control: add transport resolver and nix control announce wiring

2026-02-22 02:23:06 -08:00 · 2026-02-22 02:23:06 -08:00 · faec62f9ae
commit faec62f9ae
parent f77fab378b
4 changed files with 260 additions and 30 deletions
--- a/nix/modules/ec-node.nix
+++ b/nix/modules/ec-node.nix
@ -107,6 +107,45 @@ in
      };
    };

+    control = {
+      enable = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Enable iroh-gossip control announcements from each wt-publish service.";
+      };
+
+      ttlMs = lib.mkOption {
+        type = lib.types.ints.positive;
+        default = 15000;
+        description = "Control announcement TTL passed to `ec-node wt-publish --control-ttl-ms`.";
+      };
+
+      intervalMs = lib.mkOption {
+        type = lib.types.ints.positive;
+        default = 5000;
+        description = "Control announcement interval passed to `ec-node wt-publish --control-interval-ms`.";
+      };
+
+      discovery = lib.mkOption {
+        type = lib.types.nullOr lib.types.str;
+        default = null;
+        example = "dht,mdns,dns";
+        description = "Optional iroh discovery mode list for control announcements.";
+      };
+
+      irohSecret = lib.mkOption {
+        type = lib.types.nullOr lib.types.str;
+        default = null;
+        description = "Optional iroh secret key (hex) for control announcement identity.";
+      };
+
+      gossipPeers = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [ ];
+        description = "Optional iroh endpoint addresses to seed control gossip joins.";
+      };
+    };
+
    broadcasts = lib.mkOption {
      type = lib.types.listOf (lib.types.submodule {
        options = {
@ -188,6 +227,7 @@ in
                      "cmd+=(${lib.concatStringsSep " " (map lib.escapeShellArg cfg.extraArgs)})";
                  explicitInputStr = if b.input == null then "" else b.input;
                  channelStr = if b.channel == null then "" else b.channel;
+                  controlGossipPeerLines = lib.concatMapStrings (peer: "cmd+=(--gossip-peer ${lib.escapeShellArg peer})\n") cfg.control.gossipPeers;
                in
                ''
                  set -euo pipefail
@ -302,6 +342,14 @@ in
                  ${lib.optionalString (!cfg.transcode) "cmd+=(--transcode=false)"}
                  ${lib.optionalString (!cfg.passthrough) "cmd+=(--passthrough=false)"}
                  ${lib.optionalString cfg.tlsDisableVerify "cmd+=(--tls-disable-verify)"}
+                  ${lib.optionalString cfg.control.enable ''
+                    cmd+=(--control-announce)
+                    cmd+=(--control-ttl-ms ${toString cfg.control.ttlMs})
+                    cmd+=(--control-interval-ms ${toString cfg.control.intervalMs})
+                    ${lib.optionalString (cfg.control.discovery != null) "cmd+=(--discovery ${lib.escapeShellArg cfg.control.discovery})"}
+                    ${lib.optionalString (cfg.control.irohSecret != null) "cmd+=(--iroh-secret ${lib.escapeShellArg cfg.control.irohSecret})"}
+                    ${controlGossipPeerLines}
+                  ''}
                  ${extraArgsLine}

                  # Keep the unit alive even if the relay is temporarily unreachable.