every-channel/every.channel
1
0
Fork 0
Code Releases Activity Actions 2
every.channel/evolution/proposals/ECP-0069-nixos-control-bridge-autobootstrap.md

43 lines
2 KiB
Markdown
Raw Blame History

# ECP-0069: NixOS Control Bridge Auto-Bootstrap
Status: Implemented
## Decision
Extend the NixOS `services.every-channel.ec-node` module so web directory bridge startup is automatic and does not require manual peer copy/paste.
1. `ec-node wt-publish` gains `--control-endpoint-addr-out <path>`.
- When `--control-announce` is enabled, it writes the local control endpoint address JSON to the provided file.
- It also logs both control endpoint id and endpoint address at startup.
2. NixOS module updates:
- Publisher units pass `--control-endpoint-addr-out /run/every-channel/control-peer-<broadcast>.json`.
- New `control.bridgeWeb.*` options start a managed `every-channel-control-bridge-web` service.
- Bridge service reads endpoint-address files from running publishers and feeds them into `control-bridge-web --gossip-peer ...` automatically.
## Motivation
Browser users need `every.channel` to show active streams without manual bootstrap steps. Previously, the bridge had no stable way to discover local publishers after reboot/service restart. Writing endpoint-address files from publishers makes bridge bootstrap deterministic on one host.
## Scope
In scope:
- New `wt-publish` endpoint-address output flag.
- NixOS module wiring for endpoint file emission.
- Managed bridge service with restart-safe peer refresh.
Out of scope:
- Cross-host authenticated discovery trust model.
- Signed control announcements.
- Browser-native iroh direct transport playback.
## Alternatives considered
- Continue manual gossip peer bootstrapping for the bridge. Rejected because restarts/reboots cause repeated operational toil.
- Use static peer lists only. Rejected because local publisher sets are dynamic and should be discovered from runtime endpoint files.
## Rollout / Reversibility
- Additive: existing publisher behavior is unchanged when `control.bridgeWeb.enable = false`.
- Revert path: disable bridge service and/or remove endpoint-file arg.
- Failure mode: if no peer files exist, bridge waits and retries without failing system activation.
View git blame Copy permalink