nix-config/modules/nixos/monero/default.nix

{
  config,
  pkgs,
  lib,
  ...
}:

let
  cfg = config.services.monero;
  sops = config.sops;

  inherit (lib) mkDefault mkIf getExe;
in
{
  config = mkIf cfg.enable {
    services.monero = {
      environmentFile = sops.templates."monero/environment-file".path;
      mining.enable = false; # use XMRig + P2Pool
      rpc = {
        address = mkDefault "127.0.0.1";
        port = mkDefault 18081;
        user = mkDefault "monero";
        password = mkDefault "$MONERO_RPC_PASSWORD";
      };
      extraConfig = ''
        zmq-pub=tcp://127.0.0.1:18083
        out-peers=32
        in-peers=64
        prune-blockchain=1
        sync-pruned-blocks=1
        add-priority-node=p2pmd.xmrvsbeast.com:18080
        add-priority-node=nodes.hashvault.pro:18080
        enforce-dns-checkpointing=1
        enable-dns-blocklist=1
      '';
    };

    systemd.services.p2pool = {
      description = "P2Pool Monero Sidechain Node";
      after = [
        "monero.service"
        "network.target"
      ];
      wantedBy = [ "multi-user.target" ];
      path = [ pkgs.p2pool ];

      serviceConfig = {
        User = "p2pool";
        Group = "p2pool";
        WorkingDirectory = "/var/lib/p2pool";
        ExecStart = "${getExe pkgs.p2pool} --host 127.0.0.1 --wallet ${cfg.mining.address}";
        Restart = "always";
        RestartSec = 10;
        NoNewPrivileges = true;
        PrivateTmp = true;
        ProtectSystem = "strict";
        ProtectHome = true;
      };
    };

    users.users.p2pool = {
      isSystemUser = true;
      group = "p2pool";
      home = "/var/lib/p2pool";
      createHome = true;
    };
    users.groups.p2pool = { };

    services.xmrig = {
      enable = true;
      settings = {
        autosave = true;
        cpu = {
          enabled = true;
          huge-pages = true;
          hw-aes = null;
          asm = true;
          yield = true;
        };
        opencl.enabled = false;
        cuda.enabled = false;
        pools = [
          {
            url = "127.0.0.1:3333";
            user = "";
            pass = "";
          }
        ];
        api.enable = true;
      };
    };

    sops =
      let
        owner = "monero";
        group = "monero";
        mode = "0440";
      in
      {
        secrets."monero/rpc-password" = {
          inherit owner group mode;
        };
        templates."monero/environment-file" = {
          inherit owner group mode;
          content = ''
            MONERO_RPC_PASSWORD=${sops.placeholder."monero/rpc-password"}
          '';
        };
      };
  };
}