Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update readme #6

Merged
naturallaw777 merged 4 commits from staging-dev into stable 2026-05-23 14:18:59 -05:00
Conversation 0 Commits 4 Files Changed 3
+6 -6
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit aa69d40f08 - Show all commits
README.md
+6 -6
View File
@@ -1,6 +1,6 @@
<div align="center">
<img src="iso/assets/splash-logo.png" alt="Sovran Systems" width="320" />
<img src="iso/assets/sovran-hub-icon.svg" alt="Sovran Systems" width="160" />
# Sovran_SystemsOS — Internal Mirror
@@ -15,7 +15,7 @@ Canonical source lives on Gitea — this repo is for internal work only.
---
> **Heads up:** This repo is private. End users never see it. Public docs, build instructions, and marketing copy live on the website and on Gitea — do not duplicate them here. This README is for maintainers.
> **Heads up:** This repo is private. End users never see it. Public docs, build instructions, and marketing copy live on the website and on Gitea — do not duplicate them here. This README is for internal contributors.
## Table of Contents
@@ -33,9 +33,9 @@ Canonical source lives on Gitea — this repo is for internal work only.
## What This Repo Is
Sovran_SystemsOS is defined entirely as a **Nix flake** (`flake.nix`) and built from source. There is no pre-built binary — the System Installer is produced from this tree. Everything the system runs is traceable to a `.nix` file in this repo, pinned by `flake.lock`.
Sovran_SystemsOS is defined entirely as a **Nix flake** (`flake.nix`) and built from source. There is no pre-built binary — the System Installer is produced from this tree. Everything the system does is declared here.
The control center is the **Hub** — a built-in panel that lets the operator launch, monitor, and toggle services without touching a terminal. Under the hood, the Hub writes to `custom.nix`, which is just a normal Nix module.
The control center is the **Hub** — a built-in panel that lets the operator launch, monitor, and toggle services without touching a terminal. Under the hood, the Hub writes to `custom.nix`, which feeds back into the flake.
## Architecture
@@ -90,7 +90,7 @@ Defaults follow the import order in `modules/modules.nix`. Toggles live in `cust
| `rdp.nix` | off | xrdp remote desktop |
| `sshd.nix` | off | Public-facing OpenSSH |
> Tor is wired directly into the Bitcoin stack. In `modules/bitcoinecosystem.nix`, `bitcoind`, `electrs`, and `lnd` all set `tor.enforce = true` and `tor.proxy = true`, and onion services are exposed for `bitcoind`, `electrs`, `lnd`, and `rtl` via `nix-bitcoin.onionServices.*`.
> Tor is wired directly into the Bitcoin stack. In `modules/bitcoinecosystem.nix`, `bitcoind`, `electrs`, and `lnd` all set `tor.enforce = true` and `tor.proxy = true`, and onion services are exposed for them.
## The Three Modes (internal reference)
@@ -131,7 +131,7 @@ Internal commands. Run from the flake root.
Facts about the defaults, straight from `configuration.nix` and the modules:
- **Reproducible builds.** Every artifact derives from `flake.lock`. The same commit produces the same OS.
- **Bitcoin stack over Tor.** In `modules/bitcoinecosystem.nix`, `bitcoind`, `electrs`, and `lnd` all set `tor.enforce = true`, and onion services are exposed for `bitcoind`, `electrs`, `lnd`, and `rtl`.
- **Bitcoin stack over Tor.** In `modules/bitcoinecosystem.nix`, `bitcoind`, `electrs`, and `lnd` all set `tor.enforce = true`, and onion services are exposed for `bitcoind`, `electrs`, `lnd`, and friends.
- **Firewall on, public sshd off, RDP off, auto-login off.**
- **EFI** is mounted with `umask=0077`.
- **Kernel surface trimmed.** `boot.blacklistedKernelModules = [ "rxrpc" ];`