3I=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "03c0dabb9a63f52bc2ebf571f3755720df1ca81e", "rev": "851399eebd0fb383d2fd76269d859f16021dc7a8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -326,29 +296,6 @@
"type": "github" "type": "github"
} }
}, },
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1760652422,
"narHash": "sha256-C88Pgz38QIl9JxQceexqL2G7sw9vodHWx1Uaq+NRJrw=",
"owner": "NuschtOS",
"repo": "search",
"rev": "3ebeebe8b6a49dfb11f771f761e0310f7c48d726",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"oldNixpkgs": { "oldNixpkgs": {
"locked": { "locked": {
"lastModified": 1727619874, "lastModified": 1727619874,
@@ -419,21 +366,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

373
flake_1.lock Executable file
View File

@@ -0,0 +1,373 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": [],
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"btc-clients": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"oldNixpkgs": "oldNixpkgs"
},
"locked": {
"lastModified": 1766936379,
"narHash": "sha256-VBhwuhoz/byfK2OdYUKkzc1vTPqUddJaMr6elUOHeuM=",
"owner": "emmanuelrosa",
"repo": "btc-clients-nix",
"rev": "36cbe17a6160121bbae1ea7521593314d55e023c",
"type": "github"
},
"original": {
"owner": "emmanuelrosa",
"repo": "btc-clients-nix",
"type": "github"
}
},
"extra-container": {
"inputs": {
"flake-utils": [
"nix-bitcoin",
"flake-utils"
],
"nixpkgs": [
"nix-bitcoin",
"nixpkgs"
]
},
"locked": {
"lastModified": 1766155727,
"narHash": "sha256-XGp4HHH6D6ZKiO5RnMzqYJYnZB538EnEflvlTsOKpvo=",
"owner": "erikarvstedt",
"repo": "extra-container",
"rev": "b450bdb24fca1076973c852d87bcb49b8eb5fd49",
"type": "github"
},
"original": {
"owner": "erikarvstedt",
"ref": "0.14",
"repo": "extra-container",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nix-bitcoin": {
"inputs": {
"extra-container": "extra-container",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3",
"nixpkgs-25_05": "nixpkgs-25_05",
"nixpkgs-unstable": "nixpkgs-unstable"
},
"locked": {
"lastModified": 1767721199,
"narHash": "sha256-UzRxDiJlopBGPTjyhCdMP+QdTwXK+l+y45urXCyH69A=",
"owner": "fort-nix",
"repo": "nix-bitcoin",
"rev": "5b532698ce9e8bd79b07d77ab4fc60e1a8408f73",
"type": "github"
},
"original": {
"owner": "fort-nix",
"ref": "release",
"repo": "nix-bitcoin",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-25_05": {
"locked": {
"lastModified": 1767051569,
"narHash": "sha256-0MnuWoN+n1UYaGBIpqpPs9I9ZHW4kynits4mrnh1Pk4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "40ee5e1944bebdd128f9fbada44faefddfde29bd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1751274312,
"narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1767364772,
"narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1764255304,
"narHash": "sha256-oQPux8afXmkbb88ceRtz1lgSGqL9auOgdYnBSqpVgSA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6e86c955fc372d12face4a9c0d932a6e0f7bff4d",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1767480499,
"narHash": "sha256-8IQQUorUGiSmFaPnLSo2+T+rjHtiNWc+OAzeHck7N48=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "30a3c519afcf3f99e2c6df3b359aec5692054d92",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1767767207,
"narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5912c1772a44e31bf1c63c0390b90501e5026886",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1767026758,
"narHash": "sha256-7fsac/f7nh/VaKJ/qm3I338+wAJa/3J57cOGpXi0Sbg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "346dd96ad74dc4457a9db9de4f4f57dab2e5731d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_5",
"systems": "systems_3"
},
"locked": {
"lastModified": 1767608728,
"narHash": "sha256-kmSJCTgrx+BxgqQOTPHAOkohvO+lbRsPWqu+PSPcz3I=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "851399eebd0fb383d2fd76269d859f16021dc7a8",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"oldNixpkgs": {
"locked": {
"lastModified": 1727619874,
"narHash": "sha256-a4Jcd+vjQAzF675/7B1LN3U2ay22jfDAVA8pOml5J/0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6710d0dd013f55809648dfb1265b8f85447d30a6",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "6710d0dd013f55809648dfb1265b8f85447d30a6",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"btc-clients": "btc-clients",
"nix-bitcoin": "nix-bitcoin",
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable",
"nixvim": "nixvim"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

66
modules/bitcoinecosystem.nix
View File

@@ -6,7 +6,7 @@
services.bitcoind = { services.bitcoind = {
enable = true; enable = true;
package = pkgs.stable.bitcoind-knots; package = config.nix-bitcoin.pkgs.bitcoind-knots;
dataDir = "/run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node"; dataDir = "/run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node";
txindex = true; txindex = true;
tor.proxy = true; tor.proxy = true;
@@ -32,27 +32,6 @@
}; };
## CLN
services.clightning = {
enable = true;
tor.proxy = true;
tor.enforce = true;
port = 9737;
};
nix-bitcoin.onionServices.clightning.public = true;
services.clightning.replication = {
enable = true;
local.directory = "/run/media/Second_Drive/BTCEcoandBackup/clightning_db_backup";
encrypt = false;
};
## LND ## LND
services.lnd = { services.lnd = {
@@ -60,24 +39,18 @@
tor.enforce = true; tor.enforce = true;
tor.proxy = true; tor.proxy = true;
extraConfig = '' extraConfig = ''
protocol.option-scid-alias=true protocol.option-scid-alias=true
''; '';
}; };
nix-bitcoin.onionServices.lnd.public = true; nix-bitcoin.onionServices.lnd.public = true;
services.lightning-loop = {
enable = true;
tor.enforce = true;
tor.proxy = true;
};
services.lightning-pool = { ## LNDconnect
services.lnd.lndconnect = {
enable = true; enable = true;
tor.enforce = true; onion = true;
tor.proxy = true;
}; };
@@ -89,42 +62,15 @@
port = 3050; port = 3050;
nightTheme = true; nightTheme = true;
nodes = { nodes = {
clightning = {
enable = true;
extraConfig = {
Settings = {
enableOffers = true;
};
};
};
lnd = { lnd = {
enable = true; enable = true;
loop = true;
}; };
reverseOrder = true;
}; };
}; };
## Lndconnect
services.lnd.lndconnect = { ## BTCpayserver
enable = true;
onion = true;
};
services.clightning.plugins.clnrest = {
enable = true;
lnconnect = {
enable = true;
onion = true;
};
};
## BTCpay Server
services.btcpayserver = { services.btcpayserver = {
enable = true; enable = true;

95
modules/bitcoinecosystem_1.nix Executable file
View File

@@ -0,0 +1,95 @@
{ config, pkgs, lib, ... }:
{
## Bitcoind
services.bitcoind = {
enable = true;
package = config.nix-bitcoin.pkgs.bitcoind-knots;
dataDir = "/run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node";
txindex = true;
tor.proxy = true;
disablewallet = true;
extraConfig = ''
peerbloomfilters=1
server=1
'';
};
nix-bitcoin.onionServices.bitcoind.enable = true;
nix-bitcoin.onionServices.electrs.enable = true;
nix-bitcoin.onionServices.rtl.enable = true;
## Electrs
services.electrs = {
enable = true;
tor.enforce = true;
dataDir = "/run/media/Second_Drive/BTCEcoandBackup/Electrs_Data";
};
## LND
services.lnd = {
enable = true;
tor.enforce = true;
tor.proxy = true;
extraConfig = ''
protocol.option-scid-alias=true
'';
};
nix-bitcoin.onionServices.lnd.public = true;
## LNDconnect
services.lnd.lndconnect = {
enable = true;
onion = true;
};
## RTL
services.rtl = {
enable = true;
tor.enforce = true;
port = 3050;
nightTheme = true;
nodes = {
lnd = {
enable = true;
};
};
};
## BTCpayserver
services.btcpayserver = {
enable = true;
};
services.btcpayserver.lightningBackend = "lnd";
## System
nix-bitcoin.generateSecrets = true;
nix-bitcoin.nodeinfo.enable = true;
nix-bitcoin.operator = {
enable = true;
name = "free";
};
nix-bitcoin.useVersionLockedPkgs = true;
}

1
modules/modules.nix
View File

@@ -10,7 +10,6 @@
./bitcoinecosystem.nix ./bitcoinecosystem.nix
./vaultwarden.nix ./vaultwarden.nix
./Sovran_SystemsOS_File_Fixes_And_New_Services.nix ./Sovran_SystemsOS_File_Fixes_And_New_Services.nix
./btcpayserver-fix.nix
]; ];
} }

15
modules/modules_1.nix Executable file
View File

@@ -0,0 +1,15 @@
{ config, pkgs, lib, ... }:
{
imports = [
./php.nix
./synapse.nix
./coturn.nix
./bitcoinecosystem.nix
./vaultwarden.nix
./Sovran_SystemsOS_File_Fixes_And_New_Services.nix
];
}

0
modules/php.nix Normal file → Executable file
View File