diff --git a/DIY Install Sovran_SystemsOS.md b/DIY Install Sovran_SystemsOS.md new file mode 100755 index 0000000..958dd70 --- /dev/null +++ b/DIY Install Sovran_SystemsOS.md @@ -0,0 +1,251 @@ +# Sovran Systems offers limited support of a DIY install of Sovran_SystemsOS. You can reach out to others in the matrix room https://matrix.to/#/#DIY_Sovran_SystemsOS:anarchyislove.xyz. + +# These instructions will change over time due to new software development and Sovran Systems creator finding more efficient ways to install Sovran_SystemsOS. 9-12-2024 + +# Also, to fully complete the install, the Bitcoin blockchain will have to download. This could take up to 3 weeks. + +# Lastly, if you gift to the computer movement to receive a Sovran Pro, you do not have to do any of this. It is all done for you. On top of that, the Bitcoin blockchain is already installed. 😉 + +### Requirements + +1. First computer with Linux OS already installed (like NixOS, Ubuntu, Arch, etc.) to download and burn the NixOS image to a USB thumb drive. +2. USB thumb drive 16GB or larger +3. Second computer that is ready to have Sovran_SystemsOS installed (Safe Boot turned off in the UEFI[BIOS] and be prepared for the entire storage drive to be ERASED!). +4. Second computer needs the following hardware specs: + +- Intel or AMD processor (NO ARM processors) +- 32GB of RAM or Larger +- First main NVME internal drive to install Sovran_SystemsOS (500GB or larger) +- Second NVME internal drive to store the Bitcoin blockchain and the automatic backups (NVME 4TB or larger) +- Also, the second NVME internal drive needs to be installed FIRST into a USB enclosure. You will need a NVME USB enclosure. The USB enclosure will be plugged into the first Linux machine. + +5. Working Internet connection for both computers +6. Personalized Domain names already purchased from Njal.la. See the explanation here: https://sovransystems.com/how-to-setup/ +7. Your Router with ports open (Port Forwarding) to your second machine's internal IP address. This will usually be `192.168.1.(some number)` You will complete this at the end. + +- Port 80 +- Port 443 +- Port 22 +- Port 5349 +- Port 8448 + +## Preparing the Second Internal Drive + +1. Install the second NVME internal drive into the USB enclosure, NOT into the Second computer yet. +2. Plug in the USB enclosure into the first computer with Linux OS already installed into one of its available USB ports. +3. **Please Make Sure You Know The Existing Storage Names On This First Linux Computer. If You Run The Script Below And You Do Not Know What You Are Doing, You Could Potentially Erase Your First Linux Computer's Data. I Am Not Responsibly For Your Errors** +4. Open a terminal in the first Linux computer and log in as root. +5. Type in or copy and paste: + +```bash +wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/sdpsp.sh +``` + +then press enter. + +6. Now, type `bash sdpsp.sh` then press enter. +7. Then the screen will ask for "what block..." which will be the drive in the list that is not mounted, which will be the drive you just plugged in. It might be labeled `sda`, or `sdb` etc. Type in the drive name and press `enter`. +8. Then the screen will ask for "what partition...,"which will be whatever you typed into the first prompt, but with a "1" on it. For example, `sda1` or `sdb1`. Type it into the terminal and press `enter`. +9. Since the script is made to copy the blockchain from another Sovran Pro that already has the full blockchain installed it will throw an error. However, it should complete the setup just fine. +10. Once complete, remove the second drive from the USB enclosure and install it into your second computer in which you are installing Sovran_SystemsOS. + +## Preparing the First Main Internal Drive + +### Procedure One - Installing base NixOS + + 1. Still on the first computer with Linux OS already installed, download the latest NixOS minimal (64-bit Intel/AMD) image from here: https://nixos.org/download + 2. Burn that ISO image onto the USB thumb drive. + 3. Insert the newly created USB thumb drive with the ISO image into the second computer (the one you are installing Sovran_SystemsOS). + 4. Reboot the second computer while the USB thumb drive is inserted and boot into the USB thumb drive. This may require you to press the F7 or F12 key at boot. (Also, make sure the second computer has "safe boot" turned off in the UEFI[BIOS]). + 5. Proceed with the NixOS boot menu + 6. Once at the command prompt type in `sudo su` to move to the root user + 7. Once logged into the root user type in `passwd` then set the root user password to `a` + 8. Type in `ip a` to get your internal IP address. It will usually be `192.1681.1.(somenumber)` make a note of this IP as you will need it later. + 9. Now, that you are logged in as the root user type in or copy and paste: + + ```bash + curl https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/psp_physical_ram.sh -o psp_physical_ram.sh + ``` + + the command to install the base NixOS and press enter. +10. Now, type `bash psp_physical_ram.sh` then press enter. +11. The script will ask for name of first main internal drive. It usually will be `nvme0n1`. Basically, it will be the drive without any data and it will not be mounted per the list on the screen. Type in the name and press enter on the keyboard. +12. Then the script will ask for the 'Boot' partition. It will be the SMALLER partition and usually named `nvme0n1p1`. Type in the name and press enter on the keyboard. +13. Then it will ask for the 'Primary' partition. It will be the LARGER partition usually named `nvme0n1p2`. Type in the name and press enter on the keyboard. +14. The script will finish installing the base NixOS. At the end it will ask for a root password. Type `a` and press enter and type `a` again to confirm and press enter. +15. The machine will reboot into a very basic install of NixOS command prompt. +16. Remove the USB thumb drive from the second computer. + + +### Procedure Two - Opening The Ports on Your Router - Internal IP + +1. Go to port forwarding on your router and open the above mentioned ports to the internal IP (the one you found above) of your new Sovran_SystemsOS machine + + +### Procedure Three - Installing Sovran_SystemsOS + + +1. Now at the basic install of NixOS from Procedure One, type `root` to log into root and type the password `a` when asked then press enter. +2. Now you are logged in as `root`. +3. Now type in or copy and paste: + + ```bash + wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/sp.sh + ``` + + then press enter. +4. Type in `bash sp.sh` then press enter. +5. Next the script will ask for your domain names from Njal.la. Type them in the corresponding prompts and then press enter for each prompt. +6. Then it will ask for an email for the SSL certificates. Type it in and press enter. +7. The script is long so it will take some time. +8. It will finish by stating `All Finished! Please Reboot then Enjoy your New Sovran Pro!` +9. Press the power button on the machine for it to turn off THEN press it again to power the machine + +## Finishing the Install + + +### Putting the External IP of your New DIY Sovran Pro into your new domain names you just bought at [njal.la](https://njal.la) + +1. On your New DIY Sovran Pro, log into your [njal.la](https://njal.la) account +2. Make a "dynamic" record for each subdomain +3. Njal.la will now display a `curl` command for each sub-domain. +4. Open the `Terminal` on your New DIY Sovran Pro and type in or copy and paste: + + ```bash + ssh root@localhost + ``` + It will as you for a password which is `gosovransystems` as this is the default temporary password from Sovran Systems. + + Now you will be logged in as root. + +5. Now type: + + `nano /var/lib/njalla/njalla.sh` + + and press enter. + + +3. Paste the `curl` commands from njal.la's website for each sub-domain. Each `curl` command gets a new line. For example: + + ```bash + ... + curl "https://njal.la/update/?h=test.testsovransystems.com&k=8n7vk3afj-jkyg37&a=${IP}" + curl "https://njal.la/update/?h=zap.testsovransystems.com&k=8no*73afj-jkygi2ea=${IP}" + ... + + ``` + ##### Make sure the default `&auto` from njal.la is replaced by `&a=${IP}` at the end of each `curl` command in the `/var/lib/njalla/njalla.sh` as in the example above. + +7. After you have added all the sub-domins into `/var/lib/njalla/njalla.sh`, press `ctrl + s` then press `ctrl + x` to save and exit `nano`. + +8. Close the `Terminal`. + +### Setting the Desktop + +1. Open the `Terminal` again and type in: `dconf load / < /home/free/Downloads/Sovran_SystemsOS-Desktop`. Do NOT log in as root. + +2. Close the `Terminal`. + +### Setting Up Nextcloud and Wordpress + +#### Nextcloud + +1. Open a web browser and navigate to your domain name you bought from [njal.la](https://njal.la) for example "cloud.myfreedomsite.com" you attributed to your Nextcloud instance. +2. Nextcloud will as you to set up a new account to be used as a log in. Do so. +3. Nextcloud will also ask you where you want the data directory. Type in `/var/lib/nextcloud/data` +4. Nextcloud will ask you to connect the database: + 1. Choose `Postgresql` from the optoins. + 2. Database username is `ncusr` + 3. Database name is `nextclouddb` + 4. Database password is found by doing this: + 1. Open the `Terminal` again, then type in or copy and paste: + + ```bash + ssh root@localhost + ``` + Now you will be logged in as root. + + 2. Now type: + + `cat /var/lib/secrets/nextclouddb` + + and press enter. + + 3. Your database password will be displayed in the `Terminal` window. + 4. Type that into the password field + +5. Now, press `Install` on the Nextcloud website and Nextcloud will be installed. It will take a few minutes. Follow the on screen prompts. + +#### Wordpress + +1. Open a web browser and navigate to your domain name you bought from [njal.la](https://njal.la) for example "myfreedomsite.com" you attributed to your Wordpress instance. +2. Wordpress will ask you to connect the database: + 1. Database username is `wpusr` + 2. Database name is `wordpressdb` + 4. Database password is found by doing this: + 1. Open the `Terminal` again, then type in or copy and paste: + + ```bash + ssh root@localhost + ``` + Now you will be logged in as root. + + 2. Now type: + + `cat /var/lib/secrets/wordpressdb` + + and press enter. + + 3. Your database password will be displayed in the `Terminal` window. + 4. Type that into the password field + +5. Now, press `Install` on the Wordpress website and Wordpress will be installed. It will take a few minutes. Follow the on screen prompts. + +### Final Install for Coturn, Flatpak, and Nextcloud + +1. Staying in the `Terminal` type in or copy and paste: + + ```bash + sed -i '$e cat /var/lib/nextcloudaddition/nextcloudaddition' /var/lib/www/nextcloud/config/config.php + + chown caddy:php /var/lib/www -R + + chmod 700 /var/lib/www R + ``` + and press enter. + +2. Now type or copy and paste: + + ```bash + set DOMAIN $(cat /var/lib/domains/matrix) && cp -n /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{$DOMAIN}/{$DOMAIN}.crt /var/lib/coturn/{$DOMAIN}.crt.pem && cp -n /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{$DOMAIN}/{$DOMAIN}.key /var/lib/coturn/{$DOMAIN}.key.pem && chown turnserver:turnserver /var/lib/coturn -R && chmod 770 /var/lib/coturn -R && systemctl restart coturn + ``` + and press enter. + +3. Now type or copy and paste: + + ```bash + sudo -u free flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo + ``` + and press enter. + + It will ask for your `Administrator` password and to get the password open a new `Terminal` window and type: + + ```bash + ssh root@localhost + ``` + press enter. + + Now you will be logged in as root. + + Now type: + + ```bash + cat /var/lib/secrets/main + ``` + Then the `Administrator`'s password will be displayed. Copy and paste the password into the other `Terminal` window that is open. Then press enter. + + Now you can close the `Terminal`. + +### Everything now will be installed regarding Sovran_SystemsOS. The remaining setup will be only for the front-end user account creations for BTCpayserver, Vaultwarden, connecting the node to Sparrow wallet and Bisq. + +### Congratulations! 🎉 diff --git a/configuration.nix b/configuration.nix index 10b3390..5d88867 100755 --- a/configuration.nix +++ b/configuration.nix @@ -64,10 +64,6 @@ }; }; - # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 - systemd.services."getty@tty1".enable = true; - systemd.services."autovt@tty1".enable = true; - # Allow Flatpak services.flatpak.enable = true; diff --git a/custom-add-ons.md b/custom-add-ons.md new file mode 100644 index 0000000..57a6724 --- /dev/null +++ b/custom-add-ons.md @@ -0,0 +1,41 @@ +## Custom Add-ons for your Sovran Pro + +Add-ons are extra features you can have installed before your Sovran Pro is shipped to you. + +1. There is also Bitcoin Knots Node available to be added instead of the regular Bitcoin Node. Bitcoin Knots allows a special filter to block unwanted, unusable, erroneous data on the Bitcoin Timechain chain. + +https://bitcoinknots.org + + +2. By default Sovran_SystemsOS runs LND as the default Lightning node software for BTCpayserver. You are now able to run CLN as the backend to BTCpayserver instead of LND. + +https://blockstream.com/lightning/ + + +3. There is Mempool to be added on via a Tor connection. + +https://github.com/mempool/mempool + + +The code will be installed in the `custom.nix` file. + + +The code for Bitcoin Knots is as follows: + +```nix +services.bitcoind.package = pkgs.bitcoind-knots; +``` + + +The code for CLN for BTCpayserver backend is as follows: + +```nix +services.btcpayserver.lightningBackend = mkForce "clightning"; +``` + +The code for Mempool is as follows: + +```nix +services.mempool.enable = true; +``` + diff --git a/file_fixes_and_new_services/Sovran_SystemsOS_File_Fixes_And_New_Services.sh b/file_fixes_and_new_services/Sovran_SystemsOS_File_Fixes_And_New_Services.sh new file mode 100755 index 0000000..3e84dc5 --- /dev/null +++ b/file_fixes_and_new_services/Sovran_SystemsOS_File_Fixes_And_New_Services.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash + +cd /home/free/Downloads + + +#### SCRIPT 1 #### + +/run/current-system/sw/bin/wget "https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/file_fixes_and_new_services/sovran-pro-flake-update.sh" + +/run/current-system/sw/bin/bash /home/free/Downloads/sovran-pro-flake-update.sh + +rm -rf /home/free/Downloads/sovran-pro-flake-update.sh + + +#### SCRIPT 2 #### + +/run/current-system/sw/bin/wget "https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/file_fixes_and_new_services/add-custom-nix.sh" + +/run/current-system/sw/bin/bash /home/free/Downloads/add-custom-nix.sh + +rm -rf /home/free/Downloads/add-custom-nix.sh + + +#### SCRIPT 3 #### + +/run/current-system/sw/bin/wget "https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/file_fixes_and_new_services/sovran-pro-flake-update2.sh" + +/run/current-system/sw/bin/bash /home/free/Downloads/sovran-pro-flake-update2.sh + +rm -rf /home/free/Downloads/sovran-pro-flake-update2.sh + + +#### SCRIPT 4 #### + +/run/current-system/sw/bin/wget "https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/file_fixes_and_new_services/nextcloud_maintenance_window_fix.sh" + +/run/current-system/sw/bin/bash /home/free/Downloads/nextcloud_maintenance_window_fix.sh + +rm -rf /home/free/Downloads/nextcloud_maintenance_window_fix.sh + + +#### SCRIPT 5 #### + +/run/current-system/sw/bin/wget "https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/file_fixes_and_new_services/add_external_backup_app.sh" + +/run/current-system/sw/bin/bash /home/free/Downloads/add_external_backup_app.sh + +rm -rf /home/free/Downloads/add_external_backup_app.sh + + +#### SCRIPT 6 #### + +/run/current-system/sw/bin/wget "https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/file_fixes_and_new_services/update-agenix.sh" + +/run/current-system/sw/bin/bash /home/free/Downloads/update-agenix.sh + +rm -rf /home/free/Downloads/update-agenix.sh + + +#### REMOVAL OF MAIN SCRIPT #### + +rm -rf /home/free/Downloads/Sovran_SystemsOS_File_Fixes_And_New_Services.sh diff --git a/file_fixes_and_new_services/add-custom-nix.sh b/file_fixes_and_new_services/add-custom-nix.sh new file mode 100755 index 0000000..337e659 --- /dev/null +++ b/file_fixes_and_new_services/add-custom-nix.sh @@ -0,0 +1,81 @@ +#!/usr/bin/env bash + +function log_console () { + echo "`date` :: $1" >> /var/lib/beacons/awesome.log + echo $1 +} + + +#### CHECK TO SEE IF IT HAS BEEN RUN BEFORE #### + +FILE=/var/lib/beacons/file_fixes_and_new_services/add-custom-nix/completed + + if [ -e $FILE ]; then + + /run/current-system/sw/bin/echo "File Found :), No Need to Run ... Exiting" + + exit 1 + + fi + + +#### CREATE INITIAL TAG #### + +/run/current-system/sw/bin/mkdir -p /var/lib/beacons/file_fixes_and_new_services/add-custom-nix ; touch /var/lib/beacons/file_fixes_and_new_services/add-custom-nix/started + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Initial Tag" + + exit 1 + + fi + + +#### MAIN SCRIPT #### + +touch /etc/nixos/custom.nix + +/run/current-system/sw/bin/cat > /etc/nixos/custom.nix <<- "EOF" + +{config, pkgs, lib, ...}: + +# Add custom NixOS modules here. + +let + personalization = import ./personalization.nix; + + in +{ + + + +} + +EOF + + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Run add-custom-nix" + + exit 1 + + fi + + + +#### CREATE COMPELETE TAG #### + +/run/current-system/sw/bin/touch /var/lib/beacons/file_fixes_and_new_services/add-custom-nix/completed + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Completed Tag" + + exit 1 + + fi + + +exit 0 \ No newline at end of file diff --git a/file_fixes_and_new_services/add_external_backup_app.sh b/file_fixes_and_new_services/add_external_backup_app.sh new file mode 100755 index 0000000..877505a --- /dev/null +++ b/file_fixes_and_new_services/add_external_backup_app.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash + +function log_console () { + echo "`date` :: $1" >> /var/lib/beacons/awesome.log + echo $1 +} + + +#### CHECK TO SEE IF IT HAS BEEN RUN BEFORE #### + +FILE=/var/lib/beacons/file_fixes_and_new_services/add_external_backup_app/completed + + if [ -e $FILE ]; then + + /run/current-system/sw/bin/echo "File Found :), No Need to Run ... Exiting" + + exit 1 + + fi + + +#### CREATE INITIAL TAG #### + +/run/current-system/sw/bin/mkdir -p /var/lib/beacons/file_fixes_and_new_services/add_external_backup_app ; touch /var/lib/beacons/file_fixes_and_new_services/add_external_backup_app/started + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Initial Tag" + + exit 1 + + fi + + +#### MAIN SCRIPT #### + +cd /home/free/Downloads + +/run/current-system/sw/bin/wget "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_External_Backup/sovran_systemsOS_external_backup_local_installer/sovran_systemsOS_external_backup_install.sh" + +/run/current-system/sw/bin/bash "sovran_systemsOS_external_backup_install.sh" + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Run add_external_backup_app" + + exit 1 + + fi + + + +#### CREATE COMPELETE TAG #### + +/run/current-system/sw/bin/touch /var/lib/beacons/file_fixes_and_new_services/add_external_backup_app/completed + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Completed Tag" + + exit 1 + + fi + + +exit 0 \ No newline at end of file diff --git a/file_fixes_and_new_services/nextcloud_maintenance_window_fix.sh b/file_fixes_and_new_services/nextcloud_maintenance_window_fix.sh new file mode 100755 index 0000000..28be712 --- /dev/null +++ b/file_fixes_and_new_services/nextcloud_maintenance_window_fix.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash + +function log_console () { + echo "`date` :: $1" >> /var/lib/beacons/awesome.log + echo $1 +} + + +#### CHECK TO SEE IF IT HAS BEEN RUN BEFORE #### + +FILE=/var/lib/beacons/file_fixes_and_new_services/nextcloud_maintenance_window_fix/completed + + if [ -e $FILE ]; then + + /run/current-system/sw/bin/echo "File Found :), No Need to Run ... Exiting" + + exit 1 + + fi + + +#### CREATE INITIAL TAG #### + +/run/current-system/sw/bin/mkdir -p /var/lib/beacons/file_fixes_and_new_services/nextcloud_maintenance_window_fix ; touch /var/lib/beacons/file_fixes_and_new_services/nextcloud_maintenance_window_fix/started + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Initial Tag" + + exit 1 + + fi + + +#### MAIN SCRIPT #### + +/run/wrappers/bin/sudo -u caddy /run/current-system/sw/bin/php /var/lib/www/nextcloud/occ config:system:set maintenance_window_start --type=integer --value=1 + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Run add-custom-nix" + + exit 1 + + fi + + + +#### CREATE COMPELETE TAG #### + +/run/current-system/sw/bin/touch /var/lib/beacons/file_fixes_and_new_services/nextcloud_maintenance_window_fix/completed + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Completed Tag" + + exit 1 + + fi + + +exit 0 \ No newline at end of file diff --git a/file_fixes_and_new_services/sovran-pro-flake-update.sh b/file_fixes_and_new_services/sovran-pro-flake-update.sh new file mode 100755 index 0000000..4deaa01 --- /dev/null +++ b/file_fixes_and_new_services/sovran-pro-flake-update.sh @@ -0,0 +1,96 @@ +#!/usr/bin/env bash + +function log_console () { + echo "`date` :: $1" >> /var/lib/beacons/awesome.log + echo $1 +} + + +#### CHECK TO SEE IF IT HAS BEEN RUN BEFORE #### + +FILE=/var/lib/beacons/file_fixes_and_new_services/sovran-pro-flake-update/completed + + if [ -e $FILE ]; then + + /run/current-system/sw/bin/echo "File Found :), No Need to Run ... Exiting" + + exit 1 + + fi + + +#### CREATE INITIAL TAG #### + +/run/current-system/sw/bin/mkdir -p /var/lib/beacons/file_fixes_and_new_services/sovran-pro-flake-update ; touch /var/lib/beacons/file_fixes_and_new_services/sovran-pro-flake-update/started + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Initial Tag" + + exit 1 + + fi + + +#### MAIN SCRIPT #### + +/run/current-system/sw/bin/rm /etc/nixos/flake.nix + +/run/current-system/sw/bin/cat > /etc/nixos/flake.nix <<- "EOF" + +{ + description = "Sovran_SystemsOS for the Sovran Pro from Sovran Systems"; + + inputs = { + + Sovran_Systems.url = "git+https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS"; + + }; + + outputs = { self, Sovran_Systems, ... }@inputs: { + + nixosConfigurations."nixos" = Sovran_Systems.inputs.nixpkgs.lib.nixosSystem { + + system = "x86_64-linux"; + + modules = [ + + ./hardware-configuration.nix + + Sovran_Systems.nixosModules.Sovran_SystemsOS + + ]; + + }; + + }; + +} + +EOF + + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Run sovran-pro-flake-update" + + exit 1 + + fi + + + +#### CREATE COMPELETE TAG #### + +/run/current-system/sw/bin/touch /var/lib/beacons/file_fixes_and_new_services/sovran-pro-flake-update/completed + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Completed Tag" + + exit 1 + + fi + + +exit 0 \ No newline at end of file diff --git a/file_fixes_and_new_services/sovran-pro-flake-update2.sh b/file_fixes_and_new_services/sovran-pro-flake-update2.sh new file mode 100755 index 0000000..a594503 --- /dev/null +++ b/file_fixes_and_new_services/sovran-pro-flake-update2.sh @@ -0,0 +1,98 @@ +#!/usr/bin/env bash + +function log_console () { + echo "`date` :: $1" >> /var/lib/beacons/awesome.log + echo $1 +} + + +#### CHECK TO SEE IF IT HAS BEEN RUN BEFORE #### + +FILE=/var/lib/beacons/file_fixes_and_new_services/sovran-pro-flake-update2/completed + + if [ -e $FILE ]; then + + /run/current-system/sw/bin/echo "File Found :), No Need to Run ... Exiting" + + exit 1 + + fi + + +#### CREATE INITIAL TAG #### + +/run/current-system/sw/bin/mkdir -p /var/lib/beacons/file_fixes_and_new_services/sovran-pro-flake-update2 ; touch /var/lib/beacons/file_fixes_and_new_services/sovran-pro-flake-update2/started + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Initial Tag" + + exit 1 + + fi + + +#### MAIN SCRIPT #### + +/run/current-system/sw/bin/rm /etc/nixos/flake.nix + +/run/current-system/sw/bin/cat > /etc/nixos/flake.nix <<- "EOF" + +{ + description = "Sovran_SystemsOS for the Sovran Pro from Sovran Systems"; + + inputs = { + + Sovran_Systems.url = "git+https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS"; + + }; + + outputs = { self, Sovran_Systems, ... }@inputs: { + + nixosConfigurations."nixos" = Sovran_Systems.inputs.nixpkgs.lib.nixosSystem { + + system = "x86_64-linux"; + + modules = [ + + ./custom.nix + + ./hardware-configuration.nix + + Sovran_Systems.nixosModules.Sovran_SystemsOS + + ]; + + }; + + }; + +} + +EOF + + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Run sovran-pro-flake-update2" + + exit 1 + + fi + + + +#### CREATE COMPELETE TAG #### + +/run/current-system/sw/bin/touch /var/lib/beacons/file_fixes_and_new_services/sovran-pro-flake-update2/completed + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Completed Tag" + + exit 1 + + fi + + +exit 0 \ No newline at end of file diff --git a/file_fixes_and_new_services/update-agenix.sh b/file_fixes_and_new_services/update-agenix.sh new file mode 100755 index 0000000..3e73666 --- /dev/null +++ b/file_fixes_and_new_services/update-agenix.sh @@ -0,0 +1,83 @@ +#!/usr/bin/env bash + +#### CHECK TO SEE IF IT HAS BEEN RUN BEFORE #### + +FILE=/var/lib/beacons/file_fixes_and_new_services/update-agenix/completed + + if [ -e $FILE ]; then + + /run/current-system/sw/bin/echo "File Found :), No Need to Run ... Exiting" + + exit 1 + + fi + + +#### CREATE INITIAL TAG #### + +/run/current-system/sw/bin/mkdir -p /var/lib/beacons/file_fixes_and_new_services/update-agenix ; touch /var/lib/beacons/file_fixes_and_new_services/update-agenix/started + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Initial Tag" + + exit 1 + + fi + + +#### MAIN SCRIPT #### + +/run/current-system/sw/bin/rm -rf /var/lib/agenix-secrets/nextclouddb.age + +/run/current-system/sw/bin/rm -rf /var/lib/agenix-secrets/wordpressdb.age + +/run/current-system/sw/bin/rm -rf /var/lib/agenix-secrets/turn.age + +/run/current-system/sw/bin/rm -rf /var/lib/agenix-secrets/matrixdb.age + +/run/current-system/sw/bin/rm -rf /var/lib/agenix-secrets/matrix_reg_secret.age + + +pushd /var/lib/agenix-secrets/ + + + /run/current-system/sw/bin/echo -n $(/run/current-system/sw/bin/cat /var/lib/secrets/wordpressdb) | EDITOR='/run/current-system/sw/bin/cp /dev/stdin' /run/current-system/sw/bin/nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys + + /run/current-system/sw/bin/echo -n $(/run/current-system/sw/bin/cat /var/lib/secrets/nextclouddb) | EDITOR='/run/current-system/sw/bin/cp /dev/stdin' /run/current-system/sw/bin/nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys + + /run/current-system/sw/bin/echo -n $(/run/current-system/sw/bin/cat /var/lib/secrets/matrixdb) | EDITOR='/run/current-system/sw/bin/cp /dev/stdin' /run/current-system/sw/bin/nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys + + /run/current-system/sw/bin/echo -n $(/run/current-system/sw/bin/cat /var/lib/secrets/turn) | EDITOR='/run/current-system/sw/bin/cp /dev/stdin' /run/current-system/sw/bin/nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys + + /run/current-system/sw/bin/echo -n $(/run/current-system/sw/bin/cat /var/lib/secrets/matrix_reg_secret) | EDITOR='/run/current-system/sw/bin/cp /dev/stdin' /run/current-system/sw/bin/nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys + + +popd + + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Run update-agenix" + + exit 1 + + fi + + + +#### CREATE COMPELETE TAG #### + +/run/current-system/sw/bin/touch /var/lib/beacons/file_fixes_and_new_services/update-agenix/completed + + if [[ $? != 0 ]]; then + + /run/current-system/sw/bin/echo "Could Not Create Completed Tag" + + exit 1 + + fi + + +exit 0 + diff --git a/for_new_sovran_pros/Sovran_SystemsOS-Desktop b/for_new_sovran_pros/Sovran_SystemsOS-Desktop new file mode 100644 index 0000000..581fbf7 --- /dev/null +++ b/for_new_sovran_pros/Sovran_SystemsOS-Desktop @@ -0,0 +1,472 @@ +[com/ftpix/transparentbar] +dark-full-screen=false + +[org/gnome/Connections] +first-run=false + +[org/gnome/Console] +font-scale=1.6000000000000005 +last-window-size=(1912, 1037) + +[org/gnome/Geary] +migrated-config=true +window-height=516 +window-width=954 + +[org/gnome/TextEditor] +last-save-directory='file:///home/free/Downloads' + +[org/gnome/Totem] +active-plugins=['mpris', 'vimeo', 'screenshot', 'movie-properties', 'autoload-subtitles', 'screensaver', 'apple-trailers', 'save-file', 'rotation', 'open-directory', 'recent', 'variable-rate', 'skipto'] +subtitle-encoding='UTF-8' + +[org/gnome/baobab/ui] +is-maximized=false +window-size=(1912, 1037) + +[org/gnome/calculator] +accuracy=9 +angle-units='degrees' +base=10 +button-mode='basic' +number-format='automatic' +show-thousands=false +show-zeroes=false +source-currency='' +source-units='degree' +target-currency='' +target-units='radian' +word-size=64 + +[org/gnome/calendar] +active-view='month' +window-maximized=false +window-size=(1912, 1037) + +[org/gnome/control-center] +last-panel='background' +window-state=(1912, 1040, false) + +[org/gnome/desktop/app-folders] +folder-children=['Utilities', 'YaST', 'd737daeb-6dbb-4a5d-9ec7-e674398539ce', '7d66e46a-a135-4e42-91bb-d438e499d251', '3fea025e-f5e4-4905-9912-e70e38cd0419', '83d8148a-1f0b-4f83-814a-11c33ab8debc', '68c075b1-a254-4b7c-ba63-c45f88bc2a58', '534e2716-83c7-4a2a-9678-8144999213ed', '4acaa2d8-d284-4efd-bba3-40f150f1ace5', '1e62b69b-d9bb-4e80-be8d-5e9b4d777fc8'] + +[org/gnome/desktop/app-folders/folders/1e62b69b-d9bb-4e80-be8d-5e9b4d777fc8] +apps=['math.desktop', 'writer.desktop', 'impress.desktop', 'draw.desktop', 'calc.desktop', 'base.desktop', 'startcenter.desktop'] +name='Office' + +[org/gnome/desktop/app-folders/folders/3fea025e-f5e4-4905-9912-e70e38cd0419] +apps=['cups.desktop', 'simple-scan.desktop'] +name='Printing' +translate=false + +[org/gnome/desktop/app-folders/folders/4acaa2d8-d284-4efd-bba3-40f150f1ace5] +apps=['org.gnome.DiskUtility.desktop', 'org.gnome.baobab.desktop', 'gparted.desktop', 'gnome-system-monitor.desktop'] +name='Utilities' + +[org/gnome/desktop/app-folders/folders/534e2716-83c7-4a2a-9678-8144999213ed] +apps=['org.gnome.Epiphany.desktop', 'librewolf.desktop', 'io.lbry.lbry-app.desktop', 'bitwarden.desktop', 'com.nextcloud.desktopclient.nextcloud.desktop', 'brave-browser.desktop', 'chromium-browser.desktop'] +name='Internet' + +[org/gnome/desktop/app-folders/folders/68c075b1-a254-4b7c-ba63-c45f88bc2a58] +apps=['org.gnome.Extensions.desktop', 'org.gnome.tweaks.desktop'] +name='Customize Look' +translate=false + +[org/gnome/desktop/app-folders/folders/7d66e46a-a135-4e42-91bb-d438e499d251] +apps=['org.gnome.Photos.desktop', 'org.gnome.Music.desktop', 'org.gnome.Totem.desktop', 'org.gnome.Cheese.desktop', 'org.gnome.Loupe.desktop', 'org.gnome.Snapshot.desktop'] +name='Media' +translate=false + +[org/gnome/desktop/app-folders/folders/83d8148a-1f0b-4f83-814a-11c33ab8debc] +apps=['org.gnome.Tour.desktop', 'yelp.desktop', 'nixos-manual.desktop'] +name='Help' +translate=false + +[org/gnome/desktop/app-folders/folders/Utilities] +apps=['gnome-abrt.desktop', 'gnome-system-log.desktop', 'nm-connection-editor.desktop', 'org.gnome.Connections.desktop', 'org.gnome.DejaDup.desktop', 'org.gnome.Dictionary.desktop', 'org.gnome.eog.desktop', 'org.gnome.Evince.desktop', 'org.gnome.FileRoller.desktop', 'org.gnome.fonts.desktop', 'org.gnome.seahorse.Application.desktop', 'org.gnome.Usage.desktop', 'vinagre.desktop', 'org.gnome.TextEditor.desktop', 'org.gnome.gedit.desktop', 'org.gnome.SystemMonitor.desktop'] +categories=['X-GNOME-Utilities'] +excluded-apps=['org.gnome.Console.desktop', 'org.gnome.tweaks.desktop', 'org.gnome.DiskUtility.desktop', 'org.gnome.baobab.desktop'] +name='X-GNOME-Utilities.directory' +translate=true + +[org/gnome/desktop/app-folders/folders/YaST] +categories=['X-SuSE-YaST'] +name='suse-yast.directory' +translate=true + +[org/gnome/desktop/app-folders/folders/d737daeb-6dbb-4a5d-9ec7-e674398539ce] +apps=['fish.desktop', 'org.gnome.Console.desktop', 'htop.desktop', 'ranger.desktop', 'xterm.desktop', 'org.gnome.Terminal.desktop'] +name='Terminal Fun' +translate=false + +[org/gnome/desktop/background] +color-shading-type='solid' +picture-options='zoom' +picture-uri='file:///run/current-system/sw/share/backgrounds/gnome/amber-l.jxl' +picture-uri-dark='file:///run/current-system/sw/share/backgrounds/gnome/amber-d.jxl' +primary-color='#ff7800' +secondary-color='#000000' + +[org/gnome/desktop/calendar] +show-weekdate=false + +[org/gnome/desktop/input-sources] +sources=[('xkb', 'us')] +xkb-options=['terminate:ctrl_alt_bksp'] + +[org/gnome/desktop/interface] +clock-format='12h' +clock-show-seconds=false +clock-show-weekday=false +color-scheme='prefer-dark' +enable-animations=true +font-antialiasing='rgba' +font-hinting='full' +gtk-theme='Adwaita-dark' +icon-theme='Papirus-Dark' +text-scaling-factor=1.0 + +[org/gnome/desktop/notifications] +application-children=['gnome-power-panel', 'org-gnome-nautilus', 'org-gnome-software', 'gnome-network-panel', 'sparrow', 'org-gnome-settings', 'org-gnome-console', 'gnome-printers-panel', 'org-gnome-epiphany', 'com-obsproject-studio', 'io-github-seadve-kooha', 'xdg-desktop-portal-gnome', 'org-gnome-baobab', 'org-gnome-geary', 'sparrow-desktop', 'impress', 'brave-browser', 'org-gnome-connections'] +show-in-lock-screen=false + +[org/gnome/desktop/notifications/application/brave-browser] +application-id='brave-browser.desktop' + +[org/gnome/desktop/notifications/application/com-obsproject-studio] +application-id='com.obsproject.Studio.desktop' + +[org/gnome/desktop/notifications/application/gnome-network-panel] +application-id='gnome-network-panel.desktop' + +[org/gnome/desktop/notifications/application/gnome-power-panel] +application-id='gnome-power-panel.desktop' + +[org/gnome/desktop/notifications/application/gnome-printers-panel] +application-id='gnome-printers-panel.desktop' + +[org/gnome/desktop/notifications/application/impress] +application-id='impress.desktop' + +[org/gnome/desktop/notifications/application/io-github-seadve-kooha] +application-id='io.github.seadve.Kooha.desktop' + +[org/gnome/desktop/notifications/application/org-gnome-baobab] +application-id='org.gnome.baobab.desktop' + +[org/gnome/desktop/notifications/application/org-gnome-connections] +application-id='org.gnome.Connections.desktop' + +[org/gnome/desktop/notifications/application/org-gnome-console] +application-id='org.gnome.Console.desktop' + +[org/gnome/desktop/notifications/application/org-gnome-epiphany] +application-id='org.gnome.Epiphany.desktop' + +[org/gnome/desktop/notifications/application/org-gnome-geary] +application-id='org.gnome.Geary.desktop' + +[org/gnome/desktop/notifications/application/org-gnome-nautilus] +application-id='org.gnome.Nautilus.desktop' + +[org/gnome/desktop/notifications/application/org-gnome-settings] +application-id='org.gnome.Settings.desktop' + +[org/gnome/desktop/notifications/application/org-gnome-software] +application-id='org.gnome.Software.desktop' + +[org/gnome/desktop/notifications/application/sparrow-desktop] +application-id='sparrow-desktop.desktop' + +[org/gnome/desktop/notifications/application/sparrow] +application-id='Sparrow.desktop' + +[org/gnome/desktop/notifications/application/xdg-desktop-portal-gnome] +application-id='xdg-desktop-portal-gnome.desktop' + +[org/gnome/desktop/peripherals/keyboard] +numlock-state=false + +[org/gnome/desktop/peripherals/mouse] +natural-scroll=true +speed=-0.63779527559055116 + +[org/gnome/desktop/peripherals/touchpad] +two-finger-scrolling-enabled=true + +[org/gnome/desktop/privacy] +old-files-age=uint32 30 +recent-files-max-age=-1 + +[org/gnome/desktop/screensaver] +color-shading-type='solid' +lock-enabled=false +picture-options='zoom' +picture-uri='file:///run/current-system/sw/share/backgrounds/gnome/amber-l.jxl' +primary-color='#ff7800' +secondary-color='#000000' + +[org/gnome/desktop/session] +idle-delay=uint32 900 + +[org/gnome/desktop/sound] +event-sounds=true +theme-name='__custom' + +[org/gnome/desktop/wm/preferences] +button-layout='appmenu:minimize,maximize,close' + +[org/gnome/epiphany] +ask-for-default=false + +[org/gnome/epiphany/state] +is-maximized=false +window-size=(1912, 1037) + +[org/gnome/evolution-data-server] +migrated=true +network-monitor-gio-name='' + +[org/gnome/file-roller/dialogs/extract] +recreate-folders=true +skip-newer=false + +[org/gnome/file-roller/listing] +list-mode='as-folder' +name-column-width=250 +show-path=false +sort-method='name' +sort-type='ascending' + +[org/gnome/file-roller/ui] +sidebar-width=200 +window-height=993 +window-width=954 + +[org/gnome/gnome-system-monitor] +current-tab='processes' +maximized=false +network-total-in-bits=false +show-dependencies=false +show-whose-processes='all' +window-height=1040 +window-state=(1912, 1040, 26, 23) +window-width=1912 + +[org/gnome/gnome-system-monitor/disktreenew] +col-6-visible=true +col-6-width=0 + +[org/gnome/gnome-system-monitor/proctree] +columns-order=[0, 1, 2, 3, 4, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26] +sort-col=8 +sort-order=0 + +[org/gnome/maps] +last-viewed-location=[34.015438242460405, -118.32766985901287] +map-type='MapsStreetSource' +transportation-type='pedestrian' +window-maximized=false +window-size=[1912, 1037] +zoom-level=9 + +[org/gnome/mutter] +attach-modal-dialogs=true +dynamic-workspaces=true +edge-tiling=false +focus-change-on-pointer-rest=true +workspaces-only-on-primary=true + +[org/gnome/nautilus/icon-view] +default-zoom-level='large' + +[org/gnome/nautilus/preferences] +default-folder-viewer='icon-view' +fts-enabled=false +migrated-gtk-settings=true +search-filter-time-type='last_modified' +search-view='list-view' + +[org/gnome/nautilus/window-state] +initial-size=(1912, 1040) +maximized=false + +[org/gnome/nm-applet/eap/202ce1d2-7306-40ac-b3bb-5b092c0f9734] +ignore-ca-cert=false +ignore-phase2-ca-cert=false + +[org/gnome/nm-applet/eap/2afa07ed-64ca-44a0-948e-d8f265fa52b0] +ignore-ca-cert=false +ignore-phase2-ca-cert=false + +[org/gnome/nm-applet/eap/8da70f78-fe38-3e50-a305-8fa32b2af624] +ignore-ca-cert=false +ignore-phase2-ca-cert=false + +[org/gnome/nm-applet/eap/a9f5fb1c-2546-4fb9-82d0-7792e8982565] +ignore-ca-cert=false +ignore-phase2-ca-cert=false + +[org/gnome/nm-applet/eap/e5e312d5-e2db-3928-8c98-8ec8a7cf61f2] +ignore-ca-cert=false +ignore-phase2-ca-cert=false + +[org/gnome/portal/filechooser/brave-browser] +last-folder-path='/home/free/Downloads' + +[org/gnome/portal/filechooser/chromium-browser] +last-folder-path='/home/free/Downloads' + +[org/gnome/settings-daemon/plugins/color] +night-light-enabled=true +night-light-schedule-automatic=false +night-light-schedule-from=18.0 +night-light-temperature=uint32 1744 + +[org/gnome/settings-daemon/plugins/power] +power-button-action='nothing' +sleep-inactive-ac-type='nothing' + +[org/gnome/shell] +app-picker-layout=[{'org.gnome.Weather.desktop': <{'position': <0>}>, 'org.gnome.clocks.desktop': <{'position': <1>}>, 'org.gnome.Maps.desktop': <{'position': <2>}>, 'org.gnome.Calculator.desktop': <{'position': <3>}>, '68c075b1-a254-4b7c-ba63-c45f88bc2a58': <{'position': <4>}>, '3fea025e-f5e4-4905-9912-e70e38cd0419': <{'position': <5>}>, '83d8148a-1f0b-4f83-814a-11c33ab8debc': <{'position': <6>}>, 'Utilities': <{'position': <7>}>, 'd737daeb-6dbb-4a5d-9ec7-e674398539ce': <{'position': <8>}>, '7d66e46a-a135-4e42-91bb-d438e499d251': <{'position': <9>}>, '534e2716-83c7-4a2a-9678-8144999213ed': <{'position': <10>}>, '4acaa2d8-d284-4efd-bba3-40f150f1ace5': <{'position': <11>}>, '1e62b69b-d9bb-4e80-be8d-5e9b4d777fc8': <{'position': <12>}>, 'Bisq-hidpi.desktop': <{'position': <13>}>, 'com.obsproject.Studio.desktop': <{'position': <14>}>, 'Sovran_SystemsOS_External_Backup.desktop': <{'position': <15>}>, 'firefox.desktop': <{'position': <16>}>}] +disable-user-extensions=false +disabled-extensions=['transparent-top-bar@zhanghai.me'] +enabled-extensions=['appindicatorsupport@rgcjonas.gmail.com', 'dash-to-dock-cosmic-@halfmexicanhalfamazing@gmail.com', 'Vitals@CoreCoding.com', 'dash-to-dock@micxgx.gmail.com', 'transparent-top-bar@ftpix.com', 'just-perfection-desktop@just-perfection', 'pop-shell@system76.com', 'date-menu-formatter@marcinjakubowski.github.com', 'systemd-manager@hardpixel.eu', 'light-style@gnome-shell-extensions.gcampax.github.com'] +favorite-apps=['firefox.desktop', 'org.gnome.Nautilus.desktop', 'Sovran_SystemsOS_Updater.desktop', 'org.gnome.Settings.desktop', 'org.gnome.Software.desktop', 'io.freetubeapp.FreeTube.desktop', 'org.onlyoffice.desktopeditors.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Contacts.desktop', 'org.gnome.Calendar.desktop', 'Bisq.desktop', 'sparrow-desktop.desktop'] +last-selected-power-profile='performance' +welcome-dialog-last-shown-version='42.3.1' + +[org/gnome/shell/extensions/dash-to-dock-pop] +apply-glossy-effect=false +background-color='rgb(0,0,0)' +background-opacity=0.25 +border-radius=17 +custom-background-color=true +custom-theme-shrink=false +dash-max-icon-size=64 +dock-alignment='CENTRE' +dock-position='BOTTOM' +extend-height=false +floating-margin=0 +force-straight-corner=false +height-fraction=0.90000000000000002 +intellihide-mode='ALL_WINDOWS' +preferred-monitor=-2 +preferred-monitor-by-connector='HDMI-1' +preview-size-scale=0.059999999999999998 +running-indicator-style='DASHES' +show-apps-at-top=false +show-mounts=false +show-show-apps-button=true +show-trash=false +transparency-mode='FIXED' +unity-backlit-items=false + +[org/gnome/shell/extensions/dash-to-dock] +apply-custom-theme=false +background-color='rgb(0,0,0)' +background-opacity=0.17000000000000001 +custom-background-color=true +dash-max-icon-size=57 +dock-position='BOTTOM' +extend-height=false +height-fraction=0.89000000000000001 +icon-size-fixed=false +intellihide-mode='ALL_WINDOWS' +preferred-monitor=-2 +preferred-monitor-by-connector='HDMI-2' +preview-size-scale=0.22 +running-indicator-style='DASHES' +show-mounts=false +show-mounts-only-mounted=false +show-trash=false +transparency-mode='FIXED' + +[org/gnome/shell/extensions/date-menu-formatter] +font-size=14 +pattern='EEEE MMMM d h: mm a' +text-align='center' + +[org/gnome/shell/extensions/just-perfection] +accessibility-menu=false + +[org/gnome/shell/extensions/pop-shell] +active-hint-border-radius=uint32 3 +gap-inner=uint32 1 +gap-outer=uint32 1 +tile-by-default=true + +[org/gnome/shell/extensions/systemd-manager] +command-method='systemctl' +systemd=['{"name":"Bitcoind","service":"bitcoind.service","type":"system"}', '{"name":"Electrs","service":"electrs.service","type":"system"}', '{"name":"BTCPayserver","service":"btcpayserver.service","type":"system"}', '{"name":"Nbxplorer","service":"nbxplorer.service","type":"system"}', '{"name":"Caddy","service":"caddy.service","type":"system"}', '{"name":"Phpfpm-Mypool","service":"phpfpm-mypool.service","type":"system"}', '{"name":"Mysql","service":"mysql.service","type":"system"}', '{"name":"Postgresql","service":"postgresql.service","type":"system"}', '{"name":"Matrix-Synapse","service":"matrix-synapse.service","type":"system"}', '{"name":"Coturn","service":"coturn.service","type":"system"}', '{"name":"Tor","service":"tor.service","type":"system"}', '{"name":"VaultWarden","service":"vaultwarden.service","type":"system"}', '{"name":"LND","service":"lnd.service","type":"system"}', '{"name":"LND Loop","service":"lightning-loop.service","type":"system"}', '{"name":"Ride The Lightning","service":"rtl.service","type":"system"}'] + +[org/gnome/shell/extensions/vitals] +fixed-widths=false +hot-sensors=['_memory_usage_', '__network-tx_max__', '_processor_usage_', '_storage_free_', '_temperature_processor_0_'] +show-fan=false +show-storage=true +show-voltage=false + +[org/gnome/shell/weather] +automatic-location=true +locations=@av [] + +[org/gnome/shell/world-clocks] +locations=@av [] + +[org/gnome/software] +check-timestamp=int64 1715525466 +first-run=false +flatpak-purge-timestamp=int64 1715478601 +online-updates-timestamp=int64 1675355639 +update-notification-timestamp=int64 1666382024 + +[org/gnome/terminal/legacy/profiles:/:b1dcc9dd-5262-4d8d-a863-c897e6d979b9] +font='Monospace 14' +use-system-font=false + +[org/gnome/tweaks] +show-extensions-notice=false + +[org/gtk/gtk4/settings/color-chooser] +selected-color=(true, 0.0, 0.0, 0.0, 1.0) + +[org/gtk/gtk4/settings/file-chooser] +date-format='regular' +location-mode='path-bar' +show-hidden=false +show-size-column=true +show-type-column=true +sidebar-width=140 +sort-column='name' +sort-directories-first=false +sort-order='ascending' +type-format='category' +view-type='list' +window-size=(1912, 1040) + +[org/gtk/settings/file-chooser] +clock-format='12h' +date-format='regular' +location-mode='path-bar' +show-hidden=true +show-size-column=true +show-type-column=true +sidebar-width=165 +sort-column='modified' +sort-directories-first=false +sort-order='descending' +type-format='category' +window-position=(26, 23) +window-size=(1401, 998) + +[system/proxy] +ignore-hosts=@as [] +mode='none' + +[system/proxy/http] +port=0 + +[system/proxy/socks] +host='127.0.0.1' +port=9050 diff --git a/for_new_sovran_pros/Wallpaper_Dark_Wide.png b/for_new_sovran_pros/Wallpaper_Dark_Wide.png new file mode 100755 index 0000000..0c89447 Binary files /dev/null and b/for_new_sovran_pros/Wallpaper_Dark_Wide.png differ diff --git a/for_new_sovran_pros/flake.nix b/for_new_sovran_pros/flake.nix new file mode 100755 index 0000000..a8969a6 --- /dev/null +++ b/for_new_sovran_pros/flake.nix @@ -0,0 +1,30 @@ +{ + description = "Sovran_SystemsOS for the Sovran Pro from Sovran Systems"; + + inputs = { + + Sovran_Systems.url = "git+https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS"; + + }; + + outputs = { self, Sovran_Systems, ... }@inputs: { + + nixosConfigurations."nixos" = Sovran_Systems.inputs.nixpkgs.lib.nixosSystem { + + system = "x86_64-linux"; + + modules = [ + + ./hardware-configuration.nix + + ./custom.nix + + Sovran_Systems.nixosModules.Sovran_SystemsOS + + ]; + + }; + + }; + +} \ No newline at end of file diff --git a/for_new_sovran_pros/psp.sh b/for_new_sovran_pros/psp.sh new file mode 100755 index 0000000..e519f70 --- /dev/null +++ b/for_new_sovran_pros/psp.sh @@ -0,0 +1,89 @@ +#!/usr/bin/env bash + +# Begin: curl https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/psp.sh -o psp.sh + +GREEN="\e[32m" +LIGHTBLUE="\e[94m" +ENDCOLOR="\e[0m" + +lsblk + +echo -e "${GREEN}What block for file-tree-root of drive (usually nvme0n1)?${ENDCOLOR}";read commitroot + +parted /dev/"$commitroot" -- mklabel gpt +parted /dev/"$commitroot" -- mkpart primary 512MB -16GB +parted /dev/"$commitroot" -- mkpart swap linux-swap -16GB 100% +parted /dev/"$commitroot" -- mkpart ESP fat32 1MB 512MB +parted /dev/"$commitroot" -- set 3 esp on + +lsblk + +echo -e "${GREEN}What partition for Boot-Partition (usually nvme0n1p1)?${ENDCOLOR}";read commitbootpartition + +echo -e "${GREEN}What partition for Main-Partition (usually nvme0n1p2)?${ENDCOLOR}";read commitmainpartition + +echo -e "${GREEN}What partition for Swap-Partition (usually nvme0n1p3)?${ENDCOLOR}";read commitswappartition + + + +mkfs.ext4 -L nixos /dev/"$commitmainpartition" + +mkswap -L swap /dev/"$commitswappartition" + +mkfs.fat -F 32 -n boot /dev/"$commitbootpartition" + +mount /dev/disk/by-label/nixos /mnt + +mkdir -p /mnt/boot/efi + +mount /dev/disk/by-label/boot /mnt/boot/efi + + + +nixos-generate-config --root /mnt + +rm /mnt/etc/nixos/configuration.nix + +cat <> /mnt/etc/nixos/configuration.nix +{ config, pkgs, ... }: { + + imports = [ + + ./hardware-configuration.nix + + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + users.users = { + free = { + isNormalUser = true; + description = "free"; + extraGroups = [ "networkmanager" ]; + }; + }; + + environment.systemPackages = with pkgs; [ + wget + git + ranger + fish + pwgen + openssl + ]; + + services.openssh = { + enable = true; + permitRootLogin = "yes"; + }; +} + +EOT + +nixos-install + +reboot \ No newline at end of file diff --git a/for_new_sovran_pros/psp_physical_ram.sh b/for_new_sovran_pros/psp_physical_ram.sh new file mode 100755 index 0000000..10f1300 --- /dev/null +++ b/for_new_sovran_pros/psp_physical_ram.sh @@ -0,0 +1,85 @@ +#!/usr/bin/env bash + +# Begin: curl https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/psp_physical_ram.sh -o psp_physical_ram.sh + +GREEN="\e[32m" +LIGHTBLUE="\e[94m" +ENDCOLOR="\e[0m" + +lsblk + +echo -e "${GREEN}What block for file-tree-root of drive (usually nvme0n1)?${ENDCOLOR}";read commitroot + +parted /dev/"$commitroot" -- mklabel gpt +parted /dev/"$commitroot" -- mkpart ESP fat32 1MB 512MB +parted /dev/"$commitroot" -- set 1 esp on +parted /dev/"$commitroot" -- mkpart primary ext4 512MB 100% + +lsblk + +echo -e "${GREEN}What partition for Boot-Partition (usually nvme0n1p1)?${ENDCOLOR}";read commitbootpartition + +echo -e "${GREEN}What partition for Primary-Partition (usually nvme0n1p2)?${ENDCOLOR}";read commitprimarypartition + + +mkfs.ext4 -L nixos /dev/"$commitprimarypartition" + +mkfs.fat -F 32 -n boot /dev/"$commitbootpartition" + +mount /dev/disk/by-label/nixos /mnt + +mkdir -p /mnt/boot/efi + +mount /dev/disk/by-label/boot /mnt/boot/efi + +### Disk Step-up Finished + +### Adding Configuration.nix + +nixos-generate-config --root /mnt + +rm /mnt/etc/nixos/configuration.nix + +cat <> /mnt/etc/nixos/configuration.nix +{ config, pkgs, ... }: { + + imports = [ + + ./hardware-configuration.nix + + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + users.users = { + free = { + isNormalUser = true; + description = "free"; + extraGroups = [ "networkmanager" ]; + }; + }; + + environment.systemPackages = with pkgs; [ + wget + git + ranger + fish + pwgen + openssl + ]; + + services.openssh = { + enable = true; + permitRootLogin = "yes"; + }; +} + +EOT + +nixos-install + +reboot diff --git a/for_new_sovran_pros/sdpsp.sh b/for_new_sovran_pros/sdpsp.sh new file mode 100755 index 0000000..7272d22 --- /dev/null +++ b/for_new_sovran_pros/sdpsp.sh @@ -0,0 +1,51 @@ +#!/usr/bin/env bash + +GREEN="\e[32m" +LIGHTBLUE="\e[94m" +ENDCOLOR="\e[0m" + +lsblk + +echo -e "${GREEN}What block for New Sovran Pro Second drive?${ENDCOLOR}";read commitroot + +parted /dev/"$commitroot" -- mklabel gpt +parted /dev/"$commitroot" -- mkpart primary 0% 100% + +lsblk + +echo -e "${GREEN}What partition with New Sovran Pro Second Drive?${ENDCOLOR}";read commitsecond + +mkfs.ext4 -L "BTCEcoandBackup" /dev/"$commitsecond" + +sudo mkdir -p /mnt + +mount /dev/"$commitsecond" /mnt + +sudo mkdir -p /mnt/BTCEcoandBackup/Bitcoin_Node + +sudo mkdir -p /mnt/BTCEcoandBackup/Electrs_Data + +sudo mkdir -p /mnt/BTCEcoandBackup/NixOS_Snapshot_Backup + +sudo mkdir -p /mnt/BTCEcoandBackup/clightning_db_backup + +sudo systemctl stop bitcoind electrs nbxplorer btcpayserver lnd rtl lightning-loop clightning + +rsync -ar --info=progress2 --info=name0 /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node/ /mnt/BTCEcoandBackup/Bitcoin_Node/ + +rsync -ar --info=progress2 --info=name0 /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data/ /mnt/BTCEcoandBackup/Electrs_Data/ + +sudo systemctl start bitcoind electrs nbxplorer btcpayserver lnd rtl lightning-loop clightning + +sudo chown bitcoin:bitcoin /mnt/BTCEcoandBackup/Bitcoin_Node -R + +sudo chown electrs:electrs /mnt/BTCEcoandBackup/Electrs_Data -R + +sudo chmod 770 /mnt/BTCEcoandBackup/Bitcoin_Node -R + +sudo chmod 770 /mnt/BTCEcoandBackup/Electrs_Data -R + +sudo umount /dev/"$commitsecond" + +echo -e "All Finished!" + diff --git a/for_new_sovran_pros/sp.sh b/for_new_sovran_pros/sp.sh new file mode 100755 index 0000000..60356ce --- /dev/null +++ b/for_new_sovran_pros/sp.sh @@ -0,0 +1,406 @@ +#!/usr/bin/env bash + +# wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/sp.sh + + +GREEN="\e[32m" +LIGHTBLUE="\e[94m" + +# + +pushd /etc/nixos/ + + wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/flake.nix + + chown root:root /etc/nixos/ -R + + chmod 770 /etc/nixos/ -R + +popd + +# + +mkdir /var/lib/domains + +touch /var/lib/domains/btcpayserver +touch /var/lib/domains/matrix +touch /var/lib/domains/nextcloud +touch /var/lib/domains/sslemail +touch /var/lib/domains/vaultwarden +touch /var/lib/domains/wordpress + +# + +echo -e "${GREEN}What is your New Matrix (Element Chat) domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/matrix + +echo -e "${GREEN}What is your New Wordpress domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/wordpress + +echo -e "${GREEN}What is your New Nextcloud domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/nextcloud + +echo -e "${GREEN}What is your New BTCPayserver domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/btcpayserver + +echo -e "${GREEN}What is your New Vaultwarden domain name?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/vaultwarden + +echo -e "${GREEN}What is the email you would like to use to manage the SSL certificates for your domains?${ENDCOLOR}" +read +echo -n $REPLY > /var/lib/domains/sslemail + +# + +mkdir /var/lib/nextcloudaddition + +cat > /var/lib/nextcloudaddition/nextcloudaddition <<- "EOF" + +'trusted_proxies' => + array ( + 0 => '127.0.0.1', + ), + 'default_locale' => 'en_US', + 'default_phone_region' => 'US', + 'memcache.local' =>'\OC\Memcache\APCu' , + +EOF + +# + +mkdir /var/lib/njalla/ + +cat > /var/lib/njalla/njalla.sh <<- "EOF" + +#!/usr/bin/env bash + +IP=$(dig @resolver4.opendns.com myip.opendns.com +short -4) + +## Manually Add DDNS Script From Njalla User Account AFTER Install + +curl "https://...${IP}" + +EOF + +# + +mkdir /var/lib/external_ip + +cat > /var/lib/external_ip/external_ip.sh <<- "EOF" + +#!/usr/bin/env bash + +IP=$(dig @resolver4.opendns.com myip.opendns.com +short -4) + +echo "${IP}" > /var/lib/secrets/external_ip + +EOF + +# + +mkdir /var/lib/internal_ip + +cat > /var/lib/internal_ip/internal_ip.sh <<- "EOF" + +#!/usr/bin/env bash + +sudo echo -n $(ip route get 1.2.3.4 | awk '{print $7}') > /var/lib/secrets/internal_ip + +exit 0 + + +EOF + +# + +touch /etc/nixos/custom.nix + +cat > /etc/nixos/custom.nix <<- "EOF" + +{config, pkgs, lib, ...}: + +let + personalization = import ./personalization.nix; + + in +{ +} + +EOF + +# + +mkdir /var/lib/agenix-secrets/ + +cat > /var/lib/agenix-secrets/secrets.nix <<- "EOF" + +let + + root = "placeholder" ; + +in + +{ + + "wordpressdb.age".publicKeys = [ root ]; + + "matrixdb.age".publicKeys = [ root ]; + + "nextclouddb.age".publicKeys = [ root ]; + + "turn.age".publicKeys = [ root ]; + + "matrix_reg_secret.age".publicKeys = [ root ]; + +} + +EOF + +# + +mkdir /var/lib/secrets +mkdir /var/lib/secrets/vaultwarden + +touch /var/lib/secrets/nextclouddb +touch /var/lib/secrets/wordpressdb +touch /var/lib/secrets/matrixdb +touch /var/lib/secrets/turn +touch /var/lib/secrets/matrix_reg_secret +touch /var/lib/secrets/main +touch /var/lib/secrets/vaultwarden/vaultwarden.env +touch /var/lib/secrets/external_ip +touch /var/lib/secrets/internal_ip + +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/nextclouddb +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/wordpressdb +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/matrixdb +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/turn +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/matrix_reg_secret +echo -n $(pwgen -s 17 -1) > /var/lib/secrets/main +echo -n ADMIN_TOKEN=$(openssl rand -base64 48 +) > /var/lib/secrets/vaultwarden/vaultwarden.env + +# + +mkdir -p /root/.ssh/agenix + +ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys + +sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix + +sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix + +# + +pushd /var/lib/agenix-secrets + + echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys + +popd + + +# + +pushd /etc/nixos + + nix flake update + + nixos-rebuild switch --impure + +popd + +# + +chown root:root /var/lib/secrets/main -R + +chown root:root /var/lib/secrets/external_ip -R + +chown root:root /var/lib/secrets/internal_ip -R + +chown matrix-synapse:matrix-synapse /var/lib/secrets/matrix_reg_secret -R + +chown matrix-synapse:matrix-synapse /var/lib/secrets/matrixdb -R + +chown postgres:postgres /var/lib/secrets/nextclouddb -R + +chown turnserver:turnserver /var/lib/secrets/turn -R + +chown mysql:mysql /var/lib/secrets/wordpressdb -R + +chown vaultwarden:vaultwarden /var/lib/secrets/vaultwarden -R + + +chmod 770 /var/lib/secrets/ -R + +# + +chown caddy:php /var/lib/domains -R + +chmod 770 /var/lib/domains -R + +# + +set -x + +wget -P /var/lib/www/downloadwp https://wordpress.org/latest.zip + +wget -P /var/lib/www/downloadnc https://download.nextcloud.com/server/releases/latest.zip + +unzip /var/lib/www/downloadwp/latest.zip -d /var/lib/www/ + +unzip /var/lib/www/downloadnc/latest.zip -d /var/lib/www/ + +rm -rf /var/lib/www/downloadwp + +rm -rf /var/lib/www/downloadnc + +chown caddy:php /var/lib/www -R + +chmod 770 /var/lib/www -R + +# + +mkdir /var/lib/nextcloud + +chown caddy:php /var/lib/nextcloud -R + +chmod 770 /var/lib/nextcloud -R + +# + +mkdir /var/lib/coturn + +chown turnserver:turnserver /var/lib/coturn -R + +chmod 770 /var/lib/coturn -R + +# + +rm -rf /root/sp.sh + +# + +chown bitcoin:bitcoin /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R + +chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node -R + +chown electrs:electrs /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R + +chmod 770 /run/media/Second_Drive/BTCEcoandBackup/Electrs_Data -R + +# + +mkdir -p /home/free/Downloads + +pushd /home/free/Downloads + + wget https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Resetter/sovran_systemsOS_resetter_local_installer/sovran_systemsOS_resetter_install.sh + + bash sovran_systemsOS_resetter_install.sh + +popd + +# + +pushd /home/free/Downloads + + wget https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Updater/sovran_systemsOS_updater_local_installer/sovran_systemsOS_updater_install.sh + + bash sovran_systemsOS_updater_install.sh + +popd + +# + +mkdir -p /home/free/Pictures + +pushd /home/free/Pictures + + wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/Wallpaper_Dark_Wide.png + +popd + +chown free:users /home/free -R + +chmod 700 /home/free -R + +# + +pushd /home/free/Downloads + + sudo -u free wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/for_new_sovran_pros/Sovran_SystemsOS-Desktop + +popd + +# + +wp=$(cat /var/lib/secrets/wordpressdb) + +sudo mysql -u root -e "SET PASSWORD FOR wpusr@localhost = PASSWORD('${wp}')"; + +# + +mkdir /root/.ssh + +mkdir -p /home/free/.ssh + +chown free:users /home/free/.ssh -R + +touch /root/.ssh/authorized_keys + +sudo -u free ssh-keygen -q -N "gosovransystems" -t ed25519 -f /home/free/.ssh/factory_login + +chmod 700 /home/free/.ssh -R + +echo "$(cat /home/free/.ssh/factory_login.pub)" >> /root/.ssh/authorized_keys + +# + +sudo matrix-synapse-register_new_matrix_user -u admin -p a -a + +sudo echo "no" | matrix-synapse-register_new_matrix_user -u test -p a + +# + +# This key is removed before shipping as it allows Sovran Systems to access the machine via root remotely. + +echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCQa3DEhx9RUtV0WopfFuL3cjQt2fBzp5wOg/hkj0FXyZXpp+F47Td1B9mKMNvucINaMQB6T0mW6c70fyT92gZO2OqCff6aeWovtTd9ynRgtJbny/qvVSShDbJcR7nSMeVPoDRaYs18fuA50guYnfoYAkaXyXPmVQ0uK84HwIB5j8gq6GMji7vv+TTNhDP8qOceUzt1DYPo9Z2JSnkFey+Z/fmxWJGsu+MSrA0/PPENEmf6L0ZSgxnu3gHEtdyX2hrFzjE16y3G0wSQzbWJb8MJO0KRSMcyvz6AzOSW4RYdXR1c+4JiciKRdnIAYYHfg7tnZT9wC9AzHjdEbmmrlF05mtjXKnxbPgGY0tlRSYo7B5E0k2zfi30MkIJ6kIE9TMM2z/+1KstrQN4OKBTGomBTYQaRQCT6dGpRTR+b8lOvUcnCSuat1sUC2M2VGFcBbDbKD0FyXy/vOk1pgA4I7GoESWQClnl+ntRg8HrW4oVTX2KpqR2CXjlF956HJGqHW6k= free@nixos" >> /root/.ssh/authorized_keys + +# + +pushd /etc/nixos + + nix flake update + + nixos-rebuild switch --impure + +popd + +# + +echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512 + +echo "free:a" | chpasswd -c SHA512 + +# + +chown free:users /home/free -R + +chmod 700 /home/free -R + +# + +echo -e "${GREEN}All Finished! Please Reboot then Enjoy your New Sovran Pro!" diff --git a/modules/Sovran_SystemsOS_File_Fixes_And_New_Services.nix b/modules/Sovran_SystemsOS_File_Fixes_And_New_Services.nix new file mode 100755 index 0000000..5d766e1 --- /dev/null +++ b/modules/Sovran_SystemsOS_File_Fixes_And_New_Services.nix @@ -0,0 +1,24 @@ +{config, pkgs, lib, ...}: + +{ + + systemd.services.Sovran_SystemsOS_File_Fixes_And_New_Services = { + + unitConfig = { + After = "btcpayserver.service"; + Requires = "network-online.target"; + }; + + serviceConfig = { + ExecStartPre= "/run/current-system/sw/bin/sleep 30"; + ExecStart = "/run/current-system/sw/bin/wget https://git.sovransystems.com/Sovran_Systems/Sovran_SystemsOS/raw/branch/main/file_fixes_and_new_services/Sovran_SystemsOS_File_Fixes_And_New_Services.sh -O /home/free/Downloads/Sovran_SystemsOS_File_Fixes_And_New_Services.sh ; /run/current-system/sw/bin/bash /home/free/Downloads/Sovran_SystemsOS_File_Fixes_And_New_Services.sh"; + RemainAfterExit = "yes"; + User = "root"; + Type = "oneshot"; + }; + + wantedBy = [ "multi-user.target" ]; + + }; + +} diff --git a/modules/bitcoinecosystem.nix b/modules/bitcoinecosystem.nix new file mode 100755 index 0000000..040f277 --- /dev/null +++ b/modules/bitcoinecosystem.nix @@ -0,0 +1,153 @@ +{ config, pkgs, lib, ... }: + +{ + + ## Bitcoind + + services.bitcoind = { + enable = true; + dataDir = "/run/media/Second_Drive/BTCEcoandBackup/Bitcoin_Node"; + txindex = true; + tor.proxy = true; + disablewallet = true; + extraConfig = '' + peerbloomfilters=1 + server=1 + ''; + }; + + systemd.services.bitcoind.wants = [ "network-online.target" ]; + + nix-bitcoin.onionServices.bitcoind.enable = true; + nix-bitcoin.onionServices.electrs.enable = true; + nix-bitcoin.onionServices.rtl.enable = true; + + + + ## Electrs + + services.electrs = { + enable = true; + tor.enforce = true; + dataDir = "/run/media/Second_Drive/BTCEcoandBackup/Electrs_Data"; + }; + + + + ## CLN + + services.clightning = { + enable = true; + tor.proxy = true; + tor.enforce = true; + port = 9737; + extraConfig = '' +experimental-offers +''; + }; + + nix-bitcoin.onionServices.clightning.public = true; + + + services.clightning.replication = { + enable = true; + local.directory = "/run/media/Second_Drive/BTCEcoandBackup/clightning_db_backup"; + encrypt = false; + }; + + + + ## LND + + services.lnd = { + enable = true; + tor.enforce = true; + tor.proxy = true; + extraConfig = '' + + protocol.option-scid-alias=true + + ''; + }; + + nix-bitcoin.onionServices.lnd.public = true; + + services.lightning-loop = { + enable = true; + tor.enforce = true; + tor.proxy = true; + }; + + services.lightning-pool = { + enable = true; + tor.enforce = true; + tor.proxy = true; + }; + + + ## RTL + + services.rtl = { + enable = true; + tor.enforce = true; + port = 3050; + nightTheme = true; + nodes = { + clightning = { + enable = true; + extraConfig = { + Settings = { + enableOffers = true; + }; + }; + }; + + lnd = { + enable = true; + loop = true; + }; + + reverseOrder = true; + + }; + }; + + ## Lndconnect + + services.lnd.lndconnect = { + enable = true; + onion = true; + }; + + services.clightning.plugins.clnrest = { + enable = true; + lnconnect = { + enable = true; + onion = true; + }; + }; + + + ## BTCpay Server + + services.btcpayserver = { + enable = true; + }; + + services.btcpayserver.lightningBackend = "lnd"; + + + ## System + + nix-bitcoin.generateSecrets = true; + + nix-bitcoin.nodeinfo.enable = true; + + nix-bitcoin.operator = { + enable = true; + name = "free"; + }; + + nix-bitcoin.useVersionLockedPkgs = true; + +} diff --git a/modules/btcpayserver-fix.nix b/modules/btcpayserver-fix.nix new file mode 100644 index 0000000..dfee4d0 --- /dev/null +++ b/modules/btcpayserver-fix.nix @@ -0,0 +1,8 @@ +{ config, pkgs, lib, ... }: + +{ + + systemd.services.postgresql.postStart = lib.mkForce ''''; + + +} diff --git a/modules/coturn.nix b/modules/coturn.nix new file mode 100755 index 0000000..fbafb81 --- /dev/null +++ b/modules/coturn.nix @@ -0,0 +1,54 @@ +{config, pkgs, lib, ...}: + +let + personalization = import ./personalization.nix; + + in +{ + + systemd.services.coturn-helper = { + + script = '' + + systemctl restart coturn + + ''; + + unitConfig = { + Type = "simple"; + After = "btcpayserver.service"; + Requires = "network-online.target"; + }; + + serviceConfig = { + RemainAfterExit = "yes"; + Type = "oneshot"; + }; + + wantedBy = [ "multi-user.target" ]; + + }; + + + services.coturn = { + + enable = true; + use-auth-secret = true; + static-auth-secret = "${personalization.coturn_static_auth_secret}"; + realm = personalization.matrix_url; + cert = "/var/lib/coturn/${personalization.matrix_url}.crt.pem"; + pkey = "/var/lib/coturn/${personalization.matrix_url}.key.pem"; + min-port = 49152; + max-port = 65535; + listening-port = 5349; + no-cli = true; + extraConfig = '' + verbose + external-ip=${personalization.external_ip_secret} + stale-nonce + fingerprint + ''; + + }; + +} diff --git a/modules/personalization.nix b/modules/personalization.nix new file mode 100755 index 0000000..b2f2ca5 --- /dev/null +++ b/modules/personalization.nix @@ -0,0 +1,22 @@ +{ + +matrix_url = builtins.readFile /var/lib/domains/matrix; +wordpress_url = builtins.readFile /var/lib/domains/wordpress; +nextcloud_url = builtins.readFile /var/lib/domains/nextcloud; +btcpayserver_url = builtins.readFile /var/lib/domains/btcpayserver; +caddy_email_for_acme = builtins.readFile /var/lib/domains/sslemail; +vaultwarden_url = builtins.readFile /var/lib/domains/vaultwarden; + +## + +external_ip_secret = builtins.readFile /var/lib/secrets/external_ip; +coturn_static_auth_secret = builtins.readFile /var/lib/secrets/turn; + +## + +matrixdb = builtins.readFile /var/lib/secrets/matrixdb; +nextclouddb = builtins.readFile /var/lib/secrets/nextclouddb; +wordpressdb = builtins.readFile /var/lib/secrets/wordpressdb; + + +} diff --git a/modules/php.nix b/modules/php.nix new file mode 100644 index 0000000..f432c0f --- /dev/null +++ b/modules/php.nix @@ -0,0 +1,66 @@ +{ config, pkgs, lib, ... }: + + +let + + custom-php = pkgs.php83.buildEnv { + extensions = { enabled, all }: enabled ++ (with all; [ bz2 apcu redis imagick memcached ]); + extraConfig = '' + + display_errors = On + display_startup_errors = On + max_execution_time = 10000 + max_input_time = 3000 + memory_limit = 1G; + opcache.enable=1; + opcache.memory_consumption=512; + opcache_revalidate_freq = 240; + opcache.max_accelerated_files=20000; + post_max_size = 3G + upload_max_filesize = 3G + apc.enable_cli=1 + opcache.interned_strings_buffer = 192 + redis.session.locking_enabled=1 + redis.session.lock_retries=-1 + redis.session.lock_wait_time=10000 + + ''; + }; +in + +{ + users.users = { + + php = { + isSystemUser = true; + createHome = false; + uid = 7777; + }; + }; + + users.users.php.group = "php"; + + users.groups.php = {}; + + environment.systemPackages = with pkgs; [ + + custom-php + ]; + + services.phpfpm.pools = { + mypool = { + user = "caddy"; + group = "php"; + phpPackage = custom-php; + settings = { + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "clear_env" = "no"; + }; + }; + }; +} diff --git a/modules/synapse.nix b/modules/synapse.nix new file mode 100755 index 0000000..d633653 --- /dev/null +++ b/modules/synapse.nix @@ -0,0 +1,73 @@ +{ config, pkgs, lib, ... }: + + +####### CREATE NEW USER (ADMIN OR NOT) VIA TERMINAL ####### + +# (Run as root in terminal) matrix-synapse-register_new_matrix_user # + +####### ####### + +let + personalization = import ./personalization.nix; +in +{ + services.matrix-synapse = { + enable = true; + settings = { + push.include_content = false; + group_unread_count_by_room = false; + encryption_enabled_by_default_for_room_type = "invite"; + allow_profile_lookup_over_federation = false; + allow_device_name_lookup_over_federation = false; + server_name = personalization.matrix_url; + url_preview_enabled = true; + max_upload_size = "1024M"; + url_preview_ip_range_blacklist = [ + "10.0.0.0/8" + "100.64.0.0/10" + "169.254.0.0/16" + "172.16.0.0/12" + "192.0.0.0/24" + "192.0.2.0/24" + "192.168.0.0/16" + "192.88.99.0/24" + "198.18.0.0/15" + "198.51.100.0/24" + "2001:db8::/32" + "203.0.113.0/24" + "224.0.0.0/4" + "::1/128" + "fc00::/7" + "fe80::/10" + "fec0::/10" + "ff00::/8" + ]; + url_preview_ip_ranger_whitelist = [ "127.0.0.1" ]; + turn_shared_secret = "${personalization.coturn_static_auth_secret}"; + turn_uris = [ + "turn:${personalization.matrix_url}:5349?transport=udp" + "turn:${personalization.matrix_url}:5349?transport=tcp" + ]; + presence.enabled = true; + enable_registration = false; + registration_shared_secret = config.age.secrets.matrix_reg_secret.path; + listeners = [ + { + port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ { + names = [ "client" ]; + compress = true; + } + { + names = [ "federation" ]; + compress = false; + } ]; + } + ]; + }; + }; +} diff --git a/modules/systemd-manager_sovran_systems.nix b/modules/systemd-manager_sovran_systems.nix new file mode 100755 index 0000000..5b376f3 --- /dev/null +++ b/modules/systemd-manager_sovran_systems.nix @@ -0,0 +1,41 @@ +{ lib, stdenv, fetchzip, buildPackages }: + +stdenv.mkDerivation rec { + pname = "systemd-manager"; + version = "18"; + + src = fetchzip { + url = "https://github.com/hardpixel/systemd-manager/releases/download/v${version}/systemd-manager-v${version}.zip"; + hash = "sha256-Kd8ZxZ1f6aR1vThrWStsjk8cHrjo2KCYQgpg1em/n2k="; + stripRoot = false; + }; + + passthru = { + extensionUuid = "systemd-manager@hardpixel.eu"; + extensionPortalSlug = "systemd-manager"; + }; + + nativeBuildInputs = [ buildPackages.glib ]; + + buildPhase = '' + runHook preBuild + if [ -d schemas ]; then + glib-compile-schemas --strict schemas + fi + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + mkdir -p $out/share/gnome-shell/extensions + cp -r -T . $out/share/gnome-shell/extensions/${passthru.extensionUuid} + runHook postInstall + ''; + + meta = with lib; { + description = "GNOME Shell extension to manage systemd services"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ ]; + homepage = "https://github.com/hardpixel/systemd-manager"; + }; +} diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix new file mode 100755 index 0000000..2f34110 --- /dev/null +++ b/modules/vaultwarden.nix @@ -0,0 +1,21 @@ +{ config, pkgs, lib, ... }: + +let + personalization = import ./personalization.nix; +in +{ + + services.vaultwarden = { + enable = true; + config = { + + DOMAIN = "https://${personalization.vaultwarden_url}"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8777; + ROCKET_LOG = "critical"; + }; + dbBackend = "sqlite"; + environmentFile = "/var/lib/secrets/vaultwarden/vaultwarden.env"; + }; +} \ No newline at end of file