p2pool: mini -> nano

https://github.com/NixOS/nixpkgs/pull/427723/changes#r2919054771

configuration.nix

@@ -52,6 +52,7 @@
     ./services/livekit.nix
 
     ./services/monero.nix
+    ./services/p2pool.nix
     ./services/xmrig.nix
 
     # KEEP UNTIL 2028

flake.lock

@@ -89,11 +89,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772420042,
+        "lastModified": 1773025010,
-        "narHash": "sha256-naZz40TUFMa0E0CutvwWsSPhgD5JldyTUDEgP9ADpfU=",
+        "narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "5af7af10f14706e4095bd6bc0d9373eb097283c6",
+        "rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3",
         "type": "github"
       },
       "original": {
@@ -197,11 +197,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772633058,
+        "lastModified": 1772985280,
-        "narHash": "sha256-SO7JapRy2HPhgmqiLbfnW1kMx5rakPMKZ9z3wtRLQjI=",
+        "narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "080657a04188aca25f8a6c70a0fb2ea7e37f1865",
+        "rev": "8f736f007139d7f70752657dff6a401a585d6cbc",
         "type": "github"
       },
       "original": {
@@ -300,11 +300,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1771969195,
+        "lastModified": 1772972630,
-        "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
+        "narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
+        "rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
         "type": "github"
       },
       "original": {
@@ -316,11 +316,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1772598333,
+        "lastModified": 1773068389,
-        "narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=",
+        "narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239",
+        "rev": "44bae273f9f82d480273bab26f5c50de3724f52f",
         "type": "github"
       },
       "original": {
@@ -330,6 +330,23 @@
         "type": "github"
       }
     },
+    "nixpkgs-p2pool-module": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1764744779,
+        "narHash": "sha256-15mhGU8HZq4e6U2WnIhQvJNuUmU5aIO0RHMjzv9gVZs=",
+        "owner": "JacoMalan1",
+        "repo": "nixpkgs",
+        "rev": "3784f8a0dc56806ffbc550701d3aa27436ebb3e5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "JacoMalan1",
+        "ref": "create-p2pool-service",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1764517877,
@@ -381,6 +398,7 @@
         "nix-minecraft": "nix-minecraft",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
+        "nixpkgs-p2pool-module": "nixpkgs-p2pool-module",
         "senior_project-website": "senior_project-website",
         "srvos": "srvos",
         "trackerlist": "trackerlist",
@@ -454,11 +472,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1772416961,
+        "lastModified": 1773021923,
-        "narHash": "sha256-/IiEGGjy0e8Ljo6418fFlqMJs7VLuLxU5pDR5uE+GLE=",
+        "narHash": "sha256-ro+i3wNoD2p5FloGGlkCzdmzgBDeq2LJwaIpaI9Dk7Q=",
         "owner": "nix-community",
         "repo": "srvos",
-        "rev": "bcdbafece2815d32c8dfc51ef17f2858f3d4cfbc",
+        "rev": "7f92c2bcbeb42ce87770a7565f0e6f92c8134354",
         "type": "github"
       },
       "original": {
@@ -530,11 +548,11 @@
     "trackerlist": {
       "flake": false,
       "locked": {
-        "lastModified": 1772579383,
+        "lastModified": 1773184165,
-        "narHash": "sha256-uWJcem+KJZ1xBWv3WYwpYoW/xrie67h47DVUhQl3GcI=",
+        "narHash": "sha256-uGD+QgYZD1ntXl43523bKziyBUs1c3ONi+n5FeFZre0=",
         "owner": "ngosang",
         "repo": "trackerslist",
-        "rev": "6eed267b7044a39b1ccc66437cb56ec38373f288",
+        "rev": "448eba328ad00172a4ba049ec9f9f073b9cd278b",
         "type": "github"
       },
       "original": {
@@ -579,17 +597,17 @@
     "website": {
       "flake": false,
       "locked": {
-        "lastModified": 1768266466,
+        "lastModified": 1773169503,
-        "narHash": "sha256-d4dZzEcIKuq4DhNtXczaflpRifAtcOgNr45W2Bexnps=",
+        "narHash": "sha256-P+T2H18k3zmEHxu7ZIDYyTrK5G3KUcZYW1AzVMKyCMs=",
         "ref": "refs/heads/main",
-        "rev": "06011a27456b3b9f983ef1aa142b5773bcb52b6e",
+        "rev": "ae7a7d8325f841c52efb6fd81c4956b84631aa06",
-        "revCount": 23,
+        "revCount": 24,
         "type": "git",
-        "url": "https://git.gardling.com/titaniumtown/website"
+        "url": "https://git.sigkill.computer/titaniumtown/website"
       },
       "original": {
         "type": "git",
-        "url": "https://git.gardling.com/titaniumtown/website"
+        "url": "https://git.sigkill.computer/titaniumtown/website"
       }
     },
     "ytbn-graphing-software": {
@@ -605,11 +623,11 @@
         "rev": "ac6265eae734363f95909df9a3739bf6360fa721",
         "revCount": 1130,
         "type": "git",
-        "url": "https://git.gardling.com/titaniumtown/YTBN-Graphing-Software"
+        "url": "https://git.sigkill.computer/titaniumtown/YTBN-Graphing-Software"
       },
       "original": {
         "type": "git",
-        "url": "https://git.gardling.com/titaniumtown/YTBN-Graphing-Software"
+        "url": "https://git.sigkill.computer/titaniumtown/YTBN-Graphing-Software"
       }
     }
   },

flake.nix

@@ -56,7 +56,7 @@
     };
 
     website = {
-      url = "git+https://git.gardling.com/titaniumtown/website";
+      url = "git+https://git.sigkill.computer/titaniumtown/website";
       flake = false;
     };
 
@@ -66,13 +66,18 @@
     };
 
     ytbn-graphing-software = {
-      url = "git+https://git.gardling.com/titaniumtown/YTBN-Graphing-Software";
+      url = "git+https://git.sigkill.computer/titaniumtown/YTBN-Graphing-Software";
     };
 
     arr-init = {
       url = "git+ssh://gitea@git.gardling.com/titaniumtown/arr-init";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    nixpkgs-p2pool-module = {
+      url = "github:JacoMalan1/nixpkgs/create-p2pool-service";
+      flake = false;
+    };
   };
 
   outputs =
@@ -89,6 +94,7 @@
       deploy-rs,
       impermanence,
       arr-init,
+      nixpkgs-p2pool-module,
       ...
     }@inputs:
     let
@@ -167,6 +173,8 @@
 
           arr-init.nixosModules.default
 
+          (import "${nixpkgs-p2pool-module}/nixos/modules/services/networking/p2pool.nix")
+
           home-manager.nixosModules.home-manager
           (
             {

service-configs.nix

@@ -21,6 +21,7 @@ rec {
     livekit = 7880; # TCP
     soulseek_listen = 50300; # TCP
     monero = 18080; # TCP
+    p2pool_p2p = 37889; # TCP
     murmur = 64738; # TCP + UDP
 
     # private
@@ -41,11 +42,14 @@ rec {
     bazarr = 6767; # TCP
     jellyseerr = 5055; # TCP
     monero_rpc = 18081; # TCP
+    monero_zmq = 18083; # TCP
+    p2pool_stratum = 3334; # TCP
   };
 
   https = {
     certs = services_dir + "/http_certs";
-    domain = "gardling.com";
+    domain = "sigkill.computer";
+    old_domain = "gardling.com"; # Redirect traffic from old domain
   };
 
   gitea = {
@@ -95,6 +99,10 @@ rec {
     dataDir = services_dir + "/monero";
   };
 
+  p2pool = {
+    dataDir = services_dir + "/p2pool";
+  };
+
   matrix = {
     dataDir = "/var/lib/continuwuity";
     domain = "matrix.${https.domain}";

services/caddy.nix

@@ -41,6 +41,9 @@ let
       hugo --minify -d $out;
     '';
   };
+
+  newDomain = service_configs.https.domain;
+  oldDomain = service_configs.https.old_domain;
 in
 {
   imports = [
@@ -52,14 +55,53 @@ in
   services.caddy = {
     enable = true;
     email = "titaniumtown@proton.me";
+
+    # Enable on-demand TLS for old domain redirects
+    # Certs are issued dynamically when subdomains are accessed
+    globalConfig = ''
+      on_demand_tls {
+        ask http://localhost:9123/check
+      }
+    '';
+
+    # Internal endpoint to validate on-demand TLS requests
+    # Only allows certs for *.${oldDomain}
+    extraConfig = ''
+      http://localhost:9123 {
+        @allowed expression {query.domain}.endsWith(".${oldDomain}") || {query.domain} == "${oldDomain}" || {query.domain} == "www.${oldDomain}"
+        respond @allowed 200
+        respond 403
+      }
+    '';
+
     virtualHosts = {
-      ${service_configs.https.domain} = {
+      ${newDomain} = {
         extraConfig = ''
           root * ${hugoWebsite}
           file_server browse
         '';
 
-        serverAliases = [ "www.${service_configs.https.domain}" ];
+        serverAliases = [ "www.${newDomain}" ];
+      };
+
+      # Redirect old domain (bare + www) to new domain
+      ${oldDomain} = {
+        extraConfig = ''
+          redir https://${newDomain}{uri} permanent
+        '';
+        serverAliases = [ "www.${oldDomain}" ];
+      };
+
+      # Wildcard redirect for all old domain subdomains
+      # Uses on-demand TLS - certs issued automatically on first request
+      "*.${oldDomain}" = {
+        extraConfig = ''
+          tls {
+            on_demand
+          }
+          # {labels.2} extracts subdomain from *.gardling.com
+          redir https://{labels.2}.${newDomain}{uri} permanent
+        '';
       };
     };
   };

services/matrix.nix

@@ -1,34 +1,9 @@
 {
   config,
-  pkgs,
   service_configs,
   lib,
   ...
 }:
-let
-  package =
-    let
-      src = pkgs.fetchFromGitea {
-        domain = "forgejo.ellis.link";
-        owner = "continuwuation";
-        repo = "continuwuity";
-        rev = "052c4dfa2165fdc4839fed95b71446120273cf23";
-        hash = "sha256-kQV4glRrKczoJpn9QIMgB5ac+saZQjSZPel+9K9Ykcs=";
-      };
-    in
-    pkgs.matrix-continuwuity.overrideAttrs (old: {
-      inherit src;
-      cargoDeps = pkgs.rustPlatform.fetchCargoVendor {
-        inherit src;
-        name = "${old.pname}-vendor";
-        hash = "sha256-vlOXQL8wwEGFX+w0G/eIeHW3J1UDzhJ501kYhAghDV8=";
-      };
-
-      patches = (old.patches or [ ]) ++ [
-
-      ];
-    });
-in
 {
   imports = [
     (lib.serviceMountWithZpool "continuwuity" service_configs.zpool_ssds [
@@ -41,7 +16,6 @@ in
 
   services.matrix-continuwuity = {
     enable = true;
-    inherit package;
 
     settings.global = {
       port = [ service_configs.ports.matrix ];

services/monero.nix

@@ -23,6 +23,7 @@
     };
     extraConfig = ''
       p2p-bind-port=${builtins.toString service_configs.ports.monero}
+      zmq-pub=tcp://127.0.0.1:${builtins.toString service_configs.ports.monero_zmq}
       db-sync-mode=fast:async:1000000000bytes
       public-node=1
       confirm-external-bind=1

services/p2pool.nix

@@ -0,0 +1,48 @@
+{
+  config,
+  service_configs,
+  lib,
+  ...
+}:
+let
+  walletAddress = lib.strings.trim (builtins.readFile ../secrets/xmrig-wallet);
+in
+{
+  imports = [
+    (lib.serviceMountWithZpool "p2pool" service_configs.zpool_hdds [
+      service_configs.p2pool.dataDir
+    ])
+    (lib.serviceFilePerms "p2pool" [
+      "Z ${service_configs.p2pool.dataDir} 0700 p2pool p2pool"
+    ])
+  ];
+
+  services.p2pool = {
+    enable = true;
+    dataDir = service_configs.p2pool.dataDir;
+    walletAddress = walletAddress;
+    sidechain = "nano";
+    host = "127.0.0.1";
+    rpcPort = service_configs.ports.monero_rpc;
+    zmqPort = service_configs.ports.monero_zmq;
+    extraArgs = [
+      " --stratum 0.0.0.0:${builtins.toString service_configs.ports.p2pool_stratum}"
+    ];
+  };
+
+  # Ensure p2pool starts after monero is ready
+  systemd.services.p2pool = {
+    after = [ "monero.service" ];
+    wants = [ "monero.service" ];
+  };
+
+  # Stop p2pool on UPS battery to conserve power
+  services.apcupsd.hooks = lib.mkIf config.services.apcupsd.enable {
+    onbattery = "systemctl stop p2pool";
+    offbattery = "systemctl start p2pool";
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    service_configs.ports.p2pool_p2p
+  ];
+}

services/qbittorrent.nix

@@ -102,7 +102,6 @@
         ChokingAlgorithm = "RateBased";
         PieceExtentAffinity = true;
         SuggestMode = true;
-        CoalesceReadWrite = true;
 
         # max_queued_disk_bytes: the max bytes waiting in the disk I/O queue.
         # When this limit is reached, peer connections stop reading from their
@@ -112,6 +111,12 @@
         # where ZFS txg commits cause periodic I/O stalls.
         DiskQueueSize = 67108864; # 64MB
 
+        # POSIX-compliant disk I/O: uses pread/pwrite instead of mmap.
+        # On ZFS, mmap forces data into BOTH ARC and Linux page cache (double-caching),
+        # wasting RAM. pread/pwrite goes only through ARC, maximizing its effectiveness.
+        # Saved 26 gb of memory!!
+        DiskIOType = "Posix";
+
         # === Network buffer tuning (from libtorrent high_performance_seed preset) ===
         # "always stuff at least 1 MiB down each peer pipe, to quickly ramp up send rates"
         SendBufferLowWatermark = 1024; # 1MB (KiB) -- matches high_performance_seed

services/xmrig.nix

@@ -2,11 +2,10 @@
   config,
   lib,
   pkgs,
-  hostname,
+  service_configs,
   ...
 }:
 let
-  walletAddress = lib.strings.trim (builtins.readFile ../secrets/xmrig-wallet);
   threadCount = 12;
 in
 {
@@ -33,11 +32,8 @@ in
 
       pools = [
         {
-          url = "gulf.moneroocean.stream:20128";
+          url = "127.0.0.1:${builtins.toString service_configs.ports.p2pool_stratum}";
-          user = walletAddress;
+          tls = false;
-          pass = hostname + "~rx/0";
-          keepalive = true;
-          tls = true;
         }
       ];
     };