akira/windmill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto-sync Fri Feb 13 10:42:01 UTC 2026

Browse Source
This commit is contained in:
Bot
2026-02-13 10:42:01 +00:00
parent 2c96d29c6f
commit 2f2ae074f5
5 changed files with 342 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

233
SERVER_SETUP.md Normal file
View File

@@ -0,0 +1,233 @@
# Windmill サーバー設定手順
現在の状態:
- ディレクトリ: `/home/windmill/windmill`
- Giteaから正常にpull完了
## ステップ1: docker-compose.yml の置き換え
```bash
cd /home/windmill/windmill
# 現在のファイルをバックアップ
cp docker-compose.yml docker-compose.yml.local.backup
# 新しいdocker-compose.ymlを作成
# (ダウンロードしたファイルの内容をコピー)
nano docker-compose.yml
```
または、ローカルで修正してgit pushする方法
```bash
# ローカルで
cd /home/akira/develop/windmill
cp /path/to/downloaded/docker-compose.yml .
git add docker-compose.yml
git commit -m "Update docker-compose.yml for server deployment"
git push gitea main
# サーバーで
cd /home/windmill/windmill
git pull origin main
```
## ステップ2: .env ファイルの確認
```bash
cd /home/windmill/windmill
# .envファイルを編集
nano .env
```
以下の内容を確認・修正:
```bash
WM_IMAGE=ghcr.io/windmill-labs/windmill:main
DATABASE_URL=postgresql://postgres:YOUR_STRONG_PASSWORD@db:5432/windmill
LOG_MAX_SIZE=20m
LOG_MAX_FILE=10
```
⚠️ **重要**: `YOUR_STRONG_PASSWORD` を強力なパスワードに変更してください
## ステップ3: Traefikネットワークの確認
```bash
# traefik-netネットワークが存在するか確認
docker network ls | grep traefik-net
# もし存在しない場合は作成
docker network create traefik-net
```
## ステップ4: Caddyファイルの削除不要
```bash
cd /home/windmill/windmill
# Caddyfileは不要Traefikを使用
rm Caddyfile # または mv Caddyfile Caddyfile.bak
```
## ステップ5: sync_to_git.sh の更新
```bash
cd /home/windmill/windmill
# 既存のsync_to_git.shを新しいバージョンに置き換え
nano sync_to_git.sh
# (ダウンロードした内容をコピー)
chmod +x sync_to_git.sh
```
## ステップ6: Git認証情報の設定
プッシュ時に認証が必要な場合、以下のいずれかを設定:
### 方法A: Git Credential Helper推奨
```bash
cd /home/windmill/windmill
# 認証情報を保存
git config credential.helper store
# 一度手動でpushパスワード/トークンを入力)
git push origin main
# Username: akira
# Password: <Gitea access token>
# 以降は認証情報が保存されている
```
### 方法B: SSH鍵より安全
```bash
# SSH鍵を生成
ssh-keygen -t ed25519 -C "windmill@keinafarm.net"
# 公開鍵をGiteaに登録
cat ~/.ssh/id_ed25519.pub
# Gitea → Settings → SSH/GPG Keys → Add Key
# リモートURLをSSHに変更
cd /home/windmill/windmill
git remote set-url origin git@gitea.keinafarm.net:akira/windmil.git
```
## ステップ7: Windmillの起動
```bash
cd /home/windmill/windmill
# コンテナを起動
docker-compose up -d
# ログを確認
docker-compose logs -f windmill_server
# 状態確認
docker-compose ps
```
## ステップ8: 動作確認
```bash
# APIバージョンチェック
curl -k https://windmill.keinafarm.net/api/version
# ブラウザでアクセス
# https://windmill.keinafarm.net
```
## ステップ9: Windmill初期設定
1. ブラウザで `https://windmill.keinafarm.net` にアクセス
2. 初回セットアップウィザードに従う
3. 管理者アカウントを作成
4. Workspaceを作成例: `admins`
## ステップ10: Git同期スクリプトの設定Windmill内
1. Windmill UI → Scripts → New Script
2. 以下の内容でBashスクリプトを作成
```bash
#!/bin/bash
set -x
export WM_BASE_URL="http://windmill_server:8000"
export WM_WORKSPACE="admins" # あなたのworkspace名に変更
export PATH=$HOME/.npm-global/bin:$PATH
echo "=== START SYNC ==="
if ! command -v wmill &> /dev/null; then
npm install -g windmill-cli
fi
cd /workspace
wmill sync pull --token "$WM_TOKEN" --base-url "$WM_BASE_URL" --workspace "$WM_WORKSPACE" --skip-variables --skip-secrets --skip-resources --yes --verbose || exit 1
git config --global --add safe.directory /workspace
git config --global user.email "bot@example.com"
git config --global user.name "Bot"
git add .
git commit -m "Auto-sync $(date)" || echo "No changes"
git push origin main
echo "=== END SYNC ==="
```
3. Schedule → New Schedule
- Cron: `*/15 * * * *` (15分ごと)
- Script: 上記で作成したスクリプト
4. Variables → New Variable
- `WM_TOKEN`: Windmill APIトークンSettings → Tokensで作成
## トラブルシューティング
### Traefikでアクセスできない
```bash
# Traefikのログ確認
docker logs traefik
# windmill_serverがtraefik-netに接続されているか
docker network inspect traefik-net | grep windmill
```
### データベース接続エラー
```bash
# DBの状態確認
docker-compose ps db
docker-compose logs db
# 再起動
docker-compose restart db
```
### Gitプッシュが失敗する
```bash
# 認証情報の確認
cd /home/windmill/windmill
git remote -v
git config --list | grep credential
# 手動でテスト
git push origin main
```
## 重要なコマンド
```bash
# 再起動
docker-compose restart
# ログ確認
docker-compose logs -f
# 停止
docker-compose down
# 完全削除(データも削除)
docker-compose down -v
```
## セキュリティチェック
- [ ] `.env` のパスワードを変更
- [ ] Windmill管理者に強力なパスワード設定
- [ ] Git認証をSSH鍵またはcredential helperで設定
- [ ] Traefik Basic認証の追加検討必要に応じて

142
docker-compose.yml
View File

@@ -1,4 +1,4 @@
version: "3.7"
version: "3.9"
x-logging: &default-logging
driver: "json-file"
@@ -7,10 +7,15 @@ x-logging: &default-logging
max-file: "${LOG_MAX_FILE:-10}"
compress: "true"
networks:
traefik-net:
external: true # Traefik管理下のネットワーク
windmill-internal:
driver: bridge # Windmill内部通信用
services:
db:
deploy:
# To use an external database, set replicas to 0 and set DATABASE_URL to the external database url in the .env file
replicas: 1
image: postgres:16
shm_size: 1g
@@ -28,9 +33,12 @@ services:
timeout: 5s
retries: 5
logging: *default-logging
networks:
- windmill-internal
windmill_server:
image: ${WM_IMAGE}
container_name: windmill_server
pull_policy: always
deploy:
replicas: 1
@@ -46,7 +54,24 @@ services:
condition: service_healthy
volumes:
- worker_logs:/tmp/windmill/logs
- /home/akira/develop/windmill:/workspace
- /home/windmill/windmill:/workspace
labels:
# Traefik設定
- "traefik.enable=true"
# HTTPSルーター
- "traefik.http.routers.windmill.rule=Host(`windmill.keinafarm.net`)"
- "traefik.http.routers.windmill.entrypoints=websecure"
- "traefik.http.routers.windmill.tls=true"
- "traefik.http.routers.windmill.tls.certresolver=letsencrypt"
- "traefik.http.services.windmill.loadbalancer.server.port=8000"
# HTTPからHTTPSへのリダイレクト
- "traefik.http.routers.windmill-http.rule=Host(`windmill.keinafarm.net`)"
- "traefik.http.routers.windmill-http.entrypoints=web"
- "traefik.http.routers.windmill-http.middlewares=windmill-https-redirect"
- "traefik.http.middlewares.windmill-https-redirect.redirectscheme.scheme=https"
networks:
- traefik-net
- windmill-internal
logging: *default-logging
windmill_worker:
@@ -58,37 +83,24 @@ services:
limits:
cpus: "1"
memory: 2048M
# for GB, use syntax '2Gi'
restart: unless-stopped
# Uncomment to enable PID namespace isolation (recommended for security)
# Requires privileged mode for --mount-proc flag
# See: https://www.windmill.dev/docs/advanced/security_isolation
# privileged: true
environment:
- DATABASE_URL=${DATABASE_URL}
- MODE=worker
- WORKER_GROUP=default
# If running with non-root/non-windmill UID (e.g., user: "1001:1001"),
# add: - HOME=/tmp
# Uncomment to enable PID namespace isolation (requires privileged: true above)
# - ENABLE_UNSHARE_PID=true
depends_on:
db:
condition: service_healthy
# to mount the worker folder to debug, KEEP_JOB_DIR=true and mount /tmp/windmill
volumes:
# mount the docker socket to allow to run docker containers from within the workers
- /var/run/docker.sock:/var/run/docker.sock
- worker_dependency_cache:/tmp/windmill/cache
- worker_logs:/tmp/windmill/logs
# mount the windmill workspace directory for git sync workflow
- /home/akira/develop/windmill:/workspace
- /home/windmill/windmill:/workspace
networks:
- windmill-internal
logging: *default-logging
## This worker is specialized for "native" jobs. Native jobs run in-process and thus are much more lightweight than other jobs
windmill_worker_native:
# Use ghcr.io/windmill-labs/windmill-ee:main for the ee
image: ${WM_IMAGE}
pull_policy: always
deploy:
@@ -97,64 +109,27 @@ services:
limits:
cpus: "1"
memory: 2048M
# for GB, use syntax '2Gi'
restart: unless-stopped
# Uncomment to enable PID namespace isolation (recommended for security)
# Requires privileged mode for --mount-proc flag
# See: https://www.windmill.dev/docs/advanced/security_isolation
# privileged: true
environment:
- DATABASE_URL=${DATABASE_URL}
- MODE=worker
- WORKER_GROUP=native
- NUM_WORKERS=8
- SLEEP_QUEUE=200
# Uncomment to enable PID namespace isolation (requires privileged: true above)
# - ENABLE_UNSHARE_PID=true
depends_on:
db:
condition: service_healthy
volumes:
- worker_logs:/tmp/windmill/logs
networks:
- windmill-internal
logging: *default-logging
# This worker is specialized for reports or scraping jobs. It is assigned the "reports" worker group which has an init script that installs chromium and can be targeted by using the "chromium" worker tag.
# windmill_worker_reports:
# image: ${WM_IMAGE}
# pull_policy: always
# deploy:
# replicas: 1
# resources:
# limits:
# cpus: "1"
# memory: 2048M
# # for GB, use syntax '2Gi'
# restart: unless-stopped
# # Uncomment to enable PID namespace isolation (recommended for security)
# # Requires privileged mode for --mount-proc flag
# # See: https://www.windmill.dev/docs/advanced/security_isolation
# # privileged: true
# environment:
# - DATABASE_URL=${DATABASE_URL}
# - MODE=worker
# - WORKER_GROUP=reports
# # Uncomment to enable PID namespace isolation (requires privileged: true above)
# # - ENABLE_UNSHARE_PID=true
# depends_on:
# db:
# condition: service_healthy
# # to mount the worker folder to debug, KEEP_JOB_DIR=true and mount /tmp/windmill
# volumes:
# # mount the docker socket to allow to run docker containers from within the workers
# - /var/run/docker.sock:/var/run/docker.sock
# - worker_dependency_cache:/tmp/windmill/cache
# - worker_logs:/tmp/windmill/logs
# The indexer powers full-text job and log search, an EE feature.
windmill_indexer:
image: ${WM_IMAGE}
pull_policy: always
deploy:
replicas: 0 # set to 1 to enable full-text job and log search
replicas: 0 # 必要に応じて1に変更
restart: unless-stopped
expose:
- 8002
@@ -168,51 +143,35 @@ services:
volumes:
- windmill_index:/tmp/windmill/search
- worker_logs:/tmp/windmill/logs
networks:
- windmill-internal
logging: *default-logging
# Combined extra services: LSP, Multiplayer, and Debugger
# Each service can be enabled/disabled via environment variables:
# - ENABLE_LSP=true (default) - Language Server Protocol for code intelligence
# - ENABLE_MULTIPLAYER=false - Real-time collaboration (Enterprise Edition)
# - ENABLE_DEBUGGER=false - Interactive debugging via DAP WebSocket
windmill_extra:
image: ghcr.io/windmill-labs/windmill-extra:latest
pull_policy: always
restart: unless-stopped
expose:
- 3001 # LSP
- 3002 # Multiplayer
- 3003 # Debugger
- 3001
- 3002
- 3003
environment:
- ENABLE_LSP=true
- ENABLE_MULTIPLAYER=false # Set to true to enable multiplayer (Enterprise Edition)
- ENABLE_DEBUGGER=true # Set to true to enable debugger
- DEBUGGER_PORT=3003 # Debugger service port
- ENABLE_NSJAIL=false # Set to true for nsjail sandboxing (requires privileged: true)
- REQUIRE_SIGNED_DEBUG_REQUESTS=false # Set to true to require JWT tokens for debug sessions
- ENABLE_MULTIPLAYER=false
- ENABLE_DEBUGGER=true
- DEBUGGER_PORT=3003
- ENABLE_NSJAIL=false
- REQUIRE_SIGNED_DEBUG_REQUESTS=false
- WINDMILL_BASE_URL=http://windmill_server:8000
volumes:
- lsp_cache:/pyls/.cache
networks:
- windmill-internal
logging: *default-logging
caddy:
image: ghcr.io/windmill-labs/caddy-l4:latest
restart: unless-stopped
# Configure the mounted Caddyfile and the exposed ports or use another reverse proxy if needed
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
# - ./certs:/certs # Provide custom certificate files like cert.pem and key.pem to enable HTTPS - See the corresponding section in the Caddyfile
ports:
# To change the exposed port, simply change 80:80 to <desired_port>:80. No other changes needed
- 80:80
- 25:25
# - 443:443 # Uncomment to enable HTTPS handling by Caddy
environment:
- BASE_URL=":80"
# - BASE_URL=":443" # uncomment and comment line above to enable HTTPS via custom certificate and key files
# - BASE_URL=mydomain.com # Uncomment and comment line above to enable HTTPS handling by Caddy
logging: *default-logging
# Caddyは使わないTraefikを使用
# caddy:
# deploy:
# replicas: 0
volumes:
db_data: null
@@ -221,4 +180,3 @@ volumes:
worker_memory: null
windmill_index: null
lsp_cache: null
caddy_data: null

4
env.host
View File

@@ -0,0 +1,4 @@
WM_IMAGE=ghcr.io/windmill-labs/windmill:main
DATABASE_URL=postgresql://postgres:DbForWindMillPassword:5432/windmill
LOG_MAX_SIZE=20m
LOG_MAX_FILE=10

0
sss.md
View File

55
sync_to_git.sh
View File

@@ -5,9 +5,64 @@
set -e
# 色付き出力
GREEN='\033[0;32m'
YELLOW='\033[1;33m'#!/bin/bash
# Windmill Workflow Git Auto-Sync Script for Gitea
# このスクリプトは、Windmillワークフローを自動的にGiteaにコミットプッシュします
set -e
# 色付き出力
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
NC='\033[0m' # No Color
echo -e "${GREEN}=== Windmill Workflow Git Sync (Gitea) ===${NC}"
# 作業ディレクトリに移動
cd /workspace
# PATHを設定
export PATH=~/.npm-global/bin:$PATH
# Git設定safe.directoryエラー対策
git config --global --add safe.directory /workspace
git config --global user.email "bot@example.com"
git config --global user.name "Windmill Bot"
# Windmillから最新を取得
echo -e "${YELLOW}Pulling from Windmill...${NC}"
wmill sync pull --skip-variables --skip-secrets --skip-resources --yes
# 変更があるか確認
if [[ -n $(git status --porcelain) ]]; then
echo -e "${YELLOW}Changes detected, committing to Git...${NC}"
# 変更をステージング
git add -A
# コミット
TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
git commit -m "Auto-sync: ${TIMESTAMP}
Synced workflows from Windmill workspace"
# Giteaにプッシュ
echo -e "${YELLOW}Pushing to Gitea...${NC}"
git push origin main || {
echo -e "${RED}Failed to push to Gitea. Check credentials.${NC}"
exit 1
}
echo -e "${GREEN}✓ Changes pushed to Gitea${NC}"
else
echo -e "${GREEN}✓ No changes detected${NC}"
fi
echo -e "${GREEN}=== Sync Complete ===${NC}"
NC='\033[0m' # No Color
echo -e "${GREEN}=== Windmill Workflow Git Sync ===${NC}"