I’m trying to use the windmill module, but I’m struggling to understand the required services.windmill.database.urlPath option. From what I see, it’s meant for some kind of credential - but I don’t understand what kind. And I want it for localhost, so ideally I wouldn’t want a credential anyway. Can someone elaborate, what should go in the file in that path?
I believe this should be a path to a file containing a database url, as an alternative to services.windmill.database.url
(although note that this option is not yet available on stable)
Database URLs (especially when the database service is residing on another server) can sometimes contain passwords: postgresql://user:myPassword@example.org:5432
. In order to do this safely and not to put the password in the nix store which is readable for everyone on the machine, you can provide a path to a file with more restrictive permissions.
You can probably just write the contents to a file in the nix store to mitigate the whole issue, and make a mental note to switch over once 24.11 is released. Maybe something like this?
services.windmill.database.urlPath =
pkgs.writeText
"windmill-database-url-path.txt"
"postgres://${config.services.windmill.database.name}?host=/var/run/postgresql";