enricobuehler
5e106c51cf
The Windows host installer shipped only the host exe + SudoVDA driver + FFmpeg, so a
fresh install had no web management console — required for basically every user (status,
paired devices, the PIN pairing flow). The console was only ever set up by hand on the
dev box (build-web.ps1 + a hand-made PunktfunkWeb task whose web-run.cmd wasn't even
committed). Bundle it into the same installer, mirroring the proven Linux punktfunk-web
deploy.
- windows-host.yml builds the Nitro node-server console (bun, deb.yml's shape) + fetches
a pinned portable Node, smoke-boots it under node (/login == 200) to gate the build, and
hands web/.output + node.exe to the pack script.
- pack-host-installer.ps1 gains -WebDir/-NodeExe and stages the .output tree, node, and
the two new scripts into the non-WOW64-redirected build area.
- punktfunk-host.iss lays the payload into {app}\web\.output + {app}\node\node.exe, adds
a wizard page for the console login password pre-filled with a crypto-random default
(shown on the finish page; kept on upgrade), and runs web-setup.ps1.
- web-setup.ps1 writes the ACL'd %ProgramData%\punktfunk\web-password (Administrators +
SYSTEM), registers the PunktfunkWeb scheduled task (boot, SYSTEM, restart-on-failure ->
web-run.cmd -> node on :3000), opens inbound TCP 3000, and starts it. web-run.cmd
sources the host's mgmt-token + the password and runs the bundled node.
- The console proxies the host's loopback mgmt API with the host's own
%ProgramData%\punktfunk\mgmt-token (no host-code change). Uninstall removes the task +
firewall rule.
Validated locally: bun build -> node-server bundle, node boot serves /login (200) and
gates /api (401). The Windows-only bits (ISCC compile, scheduled task, password page,
firewall) validate on the Windows runner CI + on-glass.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Windows host build/deploy scripts
Helper scripts for the Windows host box (the RTX .173 lab box, repo at
C:\Users\Public\punktfunk-native). Run them from the repo root in an elevated PowerShell.
One-time: persist the build environment
powershell -ExecutionPolicy Bypass -File scripts\windows\setup-build-env.ps1
Persists (Machine scope) the three vars the NVENC build needs:
| var | value | why |
|---|---|---|
PUNKTFUNK_NVENC_LIB_DIR |
C:\Users\Public\nvenc |
NVENC import lib (nvencodeapi.lib) |
LIBCLANG_PATH |
C:\Program Files\LLVM\bin |
bindgen (libclang.dll) |
CMAKE_POLICY_VERSION_MINIMUM |
3.5 |
audiopus_sys / cmake crates |
FFMPEG_DIR is not set — the --features nvenc build the RTX box uses does not link
libavcodec (that is only the amf-qsv feature). The VS C++ toolchain is loaded per-build via
vcvars64.bat (auto-discovered with vswhere).
Rebuild + redeploy the host service
powershell -ExecutionPolicy Bypass -File scripts\windows\deploy-host.ps1
Stops PunktfunkHost, backs up the current binary (punktfunk-host.exe.bak), builds
--release -p punktfunk-host --features nvenc from the current source, then restarts the
service on the new binary — with automatic rollback if the build fails or the new binary
won't start. The service is down only for the build duration.
Web management console
On an installed host (the setup.exe) the console is set up automatically — no manual steps.
The installer bundles the built .output server + a portable Node and runs
scripts\windows\web-setup.ps1, which registers the PunktfunkWeb scheduled task (at boot, as
SYSTEM, restart-on-failure) running {app}\web\web-run.cmd → node …\.output\server\index.mjs on
:3000, opens inbound TCP 3000, and writes the login password to
%ProgramData%\punktfunk\web-password (ACL'd to Administrators + SYSTEM). The mgmt bearer token it
proxies with is the host's own %ProgramData%\punktfunk\mgmt-token. Browse http://<host-ip>:3000
and log in with the password the installer shows on its final page. To change it, edit
web-password and re-run the task: schtasks /run /tn PunktfunkWeb.
Rebuild + restart the console (dev box)
powershell -ExecutionPolicy Bypass -File scripts\windows\build-web.ps1
bun install && bun run build, installs the externalized server deps into .output/server
(with the @unom .npmrc), then restarts the PunktfunkWeb task and checks :3000/login. Use
this to iterate on the console against an installed host — web-setup.ps1 (or a fresh install) is
what creates the task in the first place.
Typical flow after pulling new code
git pull
powershell -ExecutionPolicy Bypass -File scripts\windows\deploy-host.ps1
powershell -ExecutionPolicy Bypass -File scripts\windows\build-web.ps1