feat(cli/daemon): peer-ready defaults for routing (#1268)

Author: paralta

cli/cmd/daemon/config.go

@@ -84,6 +84,8 @@ func bindCredentialEnvVars(v *viper.Viper) {
 	_ = v.BindEnv("server.database.postgres.username")
 	_ = v.BindEnv("server.database.postgres.password")
 
+	_ = v.BindEnv("server.routing.bootstrap_peers")
+
 	_ = v.BindEnv("server.store.oci.auth_config.username")
 	_ = v.BindEnv("server.store.oci.auth_config.password")
 	_ = v.BindEnv("server.store.oci.auth_config.access_token")
@@ -106,6 +108,7 @@ func resolveRelativePaths(cfg *DaemonConfig) {
 	}
 
 	cfg.Server.Store.OCI.LocalDir = resolve(cfg.Server.Store.OCI.LocalDir)
+	cfg.Server.Routing.KeyPath = resolve(cfg.Server.Routing.KeyPath)
 	cfg.Server.Routing.DatastoreDir = resolve(cfg.Server.Routing.DatastoreDir)
 	cfg.Server.Database.SQLite.Path = resolve(cfg.Server.Database.SQLite.Path)
 }

cli/cmd/daemon/daemon.config.yaml

@@ -7,8 +7,11 @@
 # directory (default: ~/.agntcy/dir/, override with --data-dir).
 # Use absolute paths to pin a location regardless of --data-dir.
 #
-# Credentials can be set via environment variables with the prefix
+# Override any setting via environment variables with the prefix
 # DIRECTORY_DAEMON_ followed by the uppercased, underscore-delimited path:
+#   DIRECTORY_DAEMON_SERVER_LISTEN_ADDRESS
+#   DIRECTORY_DAEMON_SERVER_ROUTING_LISTEN_ADDRESS
+#   DIRECTORY_DAEMON_SERVER_ROUTING_BOOTSTRAP_PEERS  (comma-separated)
 #   DIRECTORY_DAEMON_SERVER_DATABASE_POSTGRES_USERNAME
 #   DIRECTORY_DAEMON_SERVER_DATABASE_POSTGRES_PASSWORD
 #   DIRECTORY_DAEMON_SERVER_STORE_OCI_AUTH_CONFIG_USERNAME
@@ -28,8 +31,11 @@ server:
     verification:
       enabled: true
   routing:
-    listen_address: "/ip4/0.0.0.0/tcp/0"
+    listen_address: "/ip4/0.0.0.0/tcp/8999"
+    key_path: "node.key"
     datastore_dir: "routing"
+    # bootstrap_peers:
+    #   - "/dns4/remote-dir.example.com/tcp/8999/p2p/<peer-id>"
     gossipsub:
       enabled: true
   database:

cli/cmd/daemon/start.go

@@ -5,11 +5,13 @@ package daemon
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
 	"os/signal"
 	"syscall"
 
+	networkinit "github.com/agntcy/dir/cli/cmd/network/init"
 	reconciler "github.com/agntcy/dir/reconciler/service"
 	"github.com/agntcy/dir/server"
 	ocilib "github.com/agntcy/dir/server/store/oci"
@@ -33,6 +35,7 @@ The daemon blocks until SIGINT or SIGTERM is received.`,
 	RunE: runStart,
 }
 
+//nolint:cyclop
 func runStart(cmd *cobra.Command, _ []string) error {
 	running, pid, err := readPID()
 	if err != nil {
@@ -52,6 +55,12 @@ func runStart(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("failed to load config: %w", err)
 	}
 
+	if cfg.Server.Routing.KeyPath != "" {
+		if err := ensureKeyFile(cfg.Server.Routing.KeyPath); err != nil {
+			return fmt.Errorf("failed to ensure peer identity key: %w", err)
+		}
+	}
+
 	ctx, cancel := context.WithCancel(cmd.Context())
 	defer cancel()
 
@@ -110,6 +119,29 @@ func runStart(cmd *cobra.Command, _ []string) error {
 	return nil
 }
 
+// ensureKeyFile generates a persistent Ed25519 identity key if one does not
+// already exist at path. Uses the same PKCS#8 PEM format as `dirctl network init`.
+func ensureKeyFile(path string) error {
+	if _, err := os.Stat(path); err == nil {
+		return nil
+	} else if !errors.Is(err, os.ErrNotExist) {
+		return fmt.Errorf("failed to stat key file: %w", err)
+	}
+
+	_, pemData, err := networkinit.GenerateED25519OpenSSLKey()
+	if err != nil {
+		return fmt.Errorf("failed to generate Ed25519 key: %w", err)
+	}
+
+	if err := os.WriteFile(path, pemData, 0o600); err != nil { //nolint:mnd
+		return fmt.Errorf("failed to write key file: %w", err)
+	}
+
+	logger.Info("Generated persistent peer identity key", "path", path)
+
+	return nil
+}
+
 // newTagLister returns a registry.TagLister for the reconciler's indexer.
 // When a local OCI directory is configured, a local oci.Store is opened.
 // Otherwise a remote ORAS repository is created from the OCI config.