Phase 1 of #152 shipped in #207: p2pool.stratum_password is an opt-in, default-off pithead config knob — a security-conscious operator enables it and sets each rig's stratum pass by hand.
Phase 2 (cross-repo, the zero-friction default-on): RigForge's worker provisioning already takes the stack hostname during setup; it should also retrieve the stratum password and write it into each rig's xmrig pass. Then pithead could auto-generate the secret ("auto") and the whole stack would ship with authenticated stratum on by default, the way PROXY_AUTH_TOKEN is already auto-managed — no manual rig edits.
Open questions for the RigForge side:
- How the rig kit retrieves the secret from the stack host at setup (it's in pithead's
.env as PROXY_STRATUM_PASSWORD and surfaced by pithead status).
- Rotation story: if the operator regenerates the secret, rigs need to re-fetch.
- Keep it cleartext-aware: this is LAN access control, not encryption (a TLS-on-stratum follow-on would pair with it).
Implementation lives in the RigForge repo; this is the pithead-side tracking issue. Update docs/workers.md#authentication when default-on lands.
Refs #152, #207.
Phase 1 of #152 shipped in #207:
p2pool.stratum_passwordis an opt-in, default-off pithead config knob — a security-conscious operator enables it and sets each rig's stratumpassby hand.Phase 2 (cross-repo, the zero-friction default-on): RigForge's worker provisioning already takes the stack hostname during setup; it should also retrieve the stratum password and write it into each rig's xmrig
pass. Then pithead could auto-generate the secret ("auto") and the whole stack would ship with authenticated stratum on by default, the wayPROXY_AUTH_TOKENis already auto-managed — no manual rig edits.Open questions for the RigForge side:
.envasPROXY_STRATUM_PASSWORDand surfaced bypithead status).Implementation lives in the RigForge repo; this is the pithead-side tracking issue. Update
docs/workers.md#authenticationwhen default-on lands.Refs #152, #207.