Backend (Go API)
Core
| Variable | Default | Description |
|---|
DATABASE_URL | postgres://memghost:memghost@db:5432/memghost?sslmode=disable | PostgreSQL connection string |
PORT | 8080 | HTTP server listen port |
JWT_SECRET_KEY | (required) | Secret key for JWT token signing. Generate with openssl rand -hex 32 |
DATA_DIR | /data | Directory for onboarding import data files |
AI / Embeddings
| Variable | Default | Description |
|---|
AI_ENABLED | false | Master toggle for all AI features |
AI_EMBEDDING_PROVIDER | ollama | Embedding provider (ollama, openrouter) |
AI_EMBEDDING_BASE_URL | http://ollama:11434 | Provider API URL for embeddings |
AI_EMBEDDING_API_KEY | (none) | API key (for OpenRouter) |
AI_EMBEDDING_MODEL | nomic-embed-text | Embedding model name |
AI_EMBEDDING_DIMENSIONS | 768 | Vector dimensions (must match model) |
AI_LLM_PROVIDER | ollama | LLM chat provider (ollama, openrouter, anthropic) |
AI_LLM_BASE_URL | http://ollama:11434 | Provider API URL for chat |
AI_LLM_API_KEY | (none) | API key (for OpenRouter or Anthropic) |
AI_LLM_MODEL | qwen3:8b | Chat model name |
Text-to-Speech (TTS)
| Variable | Default | Description |
|---|
AI_TTS_ENABLED | false | Enable text-to-speech synthesis |
AI_TTS_BASE_URL | http://kokoro:8880 | Kokoro TTS API URL |
AI_TTS_DEFAULT_VOICE | af_heart | Default voice ID (see Voice guide) |
AI_TTS_DEFAULT_FORMAT | mp3 | Audio format: mp3, wav, opus, flac |
AI_TTS_DEFAULT_SPEED | 1.0 | Playback speed multiplier |
TTS_AUDIO_DIR | /tts-audio | Directory for synthesized audio files |
Speech-to-Text (STT)
| Variable | Default | Description |
|---|
AI_STT_ENABLED | false | Enable speech-to-text transcription |
AI_STT_BASE_URL | http://whisper:8178 | Whisper STT API URL |
AI_STT_MODEL | whisper-large-v3-turbo | Whisper model name |
AI_STT_LANGUAGE | en | Default transcription language |
Sandbox
| Variable | Default | Description |
|---|
SANDBOX_ENABLED | false | Enable Deno-based plugin sandbox execution |
Optional Integrations
| Variable | Default | Description |
|---|
OPENFGA_URL | (none) | OpenFGA authorization service URL |
ZIPKIN_URL | (none) | Zipkin distributed tracing endpoint |
OIDC_ENABLED | false | Enable OpenID Connect authentication |
OIDC_ISSUER | (none) | OIDC issuer URL (e.g., https://accounts.google.com) |
OIDC_CLIENT_ID | (none) | OIDC client ID |
OIDC_CLIENT_SECRET | (none) | OIDC client secret |
OIDC_REDIRECT_URI | (none) | OIDC callback URL |
OIDC_DISPLAY_NAME | (none) | Display name on login page |
OIDC_SCOPES | (none) | Comma-separated OIDC scopes |
Frontend (Next.js)
| Variable | Default | Description |
|---|
NEXT_PUBLIC_API_URL | (empty) | API base URL for browser requests. Empty means same-origin (proxied by Caddy). |
API_INTERNAL_URL | (empty) | Server-side URL for Next.js to reach the backend (used by API rewrites and the SSE streaming proxy) |
In the production compose, Caddy handles all routing so these frontend variables are typically left empty (the defaults work correctly).
Database (PostgreSQL)
These are set on the db service in Docker Compose:
| Variable | Default | Description |
|---|
POSTGRES_USER | memghost | Database user |
POSTGRES_PASSWORD | memghost | Database password (override with DB_PASSWORD in .env) |
POSTGRES_DB | memghost | Database name |
Docker Compose Environment
| Variable | Default | Description |
|---|
DB_PASSWORD | memghost | Database password (used in connection strings) |
JWT_SECRET_KEY | change-me-in-production | JWT signing key |
SITE_ADDRESS | localhost | Caddy site address (domain or IP) |
PORT | 80 | Host HTTP port |
HTTPS_PORT | 443 | Host HTTPS port |
Using a .env File
Create a .env file next to your docker-compose.yml to override defaults:
DB_PASSWORD=my-secure-password
JWT_SECRET_KEY=64-char-hex-string
SITE_ADDRESS=home.example.com
Docker Compose automatically reads .env from the same directory as the compose file.
