nixos/windmill: add database.url option and defaults

NixOS · Sep 13, 2024 · b44fdbf · b44fdbf
1 parent 7f114da
commit b44fdbf
Showing 1 changed file with 26 additions and 7 deletions.
diff --git a/nixos/modules/services/web-apps/windmill.nix b/nixos/modules/services/web-apps/windmill.nix
@@ -34,13 +34,24 @@ in
         description = "Database user.";
       };
 
+      url = lib.mkOption {
+        type = lib.types.str;
+        default = "postgres://${config.services.windmill.database.name}?host=/var/run/postgresql";
+        defaultText = lib.literalExpression ''
+          "postgres://\$\{config.services.windmill.database.name}?host=/var/run/postgresql";
+        '';
+        description = "Database url. Note that any secret here would be world-readable. Use `services.windmill.database.urlPath` unstead to include secrets in the url.";
+      };
+
       urlPath = lib.mkOption {
-        type = lib.types.path;
+        type = lib.types.nullOr lib.types.path;
         description = ''
           Path to the file containing the database url windmill should connect to. This is not deducted from database user and name as it might contain a secret
         '';
+        default = null;
         example = "config.age.secrets.DATABASE_URL_FILE.path";
       };
+
       createLocally = lib.mkOption {
         type = lib.types.bool;
         default = true;
@@ -50,6 +61,10 @@ in
 
     baseUrl = lib.mkOption {
       type = lib.types.str;
+      default = "https://localhost:${toString config.services.windmill.serverPort}";
+      defaultText = lib.literalExpression ''
+        "https://localhost:\$\{toString config.services.windmill.serverPort}";
+      '';
       description = ''
         The base url that windmill will be served on.
       '';
@@ -79,17 +94,24 @@ in
 
    systemd.services =
     let
+      useUrlPath = (cfg.database.urlPath != null);
       serviceConfig = {
         DynamicUser = true;
         # using the same user to simplify db connection
         User = cfg.database.user;
         ExecStart = "${pkgs.windmill}/bin/windmill";
 
         Restart = "always";
+      } // lib.optionalAttrs useUrlPath {
         LoadCredential = [
           "DATABASE_URL_FILE:${cfg.database.urlPath}"
         ];
       };
+      db_url_envs = lib.optionalAttrs useUrlPath {
+        DATABASE_URL_FILE = "%d/DATABASE_URL_FILE";
+      } // lib.optionalAttrs (!useUrlPath) {
+        DATABASE_URL = cfg.database.url;
+      };
     in
     {
 
@@ -132,12 +154,11 @@ EOF
         serviceConfig = serviceConfig // { StateDirectory = "windmill";};
 
         environment = {
-          DATABASE_URL_FILE = "%d/DATABASE_URL_FILE";
           PORT = builtins.toString cfg.serverPort;
           WM_BASE_URL = cfg.baseUrl;
           RUST_LOG = cfg.logLevel;
           MODE = "server";
-        };
+        } // db_url_envs;
       };
 
      windmill-worker = {
@@ -148,13 +169,12 @@ EOF
         serviceConfig = serviceConfig // { StateDirectory = "windmill-worker";};
 
         environment = {
-          DATABASE_URL_FILE = "%d/DATABASE_URL_FILE";
           WM_BASE_URL = cfg.baseUrl;
           RUST_LOG = cfg.logLevel;
           MODE = "worker";
           WORKER_GROUP = "default";
           KEEP_JOB_DIR = "false";
-        };
+        } // db_url_envs;
       };
 
      windmill-worker-native = {
@@ -165,12 +185,11 @@ EOF
         serviceConfig = serviceConfig // { StateDirectory = "windmill-worker-native";};
 
         environment = {
-          DATABASE_URL_FILE = "%d/DATABASE_URL_FILE";
           WM_BASE_URL = cfg.baseUrl;
           RUST_LOG = cfg.logLevel;
           MODE = "worker";
           WORKER_GROUP = "native";
-        };
+        } // db_url_envs;
       };
     };
   };