ECP-0069: NixOS Control Bridge Auto-Bootstrap

Status: Implemented

Decision

Extend the NixOS services.every-channel.ec-node module so web directory bridge startup is automatic and does not require manual peer copy/paste.

ec-node wt-publish gains --control-endpoint-addr-out <path>.

When --control-announce is enabled, it writes the local control endpoint address JSON to the provided file.
It also logs both control endpoint id and endpoint address at startup.

NixOS module updates:

Publisher units pass --control-endpoint-addr-out /run/every-channel/control-peer-<broadcast>.json.
New control.bridgeWeb.* options start a managed every-channel-control-bridge-web service.
Bridge service reads endpoint-address files from running publishers and feeds them into control-bridge-web --gossip-peer ... automatically.

Motivation

Browser users need every.channel to show active streams without manual bootstrap steps. Previously, the bridge had no stable way to discover local publishers after reboot/service restart. Writing endpoint-address files from publishers makes bridge bootstrap deterministic on one host.

Scope

In scope:

New wt-publish endpoint-address output flag.
NixOS module wiring for endpoint file emission.
Managed bridge service with restart-safe peer refresh.

Out of scope:

Cross-host authenticated discovery trust model.
Signed control announcements.
Browser-native iroh direct transport playback.

Alternatives considered

Continue manual gossip peer bootstrapping for the bridge. Rejected because restarts/reboots cause repeated operational toil.
Use static peer lists only. Rejected because local publisher sets are dynamic and should be discovered from runtime endpoint files.

Rollout / Reversibility

Additive: existing publisher behavior is unchanged when control.bridgeWeb.enable = false.
Revert path: disable bridge service and/or remove endpoint-file arg.
Failure mode: if no peer files exist, bridge waits and retries without failing system activation.

2 KiB Raw Blame History