titan-iac/services/crypto/xmr-miner/deployment.yaml

# services/crypto/xmr-miner/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: monero-p2pool
  namespace: crypto
  labels: { app: monero-p2pool }
spec:
  replicas: 1
  selector:
    matchLabels: { app: monero-p2pool }
  template:
    metadata:
      labels: { app: monero-p2pool }
      annotations:
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/role: "crypto"
        vault.hashicorp.com/agent-inject-secret-xmr-env: "kv/data/atlas/crypto/xmr-payout"
        vault.hashicorp.com/agent-inject-template-xmr-env: |
          {{- with secret "kv/data/atlas/crypto/xmr-payout" -}}
          export XMR_ADDR="{{ .Data.data.address }}"
          {{- end -}}
    spec:
      nodeSelector:
        node-role.kubernetes.io/worker: "true"
      serviceAccountName: crypto-vault-sync
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: hardware
                operator: In
                values: ["rpi4","rpi5"]
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 50
              preference:
                matchExpressions:
                - key: hardware
                  operator: In
                  values: ["rpi4"]
      initContainers:
        - name: fetch-p2pool
          image: alpine:3.20
          command: ["/bin/sh","-c"]
          args:
            - |
              set -euxo pipefail
              apk add --no-cache curl tar openssl >/dev/null
              test -n "${P2POOL_URL}"
              echo "Downloading ${P2POOL_URL}"
              curl -fsSL "${P2POOL_URL}" -o /tmp/p2pool.tgz
              if [ -n "${P2POOL_SHA256}" ]; then
                echo "${P2POOL_SHA256}  /tmp/p2pool.tgz" | sha256sum -c -
              fi
              mkdir -p /opt/p2pool
              tar -xzf /tmp/p2pool.tgz -C /opt/p2pool
              ls -l /opt/p2pool
              BIN="$(find /opt/p2pool -maxdepth 2 -type f -name 'p2pool*' | head -n1)"
              test -n "${BIN}"
              install -m0755 "${BIN}" /opt/p2pool/p2pool
          env:
            - name: P2POOL_URL
              valueFrom: { configMapKeyRef: { name: xmr-miner-sources, key: P2POOL_URL } }
            - name: P2POOL_SHA256
              valueFrom: { configMapKeyRef: { name: xmr-miner-sources, key: P2POOL_SHA256, optional: true } }
          volumeMounts:
            - { name: p2pool-bin, mountPath: /opt/p2pool }
      containers:
        - name: monero-p2pool
          image: debian:bookworm-slim
          imagePullPolicy: IfNotPresent
          command: ["/bin/sh", "-c"]
          args:
            - |
              set -eu
              . /vault/secrets/xmr-env
              exec /opt/p2pool/p2pool \
                --host monerod.crypto.svc.cluster.local \
                --rpc-port 18081 \
                --zmq-port 18083 \
                --stratum 0.0.0.0:3333 \
                --wallet "${XMR_ADDR}"
          ports:
            - { name: stratum, containerPort: 3333, protocol: TCP }
          readinessProbe:
            tcpSocket: { port: 3333 }
            initialDelaySeconds: 10
            periodSeconds: 10
          volumeMounts:
            - { name: p2pool-bin, mountPath: /opt/p2pool }
      volumes:
        - name: p2pool-bin
          emptyDir: {}