every.channel/evolution/proposals/ECP-0069-nixos-control-bridge-autobootstrap.md

ECP-0069: NixOS Control Bridge Auto-Bootstrap

Status: Draft

Decision

Extend the NixOS services.every-channel.ec-node module so web directory bridge startup is automatic and does not require manual peer copy/paste.

1. ec-node wt-publish gains --control-endpoint-addr-out <path>.

• When --control-announce is enabled, it writes the local control endpoint address JSON to the provided file.
• It also logs both control endpoint id and endpoint address at startup.

2. NixOS module updates:

• Publisher units pass --control-endpoint-addr-out /run/every-channel/control-peer-<broadcast>.json.
• New control.bridgeWeb.* options start a managed every-channel-control-bridge-web service.
• Bridge service reads endpoint-address files from running publishers and feeds them into control-bridge-web --gossip-peer ... automatically.

Motivation

Browser users need every.channel to show active streams without manual bootstrap steps. Previously, the bridge had no stable way to discover local publishers after reboot/service restart. Writing endpoint-address files from publishers makes bridge bootstrap deterministic on one host.

Scope

In scope:

• New wt-publish endpoint-address output flag.
• NixOS module wiring for endpoint file emission.
• Managed bridge service with restart-safe peer refresh.

Out of scope:

• Cross-host authenticated discovery trust model.
• Signed control announcements.
• Browser-native iroh direct transport playback.

Rollout / Reversibility

• Additive: existing publisher behavior is unchanged when control.bridgeWeb.enable = false.
• Revert path: disable bridge service and/or remove endpoint-file arg.
• Failure mode: if no peer files exist, bridge waits and retries without failing system activation.