Skip to content

feat(glyph): add Windmill workflow automation #417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
stackptr wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(glyph): add Windmill workflow automation #417

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion hosts/glyph/services/db.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,6 @@

services.postgresqlBackup = {
enable = true;
databases = ["atticd" "grafana" "open-webui" "pocketid"];
databases = ["atticd" "grafana" "open-webui" "pocketid" "windmill"];
};
}
1 change: 1 addition & 0 deletions hosts/glyph/services/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
./prometheus.nix
./samba.nix
./torrents.nix
./windmill.nix
];
users.groups.media = {};
users.users.mu.extraGroups = ["media"];
Expand Down
47 changes: 47 additions & 0 deletions hosts/glyph/services/windmill.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{
config,
pkgs,
...
}: {
services.windmill = {
enable = true;
serverPort = 8100;
baseUrl = "https://windmill.zx.dev";
database.createLocally = true;
};

# The NixOS module's initdb omits table grants from the upstream
# init-db-as-superuser.sql, causing permission errors at runtime.
# Patch the initdb service to include them.
systemd.services.windmill-initdb.script = let
cfg = config.services.windmill;
psql = "${config.services.postgresql.package}/bin/psql";
in ''
${psql} -tA <<"EOF"
DO $$
BEGIN
IF NOT EXISTS (
SELECT FROM pg_catalog.pg_roles
WHERE rolname = 'windmill_user'
) THEN
CREATE ROLE windmill_user;
END IF;
IF NOT EXISTS (
SELECT FROM pg_catalog.pg_roles
WHERE rolname = 'windmill_admin'
) THEN
CREATE ROLE windmill_admin WITH BYPASSRLS;
GRANT windmill_user TO windmill_admin;
END IF;
GRANT windmill_admin TO ${cfg.database.user};
END
$$;

GRANT ALL PRIVILEGES ON DATABASE ${cfg.database.name} TO windmill_user;
GRANT ALL ON ALL TABLES IN SCHEMA public TO windmill_user;
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO windmill_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO windmill_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO windmill_user;
EOF
'';
}
8 changes: 8 additions & 0 deletions hosts/spore/services/web/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,14 @@
"/pgp".return = "302 https://keyoxide.org/hkp/413d1a0152bcb08d2e3ddacaf88c08579051ab48";
};
};
"windmill.zx.dev" = {
forceSSL = true;
useACMEHost = "zx.dev";
locations."/" = {
proxyPass = "http://glyph.rove-duck.ts.net:8100";
proxyWebsockets = true;
};
};
"torrents.zx.dev" = {
forceSSL = true;
useACMEHost = "zx.dev";
Expand Down
Loading