# services/crypto/xmr-miner/xmrig-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: xmr-xmrig
  namespace: crypto
  labels: { app: xmr-xmrig }
spec:
  selector:
    matchLabels: { app: xmr-xmrig }
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels: { app: xmr-xmrig }
    spec:
      nodeSelector:
        kubernetes.io/arch: arm64
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/control-plane
                    operator: DoesNotExist
                  - key: node-role.kubernetes.io/master
                    operator: DoesNotExist
      volumes:
        - name: tools
          emptyDir: {}
        - name: payout
          secret:
            secretName: xmr-payout
        - name: sources
          configMap:
            name: xmr-miner-sources
      initContainers:
        - name: fetch-xmrig
          image: debian:bookworm-slim
          command: ["/bin/sh","-lc"]
          args:
            - |
              set -eux
              apt-get update
              apt-get install -y --no-install-recommends ca-certificates curl xz-utils tar coreutils
              update-ca-certificates

              XMRIG_URL="$(cat /cfg/XMRIG_URL)";  : "${XMRIG_URL:?XMRIG_URL required}"
              XMRIG_SHA="$(cat /cfg/XMRIG_SHA256)"; true

              mkdir -p /opt/bin
              curl -fL "$XMRIG_URL" -o /tmp/xmrig.tgz
              if [ -n "${XMRIG_SHA:-}" ]; then echo "${XMRIG_SHA}  /tmp/xmrig.tgz" | sha256sum -c -; fi
              tar -x -C /tmp -f /tmp/xmrig.tgz || true
              XR=$(find /tmp -maxdepth 3 -type f -name 'xmrig*' -perm -u+x | head -n1)
              test -n "$XR" && cp "$XR" /opt/bin/xmrig && chmod 0755 /opt/bin/xmrig
              ls -l /opt/bin
          volumeMounts:
            - { name: tools,   mountPath: /opt/bin }
            - { name: sources, mountPath: /cfg, readOnly: true }
      containers:
        - name: xmrig
          image: debian:bookworm-slim
          env:
            - { name: XMRIG_THREADS,   valueFrom: { configMapKeyRef: { name: xmr-miner-sources, key: XMRIG_THREADS } } }
            - { name: XMRIG_EXTRA_ARGS,valueFrom: { configMapKeyRef: { name: xmr-miner-sources, key: XMRIG_EXTRA_ARGS } } }
          command: ["/bin/sh","-lc"]
          args:
            - |
              set -eu
              ADDR="$(cat /run/xmr/address)"
              THR="${XMRIG_THREADS:-1}"
              EXTRA="${XMRIG_EXTRA_ARGS:-}"
              # Lowest CPU/IO priority; connect to cluster p2pool
              exec nice -n 19 ionice -c3 /opt/bin/xmrig \
                -o p2pool.crypto.svc.cluster.local:3333 \
                -u x+10000 \
                -a rx \
                -k \
                --donate-level 0 \
                --cpu-priority 1 \
                --threads "${THR}" ${EXTRA}
          volumeMounts:
            - { name: tools,  mountPath: /opt/bin }
            - { name: payout, mountPath: /run/xmr, readOnly: true }
          # BestEffort QoS: no requests/limits → yields CPU when others need it