š Windmill on Cloudron: community package now available
-
Windmill: community package now available
Code-first orchestration platform for internal software
TL;DR: Windmill turns scripts in Python, TypeScript, Go, Bash and SQL into webhooks, scheduled jobs, multi-step flows, and auto-generated internal UIs ā a fast, open-source developer platform and job runner (an alternative to Airplane / Retool / n8n / Temporal). Now packaged for Cloudron and ready to install. Built and tested on Cloudron 9.1; unofficial and community-maintained.
Links
Project homepage: https://www.windmill.dev
Upstream repo: https://github.com/windmill-labs/windmill- š§± Cloudron package repo: https://github.com/OrcVole/windmill-cloudron
There's a hosted upstream demo at https://app.windmill.dev. The package you install is the self-hosted Community Edition ā the full app (editor, workers, scheduler, UIs) on your own box, behind your own login.
How to installInstallation
- Click on the Add custom app drop down top right in the App Store and choose Community app:
- Then paste in the CloudronVersions.json URL into the box that pops up:

Community packages aren't in the App Store, so install via the CLI. The published image is on GHCR and the package ships a community versions file:
# recommended: install the published community build from the versions URL cloudron install \ --versions-url https://raw.githubusercontent.com/OrcVole/windmill-cloudron/main/CloudronVersions.json \ --location windmill.example.com # or pin the prebuilt image directly cloudron install --image ghcr.io/orcvole/windmill-cloudron:1.0.1 --location windmill.example.com # or build it yourself from the repo git clone https://github.com/OrcVole/windmill-cloudron cd windmill-cloudron cloudron build cloudron install --image [your-registry]/windmill-cloudron:latest --location windmill.example.comMinimums: 3 GB RAM recommended (the app bundles its own PostgreSQL alongside the Windmill server and a worker ā see below; raise it for heavier workloads). Addons:
localstorageandsendmail. Nopostgresqladdon ā the package bundles Postgres on purpose.First run: log in with
admin@windmill.dev/changemeand change the password immediately (Settings ā Users). Then create a workspace and start writing scripts. Windmill CE 1.741.0, package v1.0.1.
For usersWhy try it: Windmill is the glue for a self-hosted stack. Write a function in the language you already use, and Windmill instantly gives it a webhook, a schedule, a typed input form, and a run history ā then lets you compose those functions into flows with retries, approvals and branching, and assemble small internal UIs on top. It's fast (a Rust core, a real job queue in Postgres) and everything stays on your box.
What you get out of the box:
- Scripts ā webhooks/CRON/UIs in Python (via uv), TypeScript (Deno & Bun), Go, Bash and SQL ā all runtimes baked into the image; the first job in a language warms its dependency cache.
- Flows: multi-step pipelines with retries, error handlers, approval steps, branches and a visual editor.
- Secrets, variables and resources with per-workspace encryption, plus granular roles/permissions.
- A built-in editor with an integrated job runner, schedules, and run history.
- Cloudron-specific wins: outgoing email is wired to the Cloudron mail addon automatically;
/healthis open for monitoring; all state lives in a bundled PostgreSQL that is captured by Cloudron backups via a consistent logical dump; updates are one click.
Good fit if you want a private automation/back-office platform that sits next to the rest of your self-hosted stack and can call any of it. Probably not for you if you need to run untrusted, multi-tenant code (see the security note below) or you rely on Windmill's Docker "container step" jobs (not available under Cloudron's unprivileged container).
š§° For packagers: what we learned
What helped
MODE=standaloneis the single-container lever ā the API server and a worker in one process.NUM_WORKERSis capped to 1 in standalone (raising it needs flags upstream marks unsafe), so scale by memory, not worker count.- Shape A still wins for a multi-runtime image when the linkage gate is green: copy the unmodified CE binary + the self-contained runtimes (Deno, Bun, uv, Go) from the official image onto
cloudron/base, rather thanFROMthe 3.9 GB CE image. The Windmill binary's only direct deps are stock glibc libs already on the base. - All durable state is in Postgres (including the per-workspace encryption keys and the auto-generated
jwt_secret), so there's no external data-loss-critical key file to seed ā the database backup is the whole backup.
What was tricky and how we solved it
- The Cloudron
postgresqladdon can't host Windmill. Windmill's unmodified binary needs superuser-grade Postgres: an unguardedCREATE EXTENSION "uuid-ossp", aCREATE ROLE ⦠WITH BYPASSRLSfor workspace row-level-security, and a runtimeSET ROLE. The addon grants a single non-superuser owner ā none of that. The only addon-compatible workaround is patching the Windmill binary, which the CE license forbids ("distribute as is, do not modify or wrap"). So the package bundles PostgreSQL 16 as superuser instead ā the field-guide "bundle-localhost-under-/app/datawhen no addon can serve the app" pattern. - A hot file-copy of a running Postgres data dir is unsafe (torn pages). Cloudron's filesystem backup copies
/app/datalive, so we putPGDATAin apersistentDir(excluded from the filesystem backup) and usebackupCommand/restoreCommand(minBoxVersion 9.1.0) topg_dumpalla consistent logical dump into/app/dataat backup time and rebuild the cluster from it on restore. Verified: a workspace + variable survive a backup ā restore onto a fresh data volume. - Windmill probes
/usr/bin/denoby default ā copy Deno/Bun there (and setDENO_PATH/BUN_PATH), or TypeScript jobs fail with "Executable /usr/bin/deno not found". Go needsGO_PATH. - nginx as the
cloudronuser, read-only rootfs: use theerror_log stderrkeyword (opening the/dev/stderrpath fails as non-root), put the pid in a chowned dir, and don't double-declaredaemon off. - Liveness ā readiness, even in the smoke gate:
/health(served by nginx) is 200 before first-boot migrations finish, so poll/api/versionfor real readiness before asserting app behavior.
Still rough / open questions
- A cold install from the versions URL on a fresh subdomain is the gate we'd most welcome other eyes on.
- The bundled-Postgres memory budget is shared with the Windmill worker ā an OOM takes the DB down with the app. Conservative
shared_buffers/work_memplus a documented memory floor mitigate it; real-world tuning feedback is welcome.
ļø For the Cloudron teamMaintenance burden: upstream Windmill ships very frequently. The package is a thin layer (a pinned version build-arg + the manifest), so a rebump is a version bump, a rebuild, and a re-run of the language smoke + the backup/restore gate.
Why it would suit the App Store: it's the automation/orchestration tier the self-hosted catalogue is missing, and it ties the rest of the stack together (it can drive any HTTP service on the box). The package honours upstream's license ā the CE binary is used unmodified, with no capped/enterprise features re-enabled.
Friction worth knowing about: an app that needs a
BYPASSRLS/CREATEROLEPostgres role still can't use thepostgresqladdon (theuuid-osspallowlist isn't enough), which is what forces bundling a private Postgres ā a "privileged database" addon option would let apps like this avoid that. ThepersistentDirs+backupCommand/restoreCommandtrio (9.1.0) is exactly the right tool for a bundled DB and worked well.
For Windmill's developers and contributorsA few low-effort things that help packagers a lot:
- A documented non-superuser bootstrap. The unguarded
CREATE EXTENSION "uuid-ossp"andSET ROLE windmill_adminmake CE hard to run on managed/least-privilege Postgres. A supported "pre-create the extension + roles, then run migrations as a plain owner" path would help every managed-PG deployment, not just Cloudron. - Read SMTP from the environment as a first-class option (it already falls back to env when the DB setting is absent) and document it, so platform mail addons map cleanly.
- Publish a glibc/Postgres-version floor per release, so a slim base copy of the binary knows its target.
Package source and PRs welcome here: https://github.com/OrcVole/windmill-cloudron. Happy to co-maintain.
UnlocksOnce it's running, you can:
- Turn any Python/TS/Go/Bash function into a webhook, a CRON job, or a small internal UI in minutes ā no boilerplate service to write or deploy.
- Build flows that orchestrate the rest of your box: call your other self-hosted APIs, gate steps on human approval, retry and branch.
- Schedule and observe back-office automation (reports, syncs, ETL) with a real run history and per-workspace secrets, all on your server.
SynergiesPairs nicely with other Cloudron apps ā Windmill is the orchestrator that calls them:
- Windmill + Docling + TEI + Qdrant: a flow that converts a document (Docling), embeds the text (TEI), and upserts vectors (Qdrant) ā a private RAG ingestion pipeline, scheduled or webhook-triggered.
- Windmill + a reranker (e.g. bge-reranker): rerank Qdrant hits for higher-quality retrieval inside the same flow.
- Windmill + Ollama / OpenWebUI / agentgateway: point Windmill AI at an OpenAI-compatible endpoint on your box for code generation and LLM steps.
- Windmill + anything with a webhook: it's the glue ā schedule it, trigger it, and wire the outputs onward.
Feedback, bug reports, and "works on my install" confirmations all welcome below.

-
Windmill: community package now available
Code-first orchestration platform for internal software
TL;DR: Windmill turns scripts in Python, TypeScript, Go, Bash and SQL into webhooks, scheduled jobs, multi-step flows, and auto-generated internal UIs ā a fast, open-source developer platform and job runner (an alternative to Airplane / Retool / n8n / Temporal). Now packaged for Cloudron and ready to install. Built and tested on Cloudron 9.1; unofficial and community-maintained.
Links
Project homepage: https://www.windmill.dev
Upstream repo: https://github.com/windmill-labs/windmill- š§± Cloudron package repo: https://github.com/OrcVole/windmill-cloudron
There's a hosted upstream demo at https://app.windmill.dev. The package you install is the self-hosted Community Edition ā the full app (editor, workers, scheduler, UIs) on your own box, behind your own login.
How to installInstallation
- Click on the Add custom app drop down top right in the App Store and choose Community app:
- Then paste in the CloudronVersions.json URL into the box that pops up:

Community packages aren't in the App Store, so install via the CLI. The published image is on GHCR and the package ships a community versions file:
# recommended: install the published community build from the versions URL cloudron install \ --versions-url https://raw.githubusercontent.com/OrcVole/windmill-cloudron/main/CloudronVersions.json \ --location windmill.example.com # or pin the prebuilt image directly cloudron install --image ghcr.io/orcvole/windmill-cloudron:1.0.1 --location windmill.example.com # or build it yourself from the repo git clone https://github.com/OrcVole/windmill-cloudron cd windmill-cloudron cloudron build cloudron install --image [your-registry]/windmill-cloudron:latest --location windmill.example.comMinimums: 3 GB RAM recommended (the app bundles its own PostgreSQL alongside the Windmill server and a worker ā see below; raise it for heavier workloads). Addons:
localstorageandsendmail. Nopostgresqladdon ā the package bundles Postgres on purpose.First run: log in with
admin@windmill.dev/changemeand change the password immediately (Settings ā Users). Then create a workspace and start writing scripts. Windmill CE 1.741.0, package v1.0.1.
For usersWhy try it: Windmill is the glue for a self-hosted stack. Write a function in the language you already use, and Windmill instantly gives it a webhook, a schedule, a typed input form, and a run history ā then lets you compose those functions into flows with retries, approvals and branching, and assemble small internal UIs on top. It's fast (a Rust core, a real job queue in Postgres) and everything stays on your box.
What you get out of the box:
- Scripts ā webhooks/CRON/UIs in Python (via uv), TypeScript (Deno & Bun), Go, Bash and SQL ā all runtimes baked into the image; the first job in a language warms its dependency cache.
- Flows: multi-step pipelines with retries, error handlers, approval steps, branches and a visual editor.
- Secrets, variables and resources with per-workspace encryption, plus granular roles/permissions.
- A built-in editor with an integrated job runner, schedules, and run history.
- Cloudron-specific wins: outgoing email is wired to the Cloudron mail addon automatically;
/healthis open for monitoring; all state lives in a bundled PostgreSQL that is captured by Cloudron backups via a consistent logical dump; updates are one click.
Good fit if you want a private automation/back-office platform that sits next to the rest of your self-hosted stack and can call any of it. Probably not for you if you need to run untrusted, multi-tenant code (see the security note below) or you rely on Windmill's Docker "container step" jobs (not available under Cloudron's unprivileged container).
š§° For packagers: what we learned
What helped
MODE=standaloneis the single-container lever ā the API server and a worker in one process.NUM_WORKERSis capped to 1 in standalone (raising it needs flags upstream marks unsafe), so scale by memory, not worker count.- Shape A still wins for a multi-runtime image when the linkage gate is green: copy the unmodified CE binary + the self-contained runtimes (Deno, Bun, uv, Go) from the official image onto
cloudron/base, rather thanFROMthe 3.9 GB CE image. The Windmill binary's only direct deps are stock glibc libs already on the base. - All durable state is in Postgres (including the per-workspace encryption keys and the auto-generated
jwt_secret), so there's no external data-loss-critical key file to seed ā the database backup is the whole backup.
What was tricky and how we solved it
- The Cloudron
postgresqladdon can't host Windmill. Windmill's unmodified binary needs superuser-grade Postgres: an unguardedCREATE EXTENSION "uuid-ossp", aCREATE ROLE ⦠WITH BYPASSRLSfor workspace row-level-security, and a runtimeSET ROLE. The addon grants a single non-superuser owner ā none of that. The only addon-compatible workaround is patching the Windmill binary, which the CE license forbids ("distribute as is, do not modify or wrap"). So the package bundles PostgreSQL 16 as superuser instead ā the field-guide "bundle-localhost-under-/app/datawhen no addon can serve the app" pattern. - A hot file-copy of a running Postgres data dir is unsafe (torn pages). Cloudron's filesystem backup copies
/app/datalive, so we putPGDATAin apersistentDir(excluded from the filesystem backup) and usebackupCommand/restoreCommand(minBoxVersion 9.1.0) topg_dumpalla consistent logical dump into/app/dataat backup time and rebuild the cluster from it on restore. Verified: a workspace + variable survive a backup ā restore onto a fresh data volume. - Windmill probes
/usr/bin/denoby default ā copy Deno/Bun there (and setDENO_PATH/BUN_PATH), or TypeScript jobs fail with "Executable /usr/bin/deno not found". Go needsGO_PATH. - nginx as the
cloudronuser, read-only rootfs: use theerror_log stderrkeyword (opening the/dev/stderrpath fails as non-root), put the pid in a chowned dir, and don't double-declaredaemon off. - Liveness ā readiness, even in the smoke gate:
/health(served by nginx) is 200 before first-boot migrations finish, so poll/api/versionfor real readiness before asserting app behavior.
Still rough / open questions
- A cold install from the versions URL on a fresh subdomain is the gate we'd most welcome other eyes on.
- The bundled-Postgres memory budget is shared with the Windmill worker ā an OOM takes the DB down with the app. Conservative
shared_buffers/work_memplus a documented memory floor mitigate it; real-world tuning feedback is welcome.
ļø For the Cloudron teamMaintenance burden: upstream Windmill ships very frequently. The package is a thin layer (a pinned version build-arg + the manifest), so a rebump is a version bump, a rebuild, and a re-run of the language smoke + the backup/restore gate.
Why it would suit the App Store: it's the automation/orchestration tier the self-hosted catalogue is missing, and it ties the rest of the stack together (it can drive any HTTP service on the box). The package honours upstream's license ā the CE binary is used unmodified, with no capped/enterprise features re-enabled.
Friction worth knowing about: an app that needs a
BYPASSRLS/CREATEROLEPostgres role still can't use thepostgresqladdon (theuuid-osspallowlist isn't enough), which is what forces bundling a private Postgres ā a "privileged database" addon option would let apps like this avoid that. ThepersistentDirs+backupCommand/restoreCommandtrio (9.1.0) is exactly the right tool for a bundled DB and worked well.
For Windmill's developers and contributorsA few low-effort things that help packagers a lot:
- A documented non-superuser bootstrap. The unguarded
CREATE EXTENSION "uuid-ossp"andSET ROLE windmill_adminmake CE hard to run on managed/least-privilege Postgres. A supported "pre-create the extension + roles, then run migrations as a plain owner" path would help every managed-PG deployment, not just Cloudron. - Read SMTP from the environment as a first-class option (it already falls back to env when the DB setting is absent) and document it, so platform mail addons map cleanly.
- Publish a glibc/Postgres-version floor per release, so a slim base copy of the binary knows its target.
Package source and PRs welcome here: https://github.com/OrcVole/windmill-cloudron. Happy to co-maintain.
UnlocksOnce it's running, you can:
- Turn any Python/TS/Go/Bash function into a webhook, a CRON job, or a small internal UI in minutes ā no boilerplate service to write or deploy.
- Build flows that orchestrate the rest of your box: call your other self-hosted APIs, gate steps on human approval, retry and branch.
- Schedule and observe back-office automation (reports, syncs, ETL) with a real run history and per-workspace secrets, all on your server.
SynergiesPairs nicely with other Cloudron apps ā Windmill is the orchestrator that calls them:
- Windmill + Docling + TEI + Qdrant: a flow that converts a document (Docling), embeds the text (TEI), and upserts vectors (Qdrant) ā a private RAG ingestion pipeline, scheduled or webhook-triggered.
- Windmill + a reranker (e.g. bge-reranker): rerank Qdrant hits for higher-quality retrieval inside the same flow.
- Windmill + Ollama / OpenWebUI / agentgateway: point Windmill AI at an OpenAI-compatible endpoint on your box for code generation and LLM steps.
- Windmill + anything with a webhook: it's the glue ā schedule it, trigger it, and wire the outputs onward.
Feedback, bug reports, and "works on my install" confirmations all welcome below.

@LoudLemur well done
Be aware that windmill push out releases like their pants on fire. Almost daily at times.
My windmill community package has fallen behind, and Iām not much motivated to be constantly re-packaging it for Cloudron. Iām likely to do one update then freeze it or hand the baton over. So very pleased to see your package as alternative.
It would likely save you some hassle to decide an upgrade policy for Windmill. Once per week or whatever. Otherwise you might be forever publishing.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better š
Register Login