Architecture
The normal root is immutable. Durable operator state lives on a separate partition. A committed revision is validated, activated and rendered into volatile runtime files before the miner may start.
The diagrams are maintained as Mermaid source in the repository and published here as static SVG. The browser executes no JavaScript and loads no Mermaid runtime.
Operating path
Utility and recovery are explicit side paths. They do not become hidden shortcuts around persistent state, configuration activation, huge pages or network readiness.
Boot modes
| Mode | Authority | Mining behavior |
|---|---|---|
| Normal, configured | Committed persistent revision | Automatic activation and gated startup |
| Normal, unconfigured | Firstboot on tty1 | Miner remains stopped until configuration commits |
| Utility | Kernel command-line mode condition | Normal mining is not started by utility mode itself |
| Recovery ISO | Stateless diagnostic and repair environment | Separate role, not the normal appliance image |
Systemd ordering
The miner is the last privileged consumer in the graph. Persistent state, runtime configuration and huge-page preparation must already be true before rigos-miner.service starts.
Configuration revisions
Direct edits to live miner configuration are not durable authority. The current committed revision is. Runtime files under /run/rigos are generated output.
Operator surfaces
| Surface | Role | Boundary |
|---|---|---|
rig | Short local operator command | No hidden sudo; delegates to systemd, journalctl and rigosctl |
rigosctl | Detailed authority command | Controls validated state and runtime operations |
| XMRig loopback API | Restricted health observation | Local only; token contents excluded from public output |
/run/rigos | Generated runtime and status | Private material separated from redacted public views |
Security boundaries
- Persistent state is verified before mounting and is separate from the immutable root.
- Raw runtime configuration, wallet identity, passwords, API token contents and SSH private keys are not public operator output.
- Recovery defaults to observation. Mutation requires an explicit command.
- Release artifacts require SHA256 verification. GitHub source archives are not bootable images.
- The model is practical Alpha security engineering, not a formal certification.