# ECP-0064: NixOS Module For `ec-node` WebTransport Publisher (Tower)

Status: Implemented

## Decision

Ship a first-party NixOS module in this repo that runs `ec-node wt-publish` as one or more `systemd` services.

The module:

- Lives in-repo and is exported from the flake as `nixosModules.ec-node`.
- Builds `ec-node` from this repo via Nix (no mutable checkout required on the target host).
- Accepts a read-only configuration (in Nix) for:
  - HDHomeRun identity (either `host` IP/DNS, or `deviceId` with optional LAN discovery).
  - A list of broadcasts (name + channel) to publish.
  - Relay URL and a small set of `wt-publish` toggles (transcode/passthrough/TLS verify).

`~/Projects/nix` will consume this module as a flake input and enable it on the `conrad-tower` host, deploying with the existing `deploy-flake` workflow.

## Motivation

Tower should run publishing continuously, reproducibly, and without "tmux as an orchestration layer".

NixOS + systemd gives:

- Immutable configuration for the HDHR/relay/channel list.
- Easy deployment/rollback via the existing host flake.
- Restart and journald logs for long-running publishers.

## Scope

In scope:

- Nix packaging for `ec-node` sufficient to run `wt-publish`.
- A module that instantiates a `systemd` unit per broadcast.
- Optional HDHR host resolution via device-id + local network discovery (best-effort).

Out of scope (defer):

- ABR/multi-variant ladders from Nix config.
- Automatic lineup-based channel selection by callsign.
- Secrets management (publisher doesn't require secrets for Cloudflare relay preview).

## Alternatives considered

- Continue running publishers manually via shells/tmux. Rejected because it is not reproducible or restart-safe.
- Build a separate external deployment repo first. Rejected because this delays in-repo infrastructure ownership.

## Rollout / Reversibility

- Enabling the module is per-host.
- Reversible by removing the module import and disabling the service(s); roll back with the existing deployment tooling.