§ THE RIG · HARDWARE LOG
The physical layer.
Sovereignty starts at the silicon. Each rig below is in production, running, hardened, and documented end to end.
RIG-01● LIVE
Perimeter firewall / pfSense
The Vault
§ PARTS LIST
| Chassis | Protectli VP2420, 4× 2.5GbE |
| CPU | Intel J6412, 4C, 10W TDP |
| Memory | 16 GB DDR4 SO-DIMM |
| Storage | 256 GB NVMe (mirrored boot) |
| OS | pfSense CE 2.7.x on bare metal (ZFS) |
§ BUILD LOG
Coreboot flashed first; AMI firmware never touched the disk. WAN on igc0, LAN on igc1, two VLAN trunks on igc2/3. Suricata in IPS mode on WAN, WireGuard road-warrior on UDP 51820.
RIG-02● LIVE
Headless services / DNS sinkhole
Sentinel Node
§ PARTS LIST
| Board | Raspberry Pi 5, 8 GB |
| Case | Argon ONE V3 (passive + fan) |
| Storage | 512 GB NVMe via M.2 HAT |
| OS | Debian 12, full-disk encrypted |
| Stack | Unbound + AdGuard Home + Tailscale |
§ BUILD LOG
Built headless from a Mac. SSH key-only on a non-standard port, fail2ban on, unattended-upgrades on, full DNS-over-TLS upstream to a node I trust. Power draw idle: 3.1 W.