From b703e058e79a22f409c18d7cb51379fe59903263 Mon Sep 17 00:00:00 2001 From: naturallaw77 Date: Wed, 25 Mar 2026 14:16:05 -0500 Subject: [PATCH] updated readme --- README.md | 319 ++++++++++++++++++++---------------------------------- 1 file changed, 119 insertions(+), 200 deletions(-) diff --git a/README.md b/README.md index 1e3d482..244edee 100755 --- a/README.md +++ b/README.md @@ -11,242 +11,161 @@ # Sovran_SystemsOS -**Own Your Stack. Run Your World.** +**A declarative, self-hosted operating system built on NixOS.** --- -## 🌐 What is Sovran_SystemsOS? +## Overview -Sovran_SystemsOS is a **declarative, self-hosted operating system built on NixOS** that turns a single machine into your: +Sovran_SystemsOS is a fully integrated NixOS configuration that transforms a single machine into a personal cloud, communications hub, Bitcoin node, web server, and daily-use desktop β€” all managed declaratively. -* Personal cloud -* Private communications hub -* Bitcoin node -* Web server -* Daily desktop - -This isn’t just an OS config β€” it’s a **complete sovereign computing environment**. +Every service is pre-wired: reverse proxy routing, database initialization, firewall rules, and inter-service communication are handled out of the box. You activate what you need; the system does the rest. --- -## ⚑ Why It Matters +## Architecture -Most people rely on a patchwork of third-party services: +Sovran_SystemsOS is structured as a set of NixOS modules exposed via a flake. A remote machine consumes the flake and selectively enables features through a simple configuration interface. -* Cloud storage owned by corporations -* Messaging platforms that mine metadata -* Financial infrastructure you don’t control - -Sovran_SystemsOS flips that model. - -πŸ‘‰ You run the services. -πŸ‘‰ You own the data. -πŸ‘‰ You control the system. - ---- - -## πŸš€ What You’re Actually Getting - -This system doesn’t just install apps β€” it **assembles an ecosystem**. - -### πŸ–₯ A Unified Desktop + Server - -* Full GNOME desktop -* Ready for daily use *and* backend services -* Remote access capabilities - ---- - -### 🌍 A Real Web Stack (Out of the Box) - -* Caddy web server with automatic HTTPS -* Reverse proxy routing already wired -* Multi-service hosting under your domains - ---- - -### ☁️ Your Own Cloud Platform - -* Nextcloud β†’ file storage, sync, collaboration -* WordPress β†’ publish and host content -* Vaultwarden β†’ secure password management - ---- - -### πŸ’¬ Private Communication Layer - -* Matrix Synapse β†’ decentralized messaging backend -* Element support β†’ modern chat + collaboration -* Optional voice/video infrastructure - ---- - -### β‚Ώ Sovereign Financial Stack - -* Run your own Bitcoin node -* BTCPay Server for payments -* Optional mempool explorer - -No intermediaries. No permissions. - ---- - -### πŸ” Built-In Security Posture - -* Hardened SSH (no password logins) -* Fail2ban active by default -* Tor integration available -* Encrypted secrets via Agenix - ---- - -### πŸ’Ύ Reliability Without Babysitting - -* Automated backups (rsnapshot) -* Cron jobs for maintenance -* Database initialization included - ---- - -## 🧠 What Makes It Stand Out - -### 1. **This Is Not a β€œToolkit” β€” It’s a System** - -Most projects give you pieces. - -Sovran_SystemsOS gives you a **pre-integrated stack** where: - -* Services already talk to each other -* Reverse proxy is configured -* Databases are initialized -* Ports and firewall rules are handled - -You’re not assembling β€” you’re **activating**. - ---- - -### 2. **Feature Toggles = Power Without Bloat** - -Turn features on or off like switches: - -```nix id="z91x8a" -sovran_systemsOS.features.mempool = true; -sovran_systemsOS.features.haven = true; +``` +Remote Machine (flake.nix) + └── Sovran_SystemsOS flake (nixosModules.Sovran_SystemsOS) + β”œβ”€β”€ configuration.nix/ # Base system + β”‚ β”œβ”€β”€ Gnome Desktop # Gnome Desktop Interface + β”‚ β”œβ”€β”€ caddy # Reverse proxy + HTTPS + β”‚ β”œβ”€β”€ nextcloud # Cloud storage + β”‚ β”œβ”€β”€ wordpress # CMS / publishing + β”‚ β”œβ”€β”€ element # Matrix Synapse via Element Messaging App + β”œβ”€β”€ modules/ + β”‚ β”œβ”€β”€ bitcoinecosystem.nix # Bitcoin Core / Knots / BTCPay Server / Bitcoin Lightning + β”‚ β”œβ”€β”€ bip110.nix # Bip110 Node Consensus Policy + β”‚ β”œβ”€β”€ element-calling.nix # Matrix Synapse via Element + Element Voice and Video Calling + β”‚ β”œβ”€β”€ haven.nix # Nostr relay + β”‚ β”œβ”€β”€ mempool.nix # Mempool explorer + β”‚ β”œβ”€β”€ rdp.nix # Remote desktop (RDP) + β”‚ β”œβ”€β”€ vaultwarden.nix # Password management + β”‚ └── ... + β”œβ”€β”€ nix-bitcoin integration + β”œβ”€β”€ agenix (secrets management) + └── nixvim ``` -No unnecessary services. No wasted resources. +## Features ---- +### Feature Toggles -### 3. **Reproducibility = Control** +Every major service is gated behind a feature flag. Enable only what you need: -Your entire system is code: - -* Rebuild anytime -* Move to new hardware -* Roll back instantly - -This is infrastructure you can trust because you can **recreate it exactly**. - ---- - -### 4. **Automation Where It Counts** - -A huge amount is handled for you: - -* Service wiring -* Reverse proxy setup -* Scheduled jobs -* Base security - -But unlike β€œblack box” systems, you still retain **full visibility and control**. - ---- - -## ⚠️ Honest Reality (No Hype) - -This system **does not eliminate effort**. - -You will still need to: - -* Configure DNS and domains -* Manage secrets (Agenix) -* Understand your enabled services -* Perform initial setup steps - -But here’s the difference: - -πŸ‘‰ You’re not starting from scratch -πŸ‘‰ You’re not duct-taping services together -πŸ‘‰ You’re not fighting your system - -You’re building on a **solid, opinionated foundation** - ---- - -## πŸ”Œ Expand As You Grow - -Enable advanced features anytime: - -```nix id="0p9k21" -sovran_systemsOS.features.bitcoin-core = true; -sovran_systemsOS.features.bip110 = true; -sovran_systemsOS.features.mempool = true; -sovran_systemsOS.features.rdp = true; +```nix +# custom.nix +{ lib, ... }: +{ + sovran_systemsOS.features = { + bitcoin-core = lib.mkForce true; + bip110 = lib.mkForce true; + element-calling = lib.mkForce true; + haven = lib.mkForce true; + mempool = lib.mkForce true; + rdp = lib.mkForce true; + }; +} ``` -Available add-ons include: - -* Bitcoin Core / Knots switching -* BIP-110 (enhanced Bitcoin consensus policy) -* Mempool explorer -* Nostr relay (Haven) -* Element voice/video backend -* Remote desktop +No unnecessary services run. No wasted resources. --- -## πŸ›  Installation +### Service Stack -Full guide: - -πŸ‘‰ https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/src/branch/main/DIY%20Install%20Sovran_SystemsOS.md +| Category | Service | Description | +|---|---|---| +| **Web** | Caddy | Automatic HTTPS, reverse proxy for all services | +| **Cloud** | Nextcloud | File storage, sync, and collaboration | +| **CMS** | WordPress | Self-hosted publishing and content management | +| **Passwords** | Vaultwarden | Bitwarden-compatible password vault | +| **Messaging** | Element/Matrix Synapse | Federated, decentralized messaging backend | +| **Video/Voice Calling** | Element Video and Voice Calling | Decentralized Voice Over IP for Matrix with optional TURN/STUN | +| **Bitcoin** | Bitcoin Core / Knots | Full node with optional BIP-110 consensus policy | +| **Bitcoin Lightning** | LND Full node connected over TOR | +| **Payments** | BTCPay Server | Self-hosted Bitcoin payment processor | +| **Explorer** | Mempool | Bitcoin mempool visualizer and block explorer | +| **Nostr** | Haven | Nostr relay server | +| **Remote Access** | GNOME Remote Desktop | RDP access with auto-generated TLS and credentials | --- -## πŸ’¬ Community +### Security -* General Chat: - https://matrix.to/#/#sovran-systems:anarchyislove.xyz +- **SSH hardened** β€” password authentication disabled by default +- **Fail2ban** β€” active on all exposed services +- **Agenix** β€” encrypted secrets management integrated into the flake +- **Tor** β€” optional integration available +- **Firewall** β€” ports managed per-module; only enabled services are exposed -* DIY Support: - https://matrix.to/#/#DIY_Sovran_SystemsOS:anarchyislove.xyz +### Reliability + +- **Automated backups** via rsnapshot +- **Scheduled maintenance** via systemd timers +- **Database initialization** handled declaratively +- **Reproducible builds** β€” the entire system is defined in code and can be rebuilt or migrated to new hardware at any time --- -## 🧭 Who This Is For +## Installation -Sovran_SystemsOS is for people who want to: +### Full Guide -* Move off Big Tech platforms -* Run their own infrastructure -* Understand and control their system -* Build a sovereign digital life +πŸ‘‰ [DIY Install Sovran_SystemsOS](https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/src/branch/main/DIY%20Install%20Sovran_SystemsOS.md) --- -## 🧭 Final Thought +## Requirements -You can keep renting your digital life… - -Or you can start owning it. - -Sovran_SystemsOS doesn’t promise magic. -It gives you something more valuable: - -πŸ‘‰ **A system you control, understand, and can rebuild at will.** +| Resource | Minimum | Recommended | +|---|---|---| +| CPU | 4 cores | 8+ cores | +| RAM | 16 GB | 32+ GB | +| Storage | 512 GB SSD + 4 TB SSD | 2GB SSD + 4+ TB SSD (Bitcoin node requires significant disk) | +| Network | Stable broadband | Static IP or DDNS for public-facing services | --- -**All Is Love. Fear Is Illusion. All Beings Are Free. Truth Can Never Be Destroyed.** +## Contributing + +Contributions are welcome. If you want to add a module, fix a bug, or improve documentation: + +1. Fork the repository +2. Create a feature branch +3. Submit a pull request with a clear description of the change + +Please keep modules self-contained and gated behind a feature flag. + +--- + +## Community + +| Channel | Link | +|---|---| +| General Chat | [#sovran-systems:anarchyislove.xyz](https://matrix.to/#/#sovran-systems:anarchyislove.xyz) | +| DIY Support | [#DIY_Sovran_SystemsOS:anarchyislove.xyz](https://matrix.to/#/#DIY_Sovran_SystemsOS:anarchyislove.xyz) | + +--- + +## License + +See [LICENSE](LICENSE) for details. + +--- + +## Project Philosophy + +Sovran_SystemsOS exists to provide a complete, self-hosted infrastructure stack that eliminates dependency on third-party platforms. It is opinionated by design β€” services are pre-integrated so you spend time using your system, not assembling it. + +This is not a toolkit. It is a working system. + +You retain full visibility into every module, every service definition, and every configuration choice. Nothing is hidden. Everything is reproducible. + +--- + +**Own your stack. Run your world.**