Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

updated pdf creator and overall theme

Browse Source
This commit is contained in:
naturallaw77
2026-03-29 00:33:21 -05:00
parent 76605b161d
commit d4ca1b54e5
9 changed files with 565 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
modules/core/sovran_systemsos-desktop.nix Normal file
View File

@@ -0,0 +1,156 @@
{ config, pkgs, lib, ... }:
let
customWallpaper = pkgs.stdenvNoCC.mkDerivation {
pname = "sovran-systemsos-wallpaper";
version = "1.0";
src = pkgs.fetchurl {
url = "https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS_iso/raw/branch/main/post-install-scripts/Wallpaper_Dark_Wide.png";
sha256 = "0609gy0vp92fywl7pcr4y3mg05ca6pwxsnlsax14jd371fj4y7fn"; # Make sure this hash is correct!
};
dontUnpack = true;
installPhase = ''
mkdir -p $out/share/backgrounds/sovran
cp $src $out/share/backgrounds/sovran/Wallpaper_Dark_Wide.png
'';
};
in
{
# 1. Install the wallpaper package
environment.systemPackages = [ customWallpaper ];
# 2. Enable dconf
programs.dconf.enable = true;
# 3. Apply system-wide default GNOME settings
programs.dconf.profiles.user.databases = [{
settings = with lib.gvariant; {
"org/gnome/desktop/background" = {
picture-uri = "file:///run/current-system/sw/share/backgrounds/sovran/Wallpaper_Dark_Wide.png";
picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/sovran/Wallpaper_Dark_Wide.png";
picture-options = "zoom";
primary-color = "#000000";
secondary-color = "#000000";
};
"org/gnome/desktop/input-sources" = {
sources = [ (mkTuple [ "xkb" "us" ]) ];
xkb-options = [ ];
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
enable-animations = true;
icon-theme = "Papirus-Dark";
};
"org/gnome/evolution-data-server" = {
migrated = true;
};
"org/gnome/mutter" = {
edge-tiling = false;
};
"org/gnome/nautilus/icon-view" = {
default-zoom-level = "large";
};
"org/gnome/nautilus/preferences" = {
default-folder-viewer = "icon-view";
migrated-gtk-settings = true;
search-filter-time-type = "last_modified";
};
"org/gnome/shell" = {
disabled-extensions = [ "just-perfection-desktop@just-perfection" ];
enabled-extensions = [
"appindicatorsupport@rgcjonas.gmail.com"
"dash-to-dock-cosmic-@halfmexicanhalfamazing@gmail.com"
"Vitals@CoreCoding.com"
"dash-to-dock@micxgx.gmail.com"
"pop-shell@system76.com"
"date-menu-formatter@marcinjakubowski.github.com"
"systemd-manager@hardpixel.eu"
"light-style@gnome-shell-extensions.gcampax.github.com"
];
favorite-apps = [
"brave-browser.desktop"
"org.gnome.Settings.desktop"
"org.gnome.Nautilus.desktop"
"Sovran_SystemsOS_Updater.desktop"
"org.gnome.Software.desktop"
"org.gnome.Geary.desktop"
"org.gnome.Contacts.desktop"
"org.gnome.Calendar.desktop"
"sparrow-desktop.desktop"
"Bisq.desktop"
"bisq2.desktop"
];
welcome-dialog-last-shown-version = "48.4";
};
"org/gnome/shell/extensions/dash-to-dock" = {
background-color = "rgb(0,0,0)";
background-opacity = 0.5;
custom-background-color = true;
dash-max-icon-size = 47;
dock-position = "BOTTOM";
height-fraction = 0.9;
preferred-monitor = -2;
preferred-monitor-by-connector = "Virtual-1";
show-trash = false;
transparency-mode = "FIXED";
};
"org/gnome/shell/extensions/date-menu-formatter" = {
font-size = 12;
pattern = "EEEE, MMM d h:mm a";
text-align = "center";
update-level = 1;
};
"org/gnome/shell/extensions/just-perfection" = {
support-notifier-showed-version = 34;
support-notifier-type = 0;
};
"org/gnome/shell/extensions/pop-shell" = {
tile-by-default = true;
};
"org/gnome/shell/extensions/systemd-manager" = {
command-method = "systemctl";
systemd = [
"{\"name\":\"Bitcoind\",\"service\":\"bitcoind.service\",\"type\":\"system\"}"
"{\"name\":\"Electrs\",\"service\":\"electrs.service\",\"type\":\"system\"}"
"{\"name\":\"CLN\",\"service\":\"clightning.service\",\"type\":\"system\"}"
"{\"name\":\"LND\",\"service\":\"lnd.service\",\"type\":\"system\"}"
"{\"name\":\"Ride The Lightning\",\"service\":\"rtl.service\",\"type\":\"system\"}"
"{\"name\":\"BTCPayserver\",\"service\":\"btcpayserver.service\",\"type\":\"system\"}"
"{\"name\":\"Matrix-Synapse\",\"service\":\"matrix-synapse.service\",\"type\":\"system\"}"
"{\"name\":\"Coturn\",\"service\":\"coturn.service\",\"type\":\"system\"}"
"{\"name\":\"VaultWarden\",\"service\":\"vaultwarden.service\",\"type\":\"system\"}"
"{\"name\":\"Caddy\",\"service\":\"caddy.service\",\"type\":\"system\"}"
"{\"name\":\"Tor\",\"service\":\"tor.service\",\"type\":\"system\"}"
];
};
"org/gnome/shell/extensions/vitals" = {
hot-sensors = [
"_storage_free_"
"_processor_usage_"
"_memory_usage_"
];
};
"org/gnome/software" = {
first-run = false;
};
"org/gtk/gtk4/settings/color-chooser" = {
selected-color = mkTuple [ true 0.0 0.0 0.0 1.0 ];
};
};
}];
}

234
modules/credentials-pdf.nix Normal file
View File

@@ -0,0 +1,234 @@
{ config, pkgs, lib, ... }:
{
# ── 1. Auto-Generate Root Password (Runs once) ─────────────
systemd.services.root-password-setup = {
description = "Generate and set a random root password";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
path = [ pkgs.pwgen pkgs.shadow pkgs.coreutils ];
script = ''
set -euo pipefail
SECRET_FILE="/var/lib/secrets/root-password"
if [ ! -f "$SECRET_FILE" ]; then
mkdir -p /var/lib/secrets
ROOT_PASS=$(pwgen -s 20 1)
# Apply the password to the root user
echo "root:$ROOT_PASS" | chpasswd
# Save it for the PDF generator to read
echo "$ROOT_PASS" > "$SECRET_FILE"
chmod 600 "$SECRET_FILE"
fi
'';
};
# ── 2. The Path Watcher (The Magic Trigger!) ───────────────
# This tells NixOS: "If any files inside these folders change,
# instantly run the generate-credentials-pdf service."
systemd.paths.generate-credentials-pdf-trigger = {
description = "Watch for new secret files to regenerate Magic Keys PDF";
wantedBy = [ "multi-user.target" ];
pathConfig = {
# Watch these directories for new passwords
PathChanged = [
"/var/lib/secrets"
"/var/lib/gnome-remote-desktop"
"/var/lib/domains"
"/etc/nix-bitcoin-secrets"
];
# Watch for these specific Tor links to be generated
PathExists = [
"/var/lib/tor/onion/rtl/hostname"
"/var/lib/tor/onion/electrs/hostname"
"/var/lib/tor/onion/bitcoind/hostname"
];
Unit = "generate-credentials-pdf.service";
};
};
# ── 3. Generate the Magic Keys PDF ─────────────────────────
systemd.services.generate-credentials-pdf = {
description = "Generate Magic Keys PDF for Sovran_SystemsOS";
# We remove RemainAfterExit so this service can be triggered over and over again!
serviceConfig = {
Type = "oneshot";
};
path = [ pkgs.pandoc pkgs.typst pkgs.coreutils ];
script = ''
set -euo pipefail
# Give it a tiny delay so multiple files being created at once don't trigger it 10 times in a row
sleep 3
DOC_DIR="/home/free/Documents"
mkdir -p "$DOC_DIR"
FILE="/tmp/magic_keys.md"
ROOT_PASS="Generating..."
if [ -f "/var/lib/secrets/root-password" ]; then
ROOT_PASS=$(cat /var/lib/secrets/root-password)
fi
cat << 'EOF' > "$FILE"
# Your Sovran SystemsOS Magic Keys! 🗝
Welcome to your new computer! We have built a lot of cool secret forts (services) for you. To get into your forts, you need your magic keys (passwords).
Here are all of your keys in one place. **Keep this document safe and do not share it with strangers!**
## 🖥 Your Computer
These are the master keys to the actual machine.
### 1. Main Screen Unlock (The 'free' account)
When you turn the computer on, it usually logs you in automatically. However, if the screen goes to sleep, or **if you enable Remote Desktop (RDP)**, you will need this to log in:
- **Username:** `free`
- **Password:** `free`
🚨 **VERY IMPORTANT:** You MUST write this password down and keep it safe! If you lose it, you will be locked out of your computer!
EOF
cat << EOF >> "$FILE"
### 2. The Big Boss (Root)
Sometimes a pop-up box might ask for an Administrator (Root) password to change a setting. We created a super-secret password just for this!
- **Root Password:** \`$ROOT_PASS\`
EOF
cat << 'EOF' >> "$FILE"
### 3. The Hacker Terminal (`ssh root@localhost`)
Because your main account is so safe, you cannot just type normal commands to become the boss. If you open a black terminal box and want to make big changes, you must use your special factory key!
Type this exact command into the terminal:
`ssh root@localhost`
When it asks for a passphrase, type:
- **Terminal Password:** `gosovransystems`
---
EOF
# --- BITCOIN ECOSYSTEM ---
if [ -f "/etc/nix-bitcoin-secrets/rtl-password" ] || [ -f "/var/lib/tor/onion/rtl/hostname" ]; then
echo "## Your Bitcoin & Lightning Node" >> "$FILE"
echo "Your computer is a real Bitcoin node! It talks to the network secretly using Tor. Here is how to connect your wallet apps to it:" >> "$FILE"
RTL_ONION="Not generated yet"
if [ -f "/var/lib/tor/onion/rtl/hostname" ]; then
RTL_ONION=$(cat /var/lib/tor/onion/rtl/hostname)
fi
RTL_PASS="Not found"
if [ -f "/etc/nix-bitcoin-secrets/rtl-password" ]; then
RTL_PASS=$(cat /etc/nix-bitcoin-secrets/rtl-password)
fi
ELECTRS_ONION="Not generated yet"
if [ -f "/var/lib/tor/onion/electrs/hostname" ]; then
ELECTRS_ONION=$(cat /var/lib/tor/onion/electrs/hostname)
fi
BITCOIN_ONION="Not generated yet"
if [ -f "/var/lib/tor/onion/bitcoind/hostname" ]; then
BITCOIN_ONION=$(cat /var/lib/tor/onion/bitcoind/hostname)
fi
cat << BITCOIN >> "$FILE"
### 1. Ride The Lightning (RTL)
*This is the control panel for your Lightning Node.*
Open the **Tor Browser** and go to this website. Use this password to log in:
- **Website:** \`http://$RTL_ONION\`
- **Password:** \`$RTL_PASS\`
### 2. Electrs (Your Private Bank Teller)
*If you use a wallet app on your phone or computer (like Sparrow or BlueWallet), tell it to connect here so nobody can spy on your money!*
- **Tor Address:** \`$ELECTRS_ONION\`
- **Port:** \`50001\`
### 3. Bitcoin Core
*This is the heartbeat of your node. It uses this address to talk to other Bitcoiners securely.*
- **Tor Address:** \`$BITCOIN_ONION\`
---
BITCOIN
fi
# --- MATRIX / ELEMENT ---
if [ -f "/var/lib/secrets/matrix-users" ]; then
echo "## 💬 Your Private Chat (Matrix / Element)" >> "$FILE"
echo "This is your very own private messaging app! We created an Admin account for you, and a Test account you can give to a friend to try it out. Log in using an app like Element with these details:" >> "$FILE"
echo '```text' >> "$FILE"
cat /var/lib/secrets/matrix-users >> "$FILE"
echo '```' >> "$FILE"
echo "---" >> "$FILE"
fi
# --- GNOME RDP ---
if [ -f "/var/lib/gnome-remote-desktop/rdp-credentials" ]; then
echo "## 🌎 Connect from Far Away (Remote Desktop)" >> "$FILE"
echo "This lets you control your computer screen from another device! Open your Remote Desktop app and type in these keys:" >> "$FILE"
echo '```text' >> "$FILE"
cat /var/lib/gnome-remote-desktop/rdp-credentials >> "$FILE"
echo '```' >> "$FILE"
echo "---" >> "$FILE"
fi
# --- NEXTCLOUD ---
if [ -f "/var/lib/secrets/nextcloud-admin" ]; then
echo "## Your Personal Cloud (Nextcloud)" >> "$FILE"
echo "This is like your own private Google Drive! You can save photos and files here. Go to the URL below and use these keys:" >> "$FILE"
echo '```text' >> "$FILE"
cat /var/lib/secrets/nextcloud-admin >> "$FILE"
echo '```' >> "$FILE"
echo "---" >> "$FILE"
fi
# --- WORDPRESS ---
if [ -f "/var/lib/secrets/wordpress-admin" ]; then
echo "## 📝 Your Website (WordPress)" >> "$FILE"
echo "This is your very own website where you can write blogs or make pages. Go to the URL below to log in:" >> "$FILE"
echo '```text' >> "$FILE"
cat /var/lib/secrets/wordpress-admin >> "$FILE"
echo '```' >> "$FILE"
echo "---" >> "$FILE"
fi
# --- VAULTWARDEN ---
if [ -f "/var/lib/domains/vaultwarden" ]; then
DOMAIN=$(cat /var/lib/domains/vaultwarden)
echo "## 🔐 Your Password Manager (Vaultwarden)" >> "$FILE"
echo "This keeps all your other passwords safe! Go to this website to use it:" >> "$FILE"
echo "- **Website:** https://$DOMAIN" >> "$FILE"
echo "*(Note: You get to make up your own Master Password the very first time you visit this website!)*" >> "$FILE"
echo "---" >> "$FILE"
fi
# --- BTCPAY SERVER ---
if [ -f "/var/lib/domains/btcpayserver" ]; then
DOMAIN=$(cat /var/lib/domains/btcpayserver)
echo "## Your Bitcoin Store (BTCPay Server)" >> "$FILE"
echo "This lets you accept Bitcoin like a real shop! Go to this website to set it up:" >> "$FILE"
echo "- **Website:** https://$DOMAIN" >> "$FILE"
echo "*(Note: You get to make up your own Admin Password the very first time you visit this website!)*" >> "$FILE"
echo "---" >> "$FILE"
fi
# Convert the Markdown text into a beautiful PDF!
pandoc "$FILE" -o "$DOC_DIR/Sovran_SystemsOS_Magic_Keys.pdf" --pdf-engine=typst
# Make sure the 'free' user owns the file so they can open it
chown -R free:users "$DOC_DIR"
# Secure the markdown file
chmod 600 "$FILE"
'';
};
}

2
modules/modules.nix
View File

@@ -9,10 +9,12 @@
./core/njalla.nix
./core/ssh-bootstrap.nix
./core/sovran-manage-domains.nix
./core/sovran_systemsos-desktop.nix
# ── Always on (no flag) ───────────────────────────────────
./php.nix
./Sovran_SystemsOS_File_Fixes_And_New_Services.nix
./credentials-pdf.nix
# ── Services (default ON — disable in custom.nix) ─────────
./synapse.nix

66
modules/synapse.nix
View File

@@ -139,6 +139,72 @@ EOF
systemd.services.matrix-synapse.after = [ "matrix-synapse-secret-init.service" ];
systemd.services.matrix-synapse.wants = [ "matrix-synapse-secret-init.service" ];
# ── Auto-generate Admin and Test users ──────────────────────
systemd.services.matrix-synapse-create-users = {
description = "Create Admin and Test users for Matrix Synapse";
wantedBy = [ "multi-user.target" ];
after = [ "matrix-synapse.service" ];
requires = [ "matrix-synapse.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
path = [ pkgs.pwgen pkgs.matrix-synapse pkgs.curl pkgs.coreutils pkgs.jq ];
script = ''
set -euo pipefail
# Wait for Synapse to be fully responsive
for i in {1..30}; do
if curl -s http://localhost:8008/_matrix/client/versions > /dev/null; then
break
fi
sleep 2
done
DOMAIN=$(cat /var/lib/domains/matrix)
CREDS_FILE="/var/lib/secrets/matrix-users"
SECRET=$(cat /var/lib/matrix-synapse/registration-secret)
# Only run if we haven't already generated the file
if [ ! -f "$CREDS_FILE" ]; then
mkdir -p /var/lib/secrets
ADMIN_USER="admin"
ADMIN_PASS=$(pwgen -s 24 1)
TEST_USER="test"
TEST_PASS=$(pwgen -s 24 1)
# Create Admin user
register_new_matrix_user -c /run/matrix-synapse/runtime-config.yaml \
-u "$ADMIN_USER" -p "$ADMIN_PASS" -a -S "$SECRET" http://localhost:8008
# Create Test user (non-admin)
register_new_matrix_user -c /run/matrix-synapse/runtime-config.yaml \
-u "$TEST_USER" -p "$TEST_PASS" --no-admin -S "$SECRET" http://localhost:8008
# Save the credentials
cat > "$CREDS_FILE" << CREDS
Matrix (Element) Credentials
Homeserver URL: https://$DOMAIN
[ Admin Account ]
Username: @$ADMIN_USER:$DOMAIN
Password: $ADMIN_PASS
[ Test Account ]
Username: @$TEST_USER:$DOMAIN
Password: $TEST_PASS
CREDS
chmod 600 "$CREDS_FILE"
echo "Matrix users created successfully."
fi
'';
};
sovran_systemsOS.domainRequirements = [
{ name = "matrix"; label = "Matrix Synapse"; example = "matrix.yourdomain.com"; }