<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title><![CDATA[🚀 Windmill on Cloudron: community package now available]]></title><description><![CDATA[<h2><img src="https://forum.cloudron.io/assets/plugins/nodebb-plugin-emoji/emoji/android/1f680.png?v=8b6d81684d0" class="not-responsive emoji emoji-android emoji--rocket" style="height:23px;width:auto;vertical-align:middle" title="🚀" alt="🚀" /> Windmill: community package now available</h2>
<hr />
<h3>Code-first orchestration platform for internal software</h3>
<blockquote>
<p dir="auto"><strong>TL;DR:</strong> Windmill turns scripts in <strong>Python, TypeScript, Go, Bash and SQL</strong> into webhooks, scheduled jobs, multi-step <strong>flows</strong>, and auto-generated <strong>internal UIs</strong> — a fast, open-source developer platform and job runner (an alternative to Airplane / Retool / n8n / Temporal). Now packaged for Cloudron and ready to install. Built and tested on Cloudron 9.1; unofficial and community-maintained.</p>
</blockquote>
<h3>Links</h3>
<ul>
<li><img src="https://forum.cloudron.io/assets/plugins/nodebb-plugin-emoji/emoji/android/1f3e0.png?v=8b6d81684d0" class="not-responsive emoji emoji-android emoji--house" style="height:23px;width:auto;vertical-align:middle" title="🏠" alt="🏠" /> Project homepage: <a href="https://www.windmill.dev" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.windmill.dev</a></li>
<li><img src="https://forum.cloudron.io/assets/plugins/nodebb-plugin-emoji/emoji/android/1f4e6.png?v=8b6d81684d0" class="not-responsive emoji emoji-android emoji--package" style="height:23px;width:auto;vertical-align:middle" title="📦" alt="📦" /> Upstream repo: <a href="https://github.com/windmill-labs/windmill" target="_blank" rel="noopener noreferrer nofollow ugc">https://github.com/windmill-labs/windmill</a></li>
<li>🧱 Cloudron package repo: <a href="https://github.com/OrcVole/windmill-cloudron" target="_blank" rel="noopener noreferrer nofollow ugc">https://github.com/OrcVole/windmill-cloudron</a></li>
</ul>
<p dir="auto">There's a hosted upstream demo at <a href="https://app.windmill.dev" target="_blank" rel="noopener noreferrer nofollow ugc">https://app.windmill.dev</a>. The package you install is the self-hosted <strong>Community Edition</strong> — the full app (editor, workers, scheduler, UIs) on your own box, behind your own login.</p>
<hr />
<h3><img src="https://forum.cloudron.io/assets/plugins/nodebb-plugin-emoji/emoji/android/1f4e5.png?v=8b6d81684d0" class="not-responsive emoji emoji-android emoji--inbox_tray" style="height:23px;width:auto;vertical-align:middle" title="📥" alt="📥" /> How to install</h3>
<h2>Installation</h2>
<ul>
<li>Click on the Add custom app drop down top right in the App Store and choose Community app:</li>
<li>Then paste in the CloudronVersions.json URL into the box that pops up:</li>
</ul>
<p dir="auto"><img src="/assets/uploads/files/1782553024126-community-package-resized.jpeg" alt="Community Package.jpeg" class=" img-fluid img-markdown" /> <img src="/assets/uploads/files/1782553033195-cloudronversions.jpeg" alt="CloudronVersions.jpeg" class=" img-fluid img-markdown" /></p>
<p dir="auto">Community packages aren't in the App Store, so install via the CLI. The published image is on GHCR and the package ships a community versions file:</p>
<pre><code class="language-bash"># recommended: install the published community build from the versions URL
cloudron install \
  --versions-url https://raw.githubusercontent.com/OrcVole/windmill-cloudron/main/CloudronVersions.json \
  --location windmill.example.com

# or pin the prebuilt image directly
cloudron install --image ghcr.io/orcvole/windmill-cloudron:1.0.1 --location windmill.example.com

# or build it yourself from the repo
git clone https://github.com/OrcVole/windmill-cloudron
cd windmill-cloudron
cloudron build
cloudron install --image [your-registry]/windmill-cloudron:latest --location windmill.example.com
</code></pre>
<p dir="auto"><strong>Minimums:</strong> 3 GB RAM recommended (the app bundles its own PostgreSQL alongside the Windmill server and a worker — see below; raise it for heavier workloads). Addons: <code>localstorage</code> and <code>sendmail</code>. <strong>No <code>postgresql</code> addon</strong> — the package bundles Postgres on purpose.</p>
<p dir="auto"><strong>First run:</strong> log in with <code>admin@windmill.dev</code> / <code>changeme</code> and <strong>change the password immediately</strong> (Settings → Users). Then create a workspace and start writing scripts. Windmill CE <strong>1.741.0</strong>, package <strong>v1.0.1</strong>.</p>
<hr />
<h3><img src="https://forum.cloudron.io/assets/plugins/nodebb-plugin-emoji/emoji/android/1f464.png?v=8b6d81684d0" class="not-responsive emoji emoji-android emoji--bust_in_silhouette" style="height:23px;width:auto;vertical-align:middle" title="👤" alt="👤" /> For users</h3>
<p dir="auto"><strong>Why try it:</strong> Windmill is the glue for a self-hosted stack. Write a function in the language you already use, and Windmill instantly gives it a webhook, a schedule, a typed input form, and a run history — then lets you compose those functions into flows with retries, approvals and branching, and assemble small internal UIs on top. It's fast (a Rust core, a real job queue in Postgres) and everything stays on your box.</p>
<p dir="auto">What you get out of the box:</p>
<ul>
<li><strong>Scripts → webhooks/CRON/UIs</strong> in Python (via uv), TypeScript (Deno &amp; Bun), Go, Bash and SQL — all runtimes baked into the image; the first job in a language warms its dependency cache.</li>
<li><strong>Flows</strong>: multi-step pipelines with retries, error handlers, approval steps, branches and a visual editor.</li>
<li><strong>Secrets, variables and resources</strong> with per-workspace encryption, plus granular roles/permissions.</li>
<li><strong>A built-in editor</strong> with an integrated job runner, schedules, and run history.</li>
<li><strong>Cloudron-specific wins:</strong> outgoing email is wired to the Cloudron mail addon automatically; <code>/health</code> is open for monitoring; all state lives in a bundled PostgreSQL that is captured by Cloudron backups via a consistent logical dump; updates are one click.</li>
</ul>
<p dir="auto">Good fit if you want a private automation/back-office platform that sits next to the rest of your self-hosted stack and can call any of it. Probably not for you if you need to run <strong>untrusted, multi-tenant</strong> code (see the security note below) or you rely on Windmill's Docker "container step" jobs (not available under Cloudron's unprivileged container).</p>
<hr />
<h3>🧰 For packagers: what we learned</h3>
<p dir="auto"><strong>What helped</strong></p>
<ul>
<li><strong><code>MODE=standalone</code></strong> is the single-container lever — the API server and a worker in one process. <code>NUM_WORKERS</code> is capped to 1 in standalone (raising it needs flags upstream marks unsafe), so scale by memory, not worker count.</li>
<li><strong>Shape A still wins for a multi-runtime image</strong> when the linkage gate is green: copy the unmodified CE binary + the self-contained runtimes (Deno, Bun, uv, Go) from the official image onto <code>cloudron/base</code>, rather than <code>FROM</code> the 3.9 GB CE image. The Windmill binary's only direct deps are stock glibc libs already on the base.</li>
<li><strong>All durable state is in Postgres</strong> (including the per-workspace encryption keys and the auto-generated <code>jwt_secret</code>), so there's no external data-loss-critical key file to seed — the database backup is the whole backup.</li>
</ul>
<p dir="auto"><strong>What was tricky and how we solved it</strong></p>
<ul>
<li><strong>The Cloudron <code>postgresql</code> addon can't host Windmill.</strong> Windmill's unmodified binary needs superuser-grade Postgres: an unguarded <code>CREATE EXTENSION "uuid-ossp"</code>, a <code>CREATE ROLE … WITH BYPASSRLS</code> for workspace row-level-security, and a runtime <code>SET ROLE</code>. The addon grants a single non-superuser owner — none of that. The only addon-compatible workaround is <strong>patching the Windmill binary</strong>, which the CE license forbids ("distribute as is, do not modify or wrap"). So the package <strong>bundles PostgreSQL 16</strong> as superuser instead — the field-guide "bundle-localhost-under-<code>/app/data</code> when no addon can serve the app" pattern.</li>
<li><strong>A hot file-copy of a running Postgres data dir is unsafe</strong> (torn pages). Cloudron's filesystem backup copies <code>/app/data</code> live, so we put <code>PGDATA</code> in a <strong><code>persistentDir</code></strong> (excluded from the filesystem backup) and use <strong><code>backupCommand</code>/<code>restoreCommand</code></strong> (<code>minBoxVersion 9.1.0</code>) to <code>pg_dumpall</code> a consistent logical dump into <code>/app/data</code> at backup time and rebuild the cluster from it on restore. Verified: a workspace + variable survive a backup → restore onto a fresh data volume.</li>
<li><strong>Windmill probes <code>/usr/bin/deno</code> by default</strong> — copy Deno/Bun there (and set <code>DENO_PATH</code>/<code>BUN_PATH</code>), or TypeScript jobs fail with "Executable /usr/bin/deno not found". Go needs <code>GO_PATH</code>.</li>
<li><strong>nginx as the <code>cloudron</code> user, read-only rootfs:</strong> use the <code>error_log stderr</code> keyword (opening the <code>/dev/stderr</code> path fails as non-root), put the pid in a chowned dir, and don't double-declare <code>daemon off</code>.</li>
<li><strong>Liveness ≠ readiness, even in the smoke gate:</strong> <code>/health</code> (served by nginx) is 200 before first-boot migrations finish, so poll <code>/api/version</code> for real readiness before asserting app behavior.</li>
</ul>
<p dir="auto"><strong>Still rough / open questions</strong></p>
<ul>
<li>A cold install from the versions URL on a fresh subdomain is the gate we'd most welcome other eyes on.</li>
<li>The bundled-Postgres memory budget is shared with the Windmill worker — an OOM takes the DB down with the app. Conservative <code>shared_buffers</code>/<code>work_mem</code> plus a documented memory floor mitigate it; real-world tuning feedback is welcome.</li>
</ul>
<hr />
<h3><img src="https://forum.cloudron.io/assets/plugins/nodebb-plugin-emoji/emoji/android/1f6e0.png?v=8b6d81684d0" class="not-responsive emoji emoji-android emoji--hammer_and_wrench" style="height:23px;width:auto;vertical-align:middle" title="🛠" alt="🛠" />️ For the Cloudron team</h3>
<p dir="auto"><strong>Maintenance burden:</strong> upstream Windmill ships very frequently. The package is a thin layer (a pinned version build-arg + the manifest), so a rebump is a version bump, a rebuild, and a re-run of the language smoke + the backup/restore gate.</p>
<p dir="auto"><strong>Why it would suit the App Store:</strong> it's the automation/orchestration tier the self-hosted catalogue is missing, and it ties the rest of the stack together (it can drive any HTTP service on the box). The package honours upstream's license — the CE binary is used <strong>unmodified</strong>, with <strong>no</strong> capped/enterprise features re-enabled.</p>
<p dir="auto"><strong>Friction worth knowing about:</strong> an app that needs a <strong><code>BYPASSRLS</code>/<code>CREATEROLE</code></strong> Postgres role still can't use the <code>postgresql</code> addon (the <code>uuid-ossp</code> allowlist isn't enough), which is what forces bundling a private Postgres — a "privileged database" addon option would let apps like this avoid that. The <code>persistentDirs</code> + <code>backupCommand</code>/<code>restoreCommand</code> trio (9.1.0) is exactly the right tool for a bundled DB and worked well.</p>
<hr />
<h3><img src="https://forum.cloudron.io/assets/plugins/nodebb-plugin-emoji/emoji/android/1f4bb.png?v=8b6d81684d0" class="not-responsive emoji emoji-android emoji--computer" style="height:23px;width:auto;vertical-align:middle" title="💻" alt="💻" /> For Windmill's developers and contributors</h3>
<p dir="auto">A few low-effort things that help packagers a lot:</p>
<ul>
<li><strong>A documented non-superuser bootstrap.</strong> The unguarded <code>CREATE EXTENSION "uuid-ossp"</code> and <code>SET ROLE windmill_admin</code> make CE hard to run on managed/least-privilege Postgres. A supported "pre-create the extension + roles, then run migrations as a plain owner" path would help every managed-PG deployment, not just Cloudron.</li>
<li><strong>Read SMTP from the environment as a first-class option</strong> (it already falls back to env when the DB setting is absent) and document it, so platform mail addons map cleanly.</li>
<li><strong>Publish a glibc/Postgres-version floor per release</strong>, so a slim base copy of the binary knows its target.</li>
</ul>
<p dir="auto">Package source and PRs welcome here: <a href="https://github.com/OrcVole/windmill-cloudron" target="_blank" rel="noopener noreferrer nofollow ugc">https://github.com/OrcVole/windmill-cloudron</a>. Happy to co-maintain.</p>
<hr />
<h3><img src="https://forum.cloudron.io/assets/plugins/nodebb-plugin-emoji/emoji/android/1f513.png?v=8b6d81684d0" class="not-responsive emoji emoji-android emoji--unlock" style="height:23px;width:auto;vertical-align:middle" title="🔓" alt="🔓" /> Unlocks</h3>
<p dir="auto">Once it's running, you can:</p>
<ul>
<li>Turn any Python/TS/Go/Bash function into a webhook, a CRON job, or a small internal UI in minutes — no boilerplate service to write or deploy.</li>
<li>Build flows that orchestrate the rest of your box: call your other self-hosted APIs, gate steps on human approval, retry and branch.</li>
<li>Schedule and observe back-office automation (reports, syncs, ETL) with a real run history and per-workspace secrets, all on your server.</li>
</ul>
<h3><img src="https://forum.cloudron.io/assets/plugins/nodebb-plugin-emoji/emoji/android/1f517.png?v=8b6d81684d0" class="not-responsive emoji emoji-android emoji--link" style="height:23px;width:auto;vertical-align:middle" title="🔗" alt="🔗" /> Synergies</h3>
<p dir="auto">Pairs nicely with other Cloudron apps — Windmill is the orchestrator that calls them:</p>
<ul>
<li><strong>Windmill + Docling + TEI + Qdrant:</strong> a flow that converts a document (Docling), embeds the text (TEI), and upserts vectors (Qdrant) — a private RAG ingestion pipeline, scheduled or webhook-triggered.</li>
<li><strong>Windmill + a reranker (e.g. bge-reranker):</strong> rerank Qdrant hits for higher-quality retrieval inside the same flow.</li>
<li><strong>Windmill + Ollama / OpenWebUI / agentgateway:</strong> point Windmill AI at an OpenAI-compatible endpoint on your box for code generation and LLM steps.</li>
<li><strong>Windmill + anything with a webhook:</strong> it's the glue — schedule it, trigger it, and wire the outputs onward.</li>
</ul>
<hr />
<p dir="auto">Feedback, bug reports, and "works on my install" confirmations all welcome below. <img src="https://forum.cloudron.io/assets/plugins/nodebb-plugin-emoji/emoji/android/1f64f.png?v=8b6d81684d0" class="not-responsive emoji emoji-android emoji--pray" style="height:23px;width:auto;vertical-align:middle" title="🙏" alt="🙏" /></p>
]]></description><link>https://forum.cloudron.io/topic/15655/windmill-on-cloudron-community-package-now-available</link><generator>RSS for Node</generator><lastBuildDate>Fri, 03 Jul 2026 03:38:37 GMT</lastBuildDate><atom:link href="https://forum.cloudron.io/topic/15655.rss" rel="self" type="application/rss+xml"/><pubDate>Sat, 27 Jun 2026 22:31:28 GMT</pubDate><ttl>60</ttl><item><title><![CDATA[Reply to 🚀 Windmill on Cloudron: community package now available on Mon, 29 Jun 2026 21:13:22 GMT]]></title><description><![CDATA[<p dir="auto"><a class="plugin-mentions-user plugin-mentions-a" href="/user/loudlemur" aria-label="Profile: LoudLemur">@<bdi>LoudLemur</bdi></a> well done</p>
<p dir="auto">Be aware that windmill push out releases like their pants on fire. Almost daily at times.</p>
<p dir="auto">My windmill community package has fallen behind, and I’m not much motivated to be constantly re-packaging it for Cloudron. I’m likely to do one update then freeze it or hand the baton over. So very pleased to see your package as alternative.</p>
<p dir="auto">It would likely save you some hassle to decide an upgrade policy for Windmill. Once per week or whatever. Otherwise you might be forever publishing.</p>
]]></description><link>https://forum.cloudron.io/post/126249</link><guid isPermaLink="true">https://forum.cloudron.io/post/126249</guid><dc:creator><![CDATA[timconsidine]]></dc:creator><pubDate>Mon, 29 Jun 2026 21:13:22 GMT</pubDate></item></channel></rss>