Documentation / 14. Windows operator path (WSL2)

Chapter 14

Windows operator path (WSL2)

Strong Windows hardware (Epyc, Threadripper, high-end Ryzen) onboarded as Tunnelees behind a cheap VPS, via WSL2 + Docker. Includes the NTFS-vs-ext4 trap, sizing tables for typical Windows hosts, and caveats around Windows reboots / sleep.

This chapter is for operators with strong Windows hardware — gaming rigs, prosumer workstations, idle office PCs with Epyc / Threadripper / high-end Ryzen chips and 64 GB+ RAM — who want to contribute compute to the fleet without changing their host OS.

The path: install WSL2(Microsoft’s built-in Linux subsystem), run Docker inside it, and onboard as one or more Tunnelees behind a cheap Tunneler VPS. No Windows reconfiguration, no port forwarding, no firewall changes.

Why Tunneler/Tunnelee, not direct IP?

WSL2 has its own virtual network with its own IP, separate from your Windows host’s. Outbound internet works through Windows’s NAT automatically — that’s why you can browse the web from inside WSL2. But inbound connections to WSL2 from the public internet would require Windows port forwarding rules, firewall reconfiguration, and a static WSL2 IP setup. That works but is fiddly and brittle.

Tunneling sidesteps all of that. Your home box dials outbound to a public-IP VPS (Tunneler), and peers + the hub reach you through that VPS. Outbound is always permitted. Zero Windows config.

Setup sequence

  1. Install WSL2. Open PowerShell as administrator, run wsl --install -d Ubuntu-24.04. Reboot.
  2. First boot: Ubuntu opens a terminal, asks you to create a username + password (this is your WSL2 user, distinct from your Windows account). Then run sudo apt update && sudo apt upgrade -y.
  3. Install Docker: either Docker Desktop for Windows (GUI, plugs into WSL2 backend automatically) or sudo apt install -y docker.io directly inside Ubuntu.
  4. Install fio(used by the hub’s disk- type gate): sudo apt install -y fio.
  5. Rent a Tunneler VPS. €1/mo IONOS XS+ or €3/mo Hetzner CX11 are typical. Get root SSH access. Onboard it to the hub via the normal Tunneler-onboarding flow (§18 covers the hub-driven path).
  6. Click “Link Tunnelee”on the Tunneler’s Overview tab. The hub generates a one-liner. Paste it into your WSL2 bash terminal. Bootstrap script installs frpc + opens the tunnel + phones home.
  7. Install StoaChain via the hub wizard. It probes your WSL2 instance, sees 64 logical CPUs / 128 GB RAM (or whatever your box has) and recommends Segregated-N.

The NTFS-vs-ext4 trap (critical)

WSL2 lets you access your Windows drives at paths like /mnt/c/.... Convenient, but do not put chainweb data on those paths. The cross-filesystem boundary between Linux and Windows incurs a 10–20× disk performance penalty. Chainweb’s RocksDB workload is dominated by random reads; on an NTFS-bridged path you’ll measure ~5,000 IOPS where your actual NVMe can do 50,000+.

Use a path inside WSL2’s native ext4 filesystem — e.g., /home/yourname/stoa-data or /mnt/wsl-stoaif you’ve created a dedicated mount. Docker volumes inside WSL2 do this automatically when you don’t bind-mount across the Windows boundary.

The hub’s wizard-time disk-check (§16 covers the gate) catches this automatically. If your fio reading is below 2,000 IOPS on what should be fast NVMe, the wizard refuses with the diagnostic “data path appears to be on a Windows-drive mount through WSL2.”

Sizing for typical Windows hosts

Example hostContainersPer container
Gaming PC: Ryzen 7 7700X (8c/16t) + 32 GB24 CPU + 10 GB
Workstation: Ryzen 9 7950X (16c/32t) + 64 GB46 CPU + 12 GB
Prosumer: Epyc Rome 7302 (16c/32t) + 128 GB46 CPU + 24 GB
Big iron: Epyc 32c/64t + 128 GB68 CPU + 16 GB

These leave 25–50 % of host resources for Windows + whatever else the operator uses the box for. An always-idle office PC could push to 80 % utilisation; a daily-driver gaming rig should stay conservative so games don’t hitch. The wizard’s “Strong hardware detected” recommendation card defaults to the safer side; you can override.

Caveats

  • Windows updatesreboot the host. WSL2 systemd units don’t auto-start on Windows boot unless you set up wsl.conf with systemd=true (recent WSL2 versions support this). Without that, your chainweb containers stop on reboot until you open WSL2 again.
  • Sleep modeon a laptop pauses WSL2. Chainweb falls behind the cut while sleeping; resumes on wake but loses Stoicism warmup if it was still in the warmup window. Desktop Windows boxes that don’t sleep are the recommended hardware shape.
  • Antivirussometimes interferes with WSL2 filesystem performance. Defender is generally fine; some third-party products are not. If your fio reading is low even on ext4 paths, check antivirus exclusions for the WSL2 distro’s vhdx file location.

In one paragraph

Install WSL2 + Docker on Windows, rent a €1–3/mo Tunneler VPS, paste the hub’s one-liner into WSL2 bash, install StoaChain via the wizard with Segregated-N based on your hardware, keep chainweb data on WSL2’s native ext4 filesystem (not /mnt/c/...). 4–6 scored chainweb peers from one idle Windows box, no Windows reconfiguration. Best ratio of scored-peers-per-euro in the fleet for operators with already-paid-for big iron.