Skip to content

Environment Variables

1. Generated Environment Matrix

Variable Service Default Description
AIRFLOW_SOURCE airflow disabled -
AIRFLOW_PORT airflow Host port for the Airflow Web UI + REST API (in-container 8080).
AIRFLOW_DB_USER airflow airflow -
AIRFLOW_DB_PASSWORD airflow Auto-generated by bootstrapper. Postgres role for the Airflow metadata DB.
AIRFLOW_FERNET_KEY airflow Auto-generated. Fernet key for encrypting Connection passwords.
AIRFLOW_SECRET_KEY airflow Auto-generated. AIRFLOW__API__SECRET_KEY — signs inter-process payloads (DagFileProcessor → scheduler RPC, deferrable triggers, multi-scheduler JWTs). Airflow 3.x; previously [webserver] secret_key + Flask sessions in 2.x.
AIRFLOW_ADMIN_PASSWORD airflow Auto-generated. Admin login. Username is hardcoded 'admin'.
AIRFLOW_WEBSERVER_SCALE airflow -
AIRFLOW_SCHEDULER_SCALE airflow -
AIRFLOW_DAG_PROCESSOR_SCALE airflow Required in Airflow 3.x — the standalone DAG processor service parses DAG files into the metadata DB (the scheduler no longer does this in-process).
AIRFLOW_INIT_SCALE airflow -
AIRFLOW_WEBSERVER_MEMORY_LIMIT airflow 2g Container memory limit for airflow-webserver (deploy.resources.limits.memory). The api-server process is Python + Flask/FAB; 2 g is comfortable on a 32 GB host and prevents runaway memory from large DAG list pages.
AIRFLOW_WEBSERVER_CPU_LIMIT airflow 1.0 Container CPU limit for airflow-webserver (deploy.resources.limits.cpus). 1.0 core is ample for the API/UI server under typical load.
AIRFLOW_SCHEDULER_MEMORY_LIMIT airflow 2g Container memory limit for airflow-scheduler (deploy.resources.limits.memory). The LocalExecutor scheduler forks task processes in-process; 2 g caps runaway task forking.
AIRFLOW_SCHEDULER_CPU_LIMIT airflow 1.0 Container CPU limit for airflow-scheduler (deploy.resources.limits.cpus). 1.0 core is sufficient for LocalExecutor task scheduling on a dev/staging host.
AIRFLOW_DAG_PROCESSOR_MEMORY_LIMIT airflow 2g Container memory limit for airflow-dag-processor (deploy.resources.limits.memory). DAG parsing is Python-heavy but short-lived per cycle; 2 g prevents unbounded growth from parsing pathological DAG files.
AIRFLOW_DAG_PROCESSOR_CPU_LIMIT airflow 1.0 Container CPU limit for airflow-dag-processor (deploy.resources.limits.cpus). 1.0 core covers the periodic DAG file parsing cycle.
BACKEND_SOURCE backend container Adaptive core service; always container. Single-option.
BACKEND_PORT backend -
BACKEND_SCALE backend Always 1 (BACKEND_SOURCE is single-valued).
MAX_UPLOAD_BYTES backend 104857600 Maximum accepted /storage/upload body size in bytes before the backend returns 413.
BACKEND_STORAGE_ALLOWED_BUCKETS backend default Comma-separated Supabase Storage bucket allowlist accepted by /storage/upload.
BACKEND_CORS_ORIGINS backend * Comma-separated browser origins accepted by the backend CORS middleware. Default preserves local-development permissiveness.
BACKEND_CORS_ALLOW_ORIGIN_REGEX backend Optional regex accepted by the backend CORS middleware for wildcard subdomain policies.
LANGMEM_ENABLED backend True -
LANGMEM_MEMORY_NAMESPACE backend default -
LANGMEM_AUTO_CONSOLIDATE backend True Reserved — not yet honored. Memory consolidation currently runs only
on demand via POST /memory/consolidate; there is no background
scheduler, so changing this value has no effect today.
LANGMEM_CONSOLIDATION_INTERVAL backend 86400 Reserved — not yet honored (see LANGMEM_AUTO_CONSOLIDATE). Interval in
seconds a future auto-consolidation scheduler would use.
LANGMEM_MAX_FACTS_PER_USER backend 1000 -
LANGMEM_EXTRACTION_MODEL backend LiteLLM model id (empty = highest-priority active content model resolved by model_resolver from YAML catalogs + env).
LANGMEM_EMBEDDING_MODEL backend -
GRAPHITI_ENABLED backend False Disabled-by-default backend-only Graphiti temporal graph memory experiment. Does not expose Graphiti to agents or run a Graphiti service.
GRAPHITI_GROUP_ID_PREFIX backend atlas Prefix for backend Graphiti group_id values. Final shape: atlas::backend::user:.
GRAPHITI_DEFAULT_NAMESPACE backend langmem Default backend Graphiti namespace segment used when projecting selected LangMem facts/events.
GRAPHITI_LLM_MODEL backend Optional LiteLLM model id for Graphiti extraction. Empty falls back to LANGMEM_EXTRACTION_MODEL, then LITELLM_DEFAULT_MODEL.
GRAPHITI_EMBEDDING_MODEL backend Optional LiteLLM embedding model id for Graphiti. Empty falls back to LANGMEM_EMBEDDING_MODEL, then LITELLM_EMBEDDING_MODEL.
GRAPHITI_EXPOSE_TO_AGENTS backend False Must remain false for this backend-only evaluation; Hermes/OpenClaw exposure and Graphiti MCP are deferred.
BACKUP_SOURCE backup disabled Deployment mode: container (enable the runner) or disabled (default).
BACKUP_BUCKET backup atlas-backups Target bucket for backups.
BACKUP_S3_ALIAS_URL backup http://minio:9000 S3 endpoint. Default = on-box MinIO; set to an external S3 URL for offsite.
BACKUP_SCALE backup 0 (never long-running); the runner is invoked on demand via docker compose run.
BLENDER_MCP_SOURCE blender-mcp disabled Host-installed Blender MCP bridge source. Disabled by default because Blender MCP can execute generated Python code inside Blender.
BLENDER_MCP_HOST blender-mcp localhost Host where the Blender MCP add-on socket is listening.
BLENDER_MCP_LOCALHOST_PORT blender-mcp 9876 Host port for the Blender MCP add-on socket. This is a host-tool port hint, not a Kong or container port.
BLENDER_MCP_ENDPOINT blender-mcp Resolved endpoint hint for future MCP clients when BLENDER_MCP_SOURCE=localhost.
CELERY_SOURCE celery disabled Deployment mode: container (backend worker + Flower) or disabled.
CELERY_WORKER_SCALE celery -
FLOWER_SCALE celery -
FLOWER_PORT celery Host port for Flower (in-container 5555).
CELERY_BROKER_URL celery Redis broker URL; Atlas uses Redis database 4 for Celery.
CELERY_RESULT_BACKEND celery Redis result backend URL; Atlas uses Redis database 4 for Celery task state.
CELERY_QUEUE celery atlas Default Celery queue consumed by the Atlas backend worker.
CELERY_WORKER_CONCURRENCY celery 2 Worker process concurrency for backend async jobs.
CELERY_WORKER_PREFETCH_MULTIPLIER celery 1 Conservative prefetch to reduce head-of-line blocking for long tasks.
CELERY_TASK_TIME_LIMIT_SECONDS celery 900 Hard per-task limit. Worker kills tasks that run beyond this budget.
CELERY_TASK_SOFT_TIME_LIMIT_SECONDS celery 840 Soft per-task limit. Tasks can catch this before the hard kill.
CELERY_BROKER_VISIBILITY_TIMEOUT_SECONDS celery 3600 Redis broker visibility timeout. Keep longer than task hard limit.
CHATTERBOX_PORT chatterbox Host port for the Chatterbox container (in-container listen port is 4123).
CHATTERBOX_LOCALHOST_PORT chatterbox 63044 Host port for the chatterbox-localhost source variant. URL is derived at compose-render time as http://host.docker.internal:63044.
CHATTERBOX_SCALE chatterbox Computed by bootstrapper/services/service_config.py::_generate_tts_provider_config — set to 1 when TTS_PROVIDER_SOURCE=chatterbox-container-gpu.
CLOUD_OPENAI_SOURCE cloud-providers disabled Options: enabled, disabled.
OPENAI_API_KEY cloud-providers OpenAI API key used by LiteLLM when CLOUD_OPENAI_SOURCE=enabled.
OPENAI_USER_MODELS cloud-providers Comma-separated OpenAI model names the wizard activated.
CLOUD_ANTHROPIC_SOURCE cloud-providers disabled Options: enabled, disabled.
ANTHROPIC_API_KEY cloud-providers Anthropic API key used by LiteLLM when CLOUD_ANTHROPIC_SOURCE=enabled.
ANTHROPIC_USER_MODELS cloud-providers Comma-separated Anthropic model names the wizard activated.
CLOUD_OPENROUTER_SOURCE cloud-providers disabled Options: enabled, disabled.
OPENROUTER_API_KEY cloud-providers OpenRouter API key used by LiteLLM when CLOUD_OPENROUTER_SOURCE=enabled.
OPENROUTER_USER_MODELS cloud-providers Comma-separated OpenRouter model names the wizard activated.
LITELLM_OPENAI_ENABLED cloud-providers Derived from CLOUD_OPENAI_SOURCE.
LITELLM_ANTHROPIC_ENABLED cloud-providers Derived from CLOUD_ANTHROPIC_SOURCE.
LITELLM_OPENROUTER_ENABLED cloud-providers Derived from CLOUD_OPENROUTER_SOURCE.
LITELLM_ENABLED_PROVIDERS cloud-providers Comma-separated lowercase list of enabled cloud providers.
CLOUDFLARED_SOURCE cloudflared disabled Deployment mode: container (run the tunnel) or disabled (default).
CLOUDFLARE_TUNNEL_TOKEN cloudflared Cloudflare named-tunnel token (Zero Trust > Networks > Tunnels). When
CLOUDFLARED_SOURCE=container this must be set or the daemon exits. The
tunnel's public hostname is configured in the Cloudflare dashboard to
point at http://kong-api-gateway:8000.
CLOUDFLARED_SCALE cloudflared Set to 1 when CLOUDFLARED_SOURCE=container, 0 when disabled.
COMFYUI_SOURCE comfyui container-cpu -
COMFYUI_INIT_SOURCE comfyui container -
COMFYUI_PORT comfyui -
COMFYUI_LOCALHOST_PORT comfyui 8000 Host port for the localhost source variant. URL is derived at compose-render time as http://host.docker.internal:8000.
COMFYUI_BASE_URL comfyui http://comfyui:18188 In-container default. Runtime value is COMFYUI_ENDPOINT computed by hook.
COMFYUI_KONG_URL comfyui http://kong-api-gateway:8000/comfyui -
COMFYUI_ARGS comfyui --listen -
COMFYUI_AUTO_UPDATE comfyui False -
COMFYUI_PLATFORM comfyui linux/amd64 -
COMFYUI_UPLOAD_TO_SUPABASE comfyui True -
COMFYUI_STORAGE_BUCKET comfyui comfyui-images -
COMFYUI_MODELS_PATH comfyui /opt/ComfyUI/models -
COMFYUI_LOCAL_MODELS_PATH comfyui ~/Documents/ComfyUI/models -
COMFYUI_USER_MODELS comfyui Comma-separated catalog model names the user picked in the wizard (or via --comfyui-models). Read by services/comfyui/init/scripts/download_models.sh.
COMFYUI_CUSTOM_MODELS_FILE comfyui /custom-models.yaml Path to the ComfyUI custom-models sidecar YAML (user-authored models not in the curated catalog). Read by comfyui_resolver when generating the download manifest, and by the wizard's model picker.
COMFYUI_INIT_SCALE comfyui -
COMFYUI_SCALE comfyui -
COMFYUI_ENDPOINT comfyui Resolved per COMFYUI_SOURCE. Consumed by backend, open-webui, n8n, jupyterhub.
COMFYUI_DEPLOY_RESOURCES comfyui ~ -
COMFYUI_MEMORY_LIMIT comfyui 4g Container memory limit for the comfyui container (deploy.resources.limits.memory). 4 g is appropriate for CPU-only inference; GPU workloads holding VRAM are bounded by device memory, not host RAM, so 4 g is still a safe OOM fence on a 32 GB host.
COMFYUI_CPU_LIMIT comfyui 2.0 Container CPU limit for the comfyui container (deploy.resources.limits.cpus). 2.0 cores keeps CPU-mode inference from monopolising the host; GPU mode is GPU-bound so the CPU cap is irrelevant in practice.
CRAWL4AI_SOURCE crawl4ai disabled -
CRAWL4AI_PORT crawl4ai -
CRAWL4AI_API_TOKEN crawl4ai Bearer token required by Crawl4AI's Docker API; auto-generated by the bootstrapper.
CRAWL4AI_TIMEOUT_SECONDS crawl4ai 30 Local Deep Researcher timeout for Crawl4AI extraction calls.
CRAWL4AI_MAX_CHARS crawl4ai 60000 Maximum markdown characters Local Deep Researcher keeps from each Crawl4AI result.
CRAWL4AI_ALLOW_INTERNAL_URLS crawl4ai False Keep false unless deliberately crawling private/internal URLs from inside the Atlas network.
CRAWL4AI_SCALE crawl4ai -
CRAWL4AI_ENDPOINT crawl4ai -
DOC_PROCESSOR_SOURCE docling disabled -
DOC_PROCESSOR_PORT docling -
DOCLING_GPU_DEVICE docling cuda -
DOCLING_OUTPUT_FORMAT docling markdown -
DOCLING_USE_OCR docling auto -
DOCLING_TABLE_MODE docling accurate -
DOCLING_MAX_FILE_SIZE docling 52428800 -
DOCLING_ENABLE_FORMULAS docling True -
DOCLING_ENABLE_CODE_BLOCKS docling True -
DOCLING_CHUNK_SIZE docling 512 -
DOCLING_CHUNK_OVERLAP docling 50 -
DOCLING_GPU_SCALE docling -
DOCLING_ENDPOINT docling -
DOCLING_LOCALHOST_PORT docling 63059 Host port for the localhost source variant. URL is derived at compose-render time as http://host.docker.internal:63059.
PROJECT_NAME globals atlas Docker Compose project name — the container/volume/network prefix (-…) and docker compose -p namespace. start.sh AND stop.sh read it from here, so stop tears down exactly what start launched. Override with ./start.sh --project <name> (also -p; persists back here) or by editing this value. Set a unique name when running Atlas as a submodule so you don't collide with a base Atlas stack.
BASE_PORT globals 63000 Base port. Every service's *_PORT derives from this + a fixed offset.
HOST_BIND_IP globals Host interface prefix for ALL published service ports. Empty (default)
=> Docker binds 0.0.0.0 (dev). --profile prod sets this to
"127.0.0.1:" so service ports are reachable only from the host (the
public edge — Cloudflare Tunnel or Caddy — reaches Kong locally).
Must include the trailing colon when set, e.g. "127.0.0.1:".
HOST_GATEWAY_IP globals host-gateway Bootstrapper computes this at runtime based on the runtime (Docker:
"host-gateway"; Podman: literal gateway IP). If you copy this file to
.env manually without running ./start.sh, set this to "host-gateway"
on Linux/macOS Docker, or the real bridge IP on rootless setups.
BRAND_NAME globals Atlas -
BRAND_TAGLINE globals A self-hosted, source-configurable, multi-disciplinary engineering platform — gen-AI, ML, and data. -
BRAND_VERSION globals 0.1.0 -
BRAND_AUTHOR globals Kaveh Razavi -
BRAND_AUTHOR_EMAIL globals kaveh.razavi@gmail.com -
BRAND_LICENSE globals Apache License 2.0 -
BRAND_REPO_URL globals https://github.com/thekaveh/atlas -
BRAND_LOGO_FILE globals Optional path to a custom block-art logo that overrides the built-in ATLAS lockup in the wizard + --no-tui banner (the BRAND_* rebranding contract). File format: the wide-lockup rows, an optional '---' line on its own, then the narrow (compact) fallback rows used on terminals too small for the wide one. Keep it 6 rows tall. Empty = built-in ATLAS. Format + example: docs/quick-start/interactive-setup-wizard.md (Brand Customization).
COMPOSE_PROFILES globals Docker Compose profile activation list. Rebuilt from scratch on every
./start.sh run from the active STT/TTS/doc-processor sources
(speaches-cpu/-gpu, parakeet-gpu, chatterbox-gpu, docling-gpu/doc-gpu).
Do not edit by hand — the bootstrapper owns this value.
NVIDIA_VISIBLE_DEVICES globals all Host-side GPU visibility. Forwarded into every NVIDIA-runtime container.
PROD_ENV_CPUS globals 2 Default container CPU cap (cores). Per-service overrides below.
PROD_ENV_MEM_LIMIT globals 8g -
PROD_ENV_BACKEND_CPUS globals 1 -
PROD_ENV_BACKEND_MEM_LIMIT globals 2g -
PROD_ENV_N8N_CPUS globals 1 -
PROD_ENV_N8N_MEM_LIMIT globals 2g -
PROD_ENV_COMFYUI_CPUS globals 2 -
PROD_ENV_COMFYUI_MEM_LIMIT globals 4g -
LOG_MAX_SIZE globals 10m Per-container json-file log max size (Docker logging option).
LOG_MAX_FILE globals 3 Per-container json-file log file count (Docker logging option).
BOOTSTRAPPER_PORT_LAYOUT_VERSION globals 3 Sentinel updated by bootstrapper/services/migrations. Missing or PORT, v3 COMFYUI model-set). Fresh .env files are already v3-shaped.
GRAFANA_SOURCE grafana disabled -
GRAFANA_PORT grafana Host port for Grafana's HTTP server (in-container 3000).
GRAFANA_ADMIN_USERNAME grafana admin Grafana admin login. Override in .env if needed.
GRAFANA_ADMIN_PASSWORD grafana Auto-generated on first bootstrap by generate_grafana_admin_password() (mirrors LiteLLM UI_PASSWORD pattern). Persisted to .env; users can rotate by editing .env and restarting.
GRAFANA_ENDPOINT grafana -
GRAFANA_SCALE grafana -
HERMES_SOURCE hermes container -
HERMES_API_PORT hermes Host port for the Hermes Agent OpenAI-compatible API (in-container listen port is 8642).
HERMES_DASHBOARD_PORT hermes Host port for the Hermes Agent web dashboard (in-container listen port is 9119).
HERMES_MEMORY_LIMIT hermes 4g -
HERMES_CPU_LIMIT hermes 2.0 -
HERMES_API_KEY hermes Auto-generated by bootstrapper. Forwarded to LiteLLM via API_SERVER_KEY.
HERMES_DEFAULT_MODEL hermes Empty = hermes-init picks from LiteLLM /v1/models priority list.
HERMES_CONTEXT_LENGTH hermes 65536 -
HERMES_DASHBOARD_ENABLED hermes True -
HERMES_DASHBOARD_TUI hermes 1 Embed PTY-backed Chat tab in dashboard. 1 = on, 0 = read-only.
HERMES_DASHBOARD_INSECURE hermes True Allow the dashboard to bind to its non-loopback container address (0.0.0.0) without a Nous Portal OAuth provider. Required since the upstream image stopped implicitly inferring insecure mode from the bind host; without it the dashboard fails closed and s6 restart-loops it. Safe here: the dashboard binds inside the isolated backend-network and is only reachable via the localhost host-port + Kong. Set to false (and provide HERMES_DASHBOARD_OAUTH_CLIENT_ID) to enforce the OAuth auth gate instead.
HERMES_UID hermes 10000 Container user — match a host UID to read hermes-data from outside.
HERMES_GID hermes 10000 -
HERMES_LOCALHOST_PORT hermes 8642 Host port for the Hermes API in the localhost source variant. Consumed by HERMES_ENDPOINT (in-container clients call this). Defaults to Hermes' native API port.
HERMES_LOCALHOST_DASHBOARD_PORT hermes 9119 Host port for the Hermes web dashboard in the localhost source variant. The Kong route fronting hermes.localhost targets this. Defaults to Hermes' native dashboard port. The wizard's inline textbox edits HERMES_LOCALHOST_PORT (the API); override this via .env hand-edit if your host dashboard runs on a non-default port.
HERMES_INIT_SOURCE hermes container Auto-managed by hermes. Container/disabled.
HERMES_INIT_SCALE hermes -
HERMES_SCALE hermes -
HERMES_ENDPOINT hermes Resolved per HERMES_SOURCE. Consumed by openclaw-gateway, LiteLLM model_list.
TTS_INTERNAL_URL hermes -
STT_INTERNAL_URL hermes -
COMFYUI_INTERNAL_URL hermes -
SEARXNG_INTERNAL_URL hermes -
LIGHTRAG_INTERNAL_URL hermes -
ICEBERG_REST_SOURCE iceberg-rest disabled -
ICEBERG_REST_PORT iceberg-rest Host port for the Iceberg REST Catalog API (in-container 8181).
ICEBERG_DB_USER iceberg-rest iceberg -
ICEBERG_DB_PASSWORD iceberg-rest Auto-generated by bootstrapper. Postgres role for the Iceberg JDBC catalog DB.
ICEBERG_REST_POSTGRES_JDBC_VERSION iceberg-rest 42.7.12 PostgreSQL JDBC driver version layered into the local Iceberg REST image build.
ICEBERG_REST_SCALE iceberg-rest -
ICEBERG_REST_INIT_SCALE iceberg-rest -
JENKINS_SOURCE jenkins disabled -
JENKINS_PORT jenkins Host port for the Jenkins Web UI (in-container 8080).
JENKINS_SCALE jenkins -
JENKINS_ADMIN_USER jenkins admin Jenkins admin login created by JCasC.
JENKINS_ADMIN_PASSWORD jenkins Auto-generated on first bootstrap by KeyGenerator.generate_jenkins_admin_password().
JENKINS_MEMORY_LIMIT jenkins 3g Container memory limit for Jenkins controller and local Maven builds.
JENKINS_CPU_LIMIT jenkins 2.0 Container CPU limit for Jenkins controller and local Maven builds.
JUPYTERHUB_SOURCE jupyterhub container -
JUPYTERHUB_PORT jupyterhub -
JUPYTERHUB_TOKEN jupyterhub Optional. Empty = generate on start.
JUPYTER_ALLOW_ORIGIN jupyterhub * Allowed browser origin for Jupyter Server websocket upgrades; keep '*' for local dev, narrow for shared deployments.
SPARK_REMOTE jupyterhub sc://spark-connect:15002 Spark Connect endpoint used by bundled notebooks; override for a remote or managed Spark Connect server.
JUPYTERHUB_SCALE jupyterhub -
KONG_API_GATEWAY_SOURCE kong container Single-option (container only).
KONG_HTTP_PORT kong -
KONG_HTTPS_PORT kong -
DASHBOARD_USERNAME kong kong_admin -
DASHBOARD_PASSWORD kong kong_password Auto-generated on first ./start.sh when left at the placeholder (rotate-when-absent, like MINIO_ROOT_PASSWORD). Gates the Kong-routed Studio dashboard via basic-auth.
LABEL_STUDIO_SOURCE label-studio disabled -
LABEL_STUDIO_PORT label-studio Host port for the Label Studio UI/API (in-container 8080).
LABEL_STUDIO_ENDPOINT label-studio In-network URL for Atlas services and notebooks.
LABEL_STUDIO_API_URL label-studio Notebook/backend API URL; empty when Label Studio is disabled.
LABEL_STUDIO_SCALE label-studio -
LABEL_STUDIO_INIT_SCALE label-studio -
LABEL_STUDIO_DB_NAME label-studio label_studio -
LABEL_STUDIO_DB_USER label-studio label_studio -
LABEL_STUDIO_DB_PASSWORD label-studio Auto-generated Postgres password for the dedicated Label Studio database role.
LABEL_STUDIO_USERNAME label-studio admin@atlas.local Initial Label Studio admin email passed to upstream USERNAME.
LABEL_STUDIO_PASSWORD label-studio Auto-generated initial Label Studio admin password.
LABEL_STUDIO_USER_TOKEN label-studio Auto-generated legacy API token for notebook/API smoke paths.
LABEL_STUDIO_SECRET_KEY label-studio Django SECRET_KEY used by the Label Studio container.
LANGFUSE_SOURCE langfuse disabled -
LANGFUSE_PORT langfuse Host port for the Langfuse web UI/API (in-container 3000).
LANGFUSE_ENDPOINT langfuse In-network URL used by LiteLLM when Langfuse tracing is enabled.
LANGFUSE_WEB_SCALE langfuse -
LANGFUSE_WORKER_SCALE langfuse -
LANGFUSE_CLICKHOUSE_SCALE langfuse -
LANGFUSE_INIT_SCALE langfuse -
LANGFUSE_DB_NAME langfuse langfuse -
LANGFUSE_SALT langfuse Auto-generated by the bootstrapper on first run.
LANGFUSE_ENCRYPTION_KEY langfuse 64 hex chars. Auto-generated by the bootstrapper on first run.
LANGFUSE_NEXTAUTH_SECRET langfuse Auto-generated by the bootstrapper on first run.
LANGFUSE_PUBLIC_KEY langfuse Initial Langfuse project public key used by LiteLLM tracing.
LANGFUSE_SECRET_KEY langfuse Initial Langfuse project secret key used by LiteLLM tracing.
LANGFUSE_INIT_ORG_ID langfuse atlas -
LANGFUSE_INIT_ORG_NAME langfuse Atlas -
LANGFUSE_INIT_PROJECT_ID langfuse atlas-default -
LANGFUSE_INIT_PROJECT_NAME langfuse Atlas Default -
LANGFUSE_INIT_USER_EMAIL langfuse admin@atlas.localhost -
LANGFUSE_INIT_USER_NAME langfuse Atlas Admin -
LANGFUSE_INIT_USER_PASSWORD langfuse Auto-generated by the bootstrapper on first run.
LANGFUSE_CLICKHOUSE_USER langfuse clickhouse -
LANGFUSE_CLICKHOUSE_PASSWORD langfuse Auto-generated by the bootstrapper on first run.
LIGHTRAG_SOURCE lightrag disabled -
LIGHTRAG_API_PORT lightrag Host port for LightRAG (in-container 9621).
LIGHTRAG_LOCALHOST_PORT lightrag 63068 Host port for the localhost source variant.
LIGHTRAG_API_KEY lightrag Auto-generated bearer key. Forwarded to LiteLLM as the model api_key.
LIGHTRAG_TOKEN_SECRET lightrag Auto-generated JWT signing key for LightRAG's /login endpoint. Without this, LightRAG falls back to a hardcoded default key (security risk).
LIGHTRAG_WORKERS lightrag 2 -
LIGHTRAG_MEMORY_LIMIT lightrag 6g -
LIGHTRAG_CPU_LIMIT lightrag 2.0 -
LIGHTRAG_LLM_BINDING lightrag openai -
LIGHTRAG_LLM_BINDING_HOST lightrag http://litellm:4000/v1 -
LIGHTRAG_LLM_MODEL lightrag Empty = lightrag-init resolves from LITELLM_DEFAULT_MODEL.
LIGHTRAG_EXTRACT_LLM_MODEL lightrag Optional LightRAG EXTRACT role model. Empty = inherit LLM_MODEL.
LIGHTRAG_KEYWORD_LLM_MODEL lightrag Optional LightRAG KEYWORD role model. Empty = inherit LLM_MODEL.
LIGHTRAG_QUERY_LLM_MODEL lightrag Optional LightRAG QUERY role model. Empty = inherit LLM_MODEL.
LIGHTRAG_EXTRACT_LLM_BINDING lightrag Optional EXTRACT role provider binding. Empty = inherit LLM_BINDING.
LIGHTRAG_KEYWORD_LLM_BINDING lightrag Optional KEYWORD role provider binding. Empty = inherit LLM_BINDING.
LIGHTRAG_QUERY_LLM_BINDING lightrag Optional QUERY role provider binding. Empty = inherit LLM_BINDING.
LIGHTRAG_EXTRACT_LLM_BINDING_HOST lightrag Optional EXTRACT role provider endpoint. Empty = inherit LLM_BINDING_HOST.
LIGHTRAG_KEYWORD_LLM_BINDING_HOST lightrag Optional KEYWORD role provider endpoint. Empty = inherit LLM_BINDING_HOST.
LIGHTRAG_QUERY_LLM_BINDING_HOST lightrag Optional QUERY role provider endpoint. Empty = inherit LLM_BINDING_HOST.
LIGHTRAG_EXTRACT_LLM_BINDING_API_KEY lightrag Optional EXTRACT role provider API key. Empty = inherit LLM_BINDING_API_KEY for same-provider roles.
LIGHTRAG_KEYWORD_LLM_BINDING_API_KEY lightrag Optional KEYWORD role provider API key. Empty = inherit LLM_BINDING_API_KEY for same-provider roles.
LIGHTRAG_QUERY_LLM_BINDING_API_KEY lightrag Optional QUERY role provider API key. Empty = inherit LLM_BINDING_API_KEY for same-provider roles.
LIGHTRAG_EXTRACT_MAX_ASYNC_LLM lightrag Optional EXTRACT role LLM concurrency. Empty = inherit MAX_ASYNC_LLM.
LIGHTRAG_KEYWORD_MAX_ASYNC_LLM lightrag Optional KEYWORD role LLM concurrency. Empty = inherit MAX_ASYNC_LLM.
LIGHTRAG_QUERY_MAX_ASYNC_LLM lightrag Optional QUERY role LLM concurrency. Empty = inherit MAX_ASYNC_LLM.
LIGHTRAG_EXTRACT_LLM_TIMEOUT lightrag Optional EXTRACT role LLM timeout in seconds. Empty = inherit LLM_TIMEOUT.
LIGHTRAG_KEYWORD_LLM_TIMEOUT lightrag Optional KEYWORD role LLM timeout in seconds. Empty = inherit LLM_TIMEOUT.
LIGHTRAG_QUERY_LLM_TIMEOUT lightrag Optional QUERY role LLM timeout in seconds. Empty = inherit LLM_TIMEOUT.
LIGHTRAG_QUERY_ENABLE_RERANK lightrag false LightRAG query default for reranking. Atlas keeps this false by default because direct LightRAG→TEI rerank payloads are incompatible without an adapter.
LIGHTRAG_QUERY_TOP_K lightrag 10 LightRAG query TOP_K. Atlas defaults this to a concrete integer because LightRAG v1.5.4 crashes when this env var is present but empty.
LIGHTRAG_QUERY_CHUNK_TOP_K lightrag 5 LightRAG query CHUNK_TOP_K. Atlas defaults this to a concrete integer because LightRAG v1.5.4 crashes when this env var is present but empty.
LIGHTRAG_QUERY_MAX_TOTAL_TOKENS lightrag 12000 LightRAG query MAX_TOTAL_TOKENS. Atlas defaults this to a concrete integer because LightRAG v1.5.4 crashes when this env var is present but empty.
LIGHTRAG_EMBEDDING_BINDING lightrag openai -
LIGHTRAG_EMBEDDING_BINDING_HOST lightrag http://litellm:4000/v1 -
LIGHTRAG_EMBEDDING_MODEL lightrag Empty = lightrag-init resolves from LITELLM_EMBEDDING_MODEL.
LIGHTRAG_EMBEDDING_DIM lightrag Empty = auto (lightrag-init probes the embedding model's true dimension). Set ONLY to force a value — a wrong dim writes a mismatched PGVector index and every insert fails.
LIGHTRAG_VLM_PROCESS_ENABLE lightrag true -
LIGHTRAG_KV_STORAGE lightrag RedisKVStorage -
LIGHTRAG_VECTOR_STORAGE lightrag PGVectorStorage -
LIGHTRAG_GRAPH_STORAGE lightrag Neo4JStorage -
LIGHTRAG_DOC_STATUS_STORAGE lightrag RedisDocStatusStorage -
LIGHTRAG_SCALE lightrag -
LIGHTRAG_INIT_SCALE lightrag -
LIGHTRAG_ENDPOINT lightrag Consumed by hermes/n8n/backend runtime_adaptive and LiteLLM model_list.
LIGHTRAG_RERANK_BINDING_HOST lightrag -
LIGHTRAG_RERANK_BINDING lightrag Always null by default. Direct LightRAG→TEI rerank payloads are incompatible without an adapter, and LightRAG crashes on an empty value.
LIGHTRAG_DOCLING_ENDPOINT lightrag -
LIGHTRAG_PG_URI lightrag -
LIGHTRAG_NEO4J_URI lightrag -
LIGHTRAG_NEO4J_USERNAME lightrag -
LIGHTRAG_NEO4J_PASSWORD lightrag -
LIGHTRAG_REDIS_URI lightrag -
LITELLM_SOURCE litellm container Locked. LiteLLM is mandatory; only one source value supported.
LITELLM_PORT litellm -
LITELLM_INIT_SCALE litellm 1 Init container always runs (single value).
LITELLM_MASTER_KEY litellm Auto-generated by bootstrapper on first run. Doubles as the admin-dashboard password.
LITELLM_UI_USERNAME litellm admin Admin-dashboard login username at http://litellm.localhost:${KONG_HTTP_PORT}/ui/. Password is LITELLM_MASTER_KEY.
LITELLM_DB_NAME litellm litellm -
LITELLM_EMBEDDING_MODEL litellm ollama/nomic-embed-text Default embedding model used by weaviate-init when computing collection vectorizers.
LITELLM_DEFAULT_MODEL litellm Optional default chat model passed to LangMem (backend).
LITELLM_VISION_MODEL litellm Default vision-capable model (resolved from the model catalog; forward-looking — no consumer routes on it yet).
LITELLM_BASE_URL litellm http://litellm:4000 In-network URL consumers point at (backend, n8n, jupyterhub, open-webui).
LLM_GRAPH_BUILDER_SOURCE llm-graph-builder disabled -
LLM_GRAPH_BUILDER_REF llm-graph-builder 4a412f4688cf4096976045c019edc0a7f6ddcb6b Pinned upstream neo4j-labs/llm-graph-builder git ref used by the source-build containers.
LLM_GRAPH_BUILDER_PORT llm-graph-builder Host port for the Graph Builder frontend (in-container 8080).
LLM_GRAPH_BUILDER_MODEL_ID llm-graph-builder atlas_litellm Model id shown in the Graph Builder UI. Atlas maps this id to LiteLLM's OpenAI-compatible endpoint.
LLM_GRAPH_BUILDER_LLM_MODEL llm-graph-builder LiteLLM model alias used behind atlas_litellm. Empty = use LITELLM_DEFAULT_MODEL.
LLM_GRAPH_BUILDER_NEO4J_DATABASE llm-graph-builder neo4j Neo4j database name for Graph Builder data. Use a dedicated database on editions that support it.
LLM_GRAPH_BUILDER_REACT_APP_SOURCES llm-graph-builder local,wiki,web Comma-separated upstream source picker values compiled into the frontend.
LLM_GRAPH_BUILDER_CHAT_MODES llm-graph-builder vector,graph_vector,graph,fulltext,graph_vector_fulltext,entity_vector,global_vector Comma-separated chat modes compiled into the frontend.
LLM_GRAPH_BUILDER_TIME_PER_PAGE llm-graph-builder 50 -
LLM_GRAPH_BUILDER_CHUNK_SIZE llm-graph-builder 5242880 -
LLM_GRAPH_BUILDER_LARGE_FILE_SIZE llm-graph-builder 5242880 -
LLM_GRAPH_BUILDER_BATCH_SIZE llm-graph-builder 2 -
LLM_GRAPH_BUILDER_CHUNK_OVERLAP llm-graph-builder 20 -
LLM_GRAPH_BUILDER_TOKENS_PER_CHUNK llm-graph-builder 200 -
LLM_GRAPH_BUILDER_CHUNK_TO_COMBINE llm-graph-builder 1 -
LLM_GRAPH_BUILDER_MAX_TOKEN_CHUNK_SIZE llm-graph-builder 10000 -
LLM_GRAPH_BUILDER_KNN_MIN_SCORE llm-graph-builder 0.94 -
LLM_GRAPH_BUILDER_UPDATE_GRAPH_CHUNKS_PROCESSED llm-graph-builder 20 -
LLM_GRAPH_BUILDER_ENTITY_EMBEDDING llm-graph-builder false -
LLM_GRAPH_BUILDER_ENABLE_USER_AGENT llm-graph-builder true -
LLM_GRAPH_BUILDER_USER_AGENT llm-graph-builder Atlas-LLM-Graph-Builder -
LLM_GRAPH_BUILDER_TRACK_USER_USAGE llm-graph-builder false -
LLM_GRAPH_BUILDER_AUTHENTICATION_REQUIRED llm-graph-builder false -
LLM_GRAPH_BUILDER_BACKEND_SCALE llm-graph-builder -
LLM_GRAPH_BUILDER_FRONTEND_SCALE llm-graph-builder -
LLM_GRAPH_BUILDER_ENDPOINT llm-graph-builder Internal frontend URL.
LLM_GRAPH_BUILDER_BACKEND_ENDPOINT llm-graph-builder Internal backend API URL.
LLM_GRAPH_BUILDER_LITELLM_MODEL_CONFIG llm-graph-builder Model config consumed as LLM_MODEL_CONFIG_ATLAS_LITELLM by the upstream backend.
LOCAL_DEEP_RESEARCHER_SOURCE local-deep-researcher container -
LOCAL_DEEP_RESEARCHER_PORT local-deep-researcher -
LOCAL_DEEP_RESEARCHER_LOOPS local-deep-researcher 3 -
LOCAL_DEEP_RESEARCHER_SEARCH_API local-deep-researcher searxng -
LOCAL_DEEP_RESEARCHER_WORKERS local-deep-researcher 3 -
LOCAL_DEEP_RESEARCHER_FULL_PAGE_MODE local-deep-researcher disabled Full-page extraction mode: disabled, builtin, or crawl4ai. The crawl4ai mode requires CRAWL4AI_SOURCE=container.
FETCH_FULL_PAGE local-deep-researcher -
LOCAL_DEEP_RESEARCHER_SCALE local-deep-researcher -
LOKI_SOURCE loki disabled -
LOKI_SCALE loki -
LOKI_ENDPOINT loki Internal Loki API endpoint consumed by Grafana.
LOKI_RETENTION_PERIOD loki 24h Short local retention period for Loki compactor-managed log deletion.
MCP_SERVERS_SOURCE mcp-servers disabled Curated MCP package source. Disabled by default because MCP tools can reach stack internals.
MCP_SERVERS_PORT mcp-servers Host port for the curated MCP Streamable HTTP endpoint (container port 8000).
MCP_SERVERS_SCALE mcp-servers Replicas: 1 when MCP_SERVERS_SOURCE=container, else 0.
MCP_POSTGRES_MAX_ROWS mcp-servers 50 Maximum rows returned by the Postgres MCP query tool.
MCP_SEARXNG_MAX_RESULTS mcp-servers 5 Maximum SearXNG results returned by the web-search MCP tool.
MCP_TOOL_TIMEOUT_SECONDS mcp-servers 15 Timeout for upstream database/search calls made by MCP tools.
MINIO_SOURCE minio container -
MINIO_PORT minio Host port for the MinIO S3 API (in-container listen port is 9000).
MINIO_CONSOLE_PORT minio Host port for the MinIO admin console (in-container listen port is 9001).
MINIO_ROOT_USER minio minioadmin -
MINIO_ROOT_PASSWORD minio Auto-generated by bootstrapper KeyGenerator.generate_minio_root_password().
MINIO_REGION minio us-east-1 -
MINIO_INIT_SOURCE minio container Auto-managed by minio. Container/disabled.
MINIO_SCALE minio -
MINIO_INIT_SCALE minio -
MINIO_ENDPOINT minio In-network URL (S3 API).
MINIO_PUBLIC_ENDPOINT minio Host-side URL (for browser redirects).
MINIO_PUBLIC_CONSOLE_ENDPOINT minio -
MINIO_BUCKET_COMFYUI minio comfyui -
MINIO_COMFYUI_ACCESS_KEY minio Auto-generated scoped MinIO access key for the comfyui bucket.
MINIO_COMFYUI_SECRET_KEY minio Auto-generated scoped MinIO secret key for the comfyui bucket.
MINIO_BUCKET_BACKEND minio backend -
MINIO_BACKEND_ACCESS_KEY minio Auto-generated scoped MinIO access key for the backend bucket.
MINIO_BACKEND_SECRET_KEY minio Auto-generated scoped MinIO secret key for the backend bucket.
MINIO_BUCKET_N8N minio n8n -
MINIO_N8N_ACCESS_KEY minio Auto-generated scoped MinIO access key for the n8n bucket.
MINIO_N8N_SECRET_KEY minio Auto-generated scoped MinIO secret key for the n8n bucket.
MINIO_BUCKET_JUPYTER minio jupyter -
MINIO_JUPYTER_ACCESS_KEY minio Auto-generated scoped MinIO access key for the jupyter bucket.
MINIO_JUPYTER_SECRET_KEY minio Auto-generated scoped MinIO secret key for the jupyter bucket.
MINIO_BUCKET_DOCLING minio docling -
MINIO_DOCLING_ACCESS_KEY minio Auto-generated scoped MinIO access key for the docling bucket.
MINIO_DOCLING_SECRET_KEY minio Auto-generated scoped MinIO secret key for the docling bucket.
MINIO_BUCKET_LANGFUSE minio langfuse -
MINIO_LANGFUSE_ACCESS_KEY minio Auto-generated scoped MinIO access key for the langfuse bucket.
MINIO_LANGFUSE_SECRET_KEY minio Auto-generated scoped MinIO secret key for the langfuse bucket.
MINIO_BUCKET_MLFLOW minio mlflow -
MINIO_MLFLOW_ACCESS_KEY minio Auto-generated scoped MinIO access key for the mlflow bucket.
MINIO_MLFLOW_SECRET_KEY minio Auto-generated scoped MinIO secret key for the mlflow bucket.
MINIO_BUCKET_LABEL_STUDIO minio label-studio -
MINIO_LABEL_STUDIO_ACCESS_KEY minio Auto-generated scoped MinIO access key for the label-studio bucket.
MINIO_LABEL_STUDIO_SECRET_KEY minio Auto-generated scoped MinIO secret key for the label-studio bucket.
MINIO_BUCKET_ICEBERG_LAKEHOUSE minio lakehouse -
MINIO_BUCKET_ICEBERG_JARS minio jars -
MINIO_BUCKET_ICEBERG_CHECKPOINTS minio checkpoints -
MINIO_BUCKET_ICEBERG_LANDING minio landing -
MINIO_ICEBERG_ACCESS_KEY minio Auto-generated scoped MinIO access key for the Iceberg lakehouse buckets.
MINIO_ICEBERG_SECRET_KEY minio Auto-generated scoped MinIO secret key for the Iceberg lakehouse buckets.
MLFLOW_SOURCE mlflow disabled -
MLFLOW_PORT mlflow Host port for the MLflow UI/API (in-container 5000).
MLFLOW_ENDPOINT mlflow In-network URL for Atlas services and notebooks.
MLFLOW_TRACKING_URI mlflow Tracking URI injected into JupyterHub when MLflow is enabled.
MLFLOW_SCALE mlflow -
MLFLOW_INIT_SCALE mlflow -
MLFLOW_DB_NAME mlflow mlflow -
MLFLOW_DB_USER mlflow mlflow -
MLFLOW_DB_PASSWORD mlflow Auto-generated Postgres password for the dedicated MLflow database role.
N8N_SOURCE n8n container -
N8N_PORT n8n -
N8N_ENCRYPTION_KEY n8n your-random-encryption-key Encryption key for n8n credentials and workflow secrets; auto-generated by the bootstrapper when left as the placeholder.
N8N_API_KEY n8n n8n public-API key (n8n CE issues these only via the UI: Settings → n8n API). Consumed by the backend's /workflows endpoints; while empty those endpoints currently return backend errors from failed upstream n8n calls.
N8N_AUTH_ENABLED n8n True -
N8N_HOST n8n n8n.localhost -
N8N_PROTOCOL n8n http -
N8N_EXECUTIONS_MODE n8n queue -
N8N_COMMUNITY_PACKAGES_ENABLED n8n True -
N8N_COMMUNITY_PACKAGES_ALLOW_TOOL_USAGE n8n True -
N8N_INIT_SOURCE n8n container -
N8N_INIT_NODES n8n n8n-nodes-comfyui,@ksc1234/n8n-nodes-comfyui-image-to-image,n8n-nodes-mcp -
N8N_SCALE n8n -
N8N_WORKER_SCALE n8n -
N8N_INIT_SCALE n8n -
NEO4J_GRAPH_DB_SOURCE neo4j container Neo4j deployment source. Drives NEO4J_SCALE and NEO4J_URI.
GRAPH_DB_PORT neo4j Host port for Neo4j bolt (container port 7687).
GRAPH_DB_DASHBOARD_PORT neo4j Host port for Neo4j browser dashboard (container port 7474).
GRAPH_DB_USER neo4j neo4j -
GRAPH_DB_PASSWORD neo4j neo4j_password Neo4j password; auto-generated by the bootstrapper when left as the placeholder.
GRAPH_DB_AUTH neo4j neo4j/neo4j_password Neo4j auth in username/password format.
NEO4J_URI neo4j Computed from NEO4J_GRAPH_DB_SOURCE. Read by backend/jupyterhub.
NEO4J_SCALE neo4j Replicas: 1 for container, 0 otherwise.
NEO4J_LOCALHOST_HTTP_PORT neo4j 7474 Host HTTP port for the neo4j-localhost source variant (browser UI + REST). Kong route target is derived as http://host.docker.internal:7474.
NEO4J_LOCALHOST_BOLT_PORT neo4j 7687 Host Bolt port for the neo4j-localhost source variant (driver protocol). NEO4J_URI is derived as bolt://host.docker.internal:7687. The wizard's inline-textbox edits THIS port (HTTP is overridable via .env hand-edit).
NEO4J_MEMORY_LIMIT neo4j 2g Container memory limit for neo4j-graph-db (deploy.resources.limits.memory). 2 g is conservative for a 32 GB host; Neo4j keeps hot nodes in a heap-based page cache that typically stays well under 2 g for single-node dev/staging workloads.
NEO4J_CPU_LIMIT neo4j 1.5 Container CPU limit for neo4j-graph-db (deploy.resources.limits.cpus). 1.5 cores is sufficient for single-node Bolt + HTTP query serving.
LLM_PROVIDER_SOURCE ollama ollama-container-cpu -
OLLAMA_USER_MODELS ollama Comma-separated Ollama model names to activate/pull. Pre-filled by env_assembler from the catalog's default-active Ollama set (see services/ollama/models.yaml); the wizard overwrites it with the user's selection.
OLLAMA_CUSTOM_MODELS ollama Free-text extra Ollama models pulled in container-* sources.
OLLAMA_AUTO_IMPORT_LOCAL_MODELS ollama True When LLM_PROVIDER_SOURCE=ollama-localhost, litellm-init queries the upstream's /api/tags and auto-imports every model found, unioning with OLLAMA_USER_MODELS. Set false to keep strict wizard-only control.
OLLAMA_DEPLOY_RESOURCES ollama ~ Reserved for future GPU deploy block. Currently '~' (null).
OLLAMA_SCALE ollama -
OLLAMA_PULL_SCALE ollama -
OLLAMA_NVIDIA_VISIBLE_DEVICES ollama -
OLLAMA_ENDPOINT ollama -
LITELLM_OLLAMA_UPSTREAM ollama Ollama URL the LiteLLM gateway forwards Ollama-routed requests to. Owned by ollama because the value flips with LLM_PROVIDER_SOURCE; consumed by litellm-init when rendering its config.yaml.
OLLAMA_LOCALHOST_PORT ollama 11434 Host port for the ollama-localhost source variant. URL is derived at compose-render time as http://host.docker.internal:11434.
OPEN_WEB_UI_SOURCE open-webui container -
OPEN_WEB_UI_PORT open-webui -
OPEN_WEB_UI_SECRET_KEY open-webui secret Open WebUI session/signing secret; auto-generated by the bootstrapper when left as the placeholder.
OPEN_WEB_UI_ADMIN_EMAIL open-webui admin@localhost -
OPEN_WEB_UI_ADMIN_PASSWORD open-webui admin Initial Open WebUI admin password; auto-generated by the bootstrapper when left as the placeholder.
OPEN_WEB_UI_ADMIN_NAME open-webui Admin -
OPEN_WEB_UI_WEBSOCKET_SUPPORT open-webui True -
OPEN_WEB_UI_REDIS_DB open-webui 2 -
OPEN_WEB_UI_MODEL_CACHE_TTL open-webui 300 -
OPEN_WEB_UI_TTS_ENGINE open-webui Set by bootstrapper when speaches/chatterbox are enabled.
OPEN_WEB_UI_STT_ENGINE open-webui -
OPEN_WEB_UI_TTS_MODEL open-webui Model name Open WebUI sends to /v1/audio/speech. Empty = engine default.
OPEN_WEB_UI_TTS_VOICE open-webui Voice id. Empty = engine default.
OPEN_WEB_UI_TTS_API_URL open-webui -
OPEN_WEB_UI_STT_API_URL open-webui -
OPEN_WEB_UI_SCALE open-webui -
OPEN_WEB_UI_INIT_SCALE open-webui -
OPENCLAW_SOURCE openclaw disabled -
OPENCLAW_GATEWAY_PORT openclaw -
OPENCLAW_BRIDGE_PORT openclaw -
OPENCLAW_GATEWAY_TOKEN openclaw Optional bearer token for securing the OpenClaw gateway and dashboard.
OPENCLAW_LOCALHOST_PORT openclaw 63065 Host port for the localhost source variant (defaults to the freed OPENCLAW_GATEWAY_PORT slot). URL is derived at compose-render time as http://host.docker.internal:63065.
OPENCLAW_INIT_SOURCE openclaw container -
OPENCLAW_ANTHROPIC_API_KEY openclaw Optional per-OpenClaw Anthropic override.
OPENCLAW_OPENAI_API_KEY openclaw Optional per-OpenClaw OpenAI override. Leave empty to keep OpenClaw routed through LiteLLM instead of bypassing the stack gateway.
OPENCLAW_SCALE openclaw -
OPENCLAW_INIT_SCALE openclaw -
OPENCLAW_ENDPOINT openclaw Resolved per-source by the bootstrapper (container DNS / host.docker.internal / empty when disabled). Forward-looking hook: no compose fragment injects it into a container today — consumers (e.g. n8n workflows) would read it via their own env wiring when that lands.
OTEL_COLLECTOR_SOURCE otel-collector disabled -
OTEL_COLLECTOR_SCALE otel-collector -
OTEL_COLLECTOR_ENDPOINT otel-collector Preferred internal OTLP HTTP endpoint for Atlas services.
OTEL_COLLECTOR_OTLP_HTTP_ENDPOINT otel-collector Internal OTLP HTTP endpoint (http://otel-collector:4318) when enabled.
OTEL_COLLECTOR_OTLP_GRPC_ENDPOINT otel-collector Internal OTLP gRPC endpoint (http://otel-collector:4317) when enabled.
ATLAS_OTEL_ENABLED otel-collector Boolean string consumed by backend and LiteLLM tracing toggles.
STT_PROVIDER_SOURCE parakeet speaches-container-cpu -
STT_PROVIDER_PORT parakeet Wizard display slot. Real per-engine ports live on their own manifests (PARAKEET_, SPEACHES_, etc.).
STT_PROVIDER_SCALE parakeet Aggregate STT scale across all engines. Reserved for future use.
PARAKEET_MODEL parakeet nvidia/parakeet-tdt-0.6b-v3 -
PARAKEET_GPU_DEVICE parakeet cuda -
PARAKEET_GPU_COMPUTE_TYPE parakeet float16 -
PARAKEET_LOCALHOST_PORT parakeet 63042 Host port for the parakeet-localhost source variant. URL is derived at compose-render time as http://host.docker.internal:63042.
WHISPER_CPP_LOCALHOST_PORT parakeet 63042 Host port for the whisper-cpp-localhost source variant, same as parakeet because the two modes are mutually exclusive. URL is derived at compose-render time as http://host.docker.internal:63042.
HUGGING_FACE_HUB_TOKEN parakeet Shared by parakeet, speaches, chatterbox, docling for model downloads. Consumed by ${HUGGING_FACE_HUB_TOKEN} interpolation in those services' compose blocks; owned here as its historic home.
PARAKEET_GPU_SCALE parakeet -
STT_ENDPOINT parakeet Resolved per STT_PROVIDER_SOURCE. Consumed by n8n, backend, jupyterhub, open-webui, hermes-init (the latter as STT_INTERNAL_URL — owned by services/hermes/).
PROMETHEUS_SOURCE prometheus disabled -
PROMETHEUS_PORT prometheus Host port for Prometheus's HTTP UI + API (in-container 9090).
NODE_EXPORTER_PORT prometheus Host port for node-exporter (in-container 9100). Host-level metrics: CPU, memory, disk, network.
CADVISOR_PORT prometheus Host port for cAdvisor (in-container 8080). Per-container metrics: CPU, memory, IO.
PROMETHEUS_RETENTION_DAYS prometheus 7 TSDB retention in days. User-configurable at wizard time via the inline secondary numeric input. Default 7.
PROMETHEUS_ENDPOINT prometheus Resolved per PROMETHEUS_SOURCE — http://prometheus:9090 for container, empty for disabled. Consumed by Grafana's datasource provisioning.
PROMETHEUS_SCALE prometheus -
NODE_EXPORTER_SCALE prometheus -
CADVISOR_SCALE prometheus -
RAY_SOURCE ray disabled -
RAY_DASHBOARD_PORT ray Host port for the Ray dashboard + REST job-submission API (in-container 8265).
RAY_GCS_PORT ray Host port for the Ray GCS (in-container 6379). Distinct from the project's Redis cache container; Ray bundles its own GCS process.
RAY_CLIENT_PORT ray Host port for the Ray client server (in-container 10001). Used by host Python: ray.init('ray://localhost:<port>').
RAY_WORKER_COUNT ray 2 Number of ray-worker replicas. The wizard prompts for this with default 2. Valid values: 0 (head-only mode) and up. No hard upper bound — bounded by host resources.
RAY_HEAD_SCALE ray -
RAY_WORKER_SCALE ray Resolved by the bootstrapper from RAY_WORKER_COUNT when source is ray-container-{cpu,gpu}; 0 otherwise.
RAY_ADDRESS ray Resolved per source: ray://ray-head:10001 for container sources, empty for disabled. Injected into the backend + jupyterhub containers via their compose environment blocks.
RAY_DASHBOARD_URL ray Optional override for the Ray dashboard URL the backend's job client uses. Empty = derive from RAY_ADDRESS (http://ray-head:8265).
RAY_HEAD_MEMORY_LIMIT ray 4g Container memory limit for ray-head (deploy.resources.limits.memory). The head node manages the GCS, dashboard, and object directory; 4 g is conservative but safe on a 32 GB host (the shm_size=8gb allocation is for /dev/shm, separate from this OS memory cap).
RAY_HEAD_CPU_LIMIT ray 2.0 Container CPU limit for ray-head (deploy.resources.limits.cpus). GCS + dashboard coordination rarely needs more than 1 core; 2.0 leaves room for brief spikes.
RAY_WORKER_MEMORY_LIMIT ray 4g Container memory limit per ray-worker (deploy.resources.limits.memory). Workers run tasks and actors; 4 g per replica is a modest OOM fence on a 32 GB host with the default 2 workers. Raise for large in-memory datasets.
RAY_WORKER_CPU_LIMIT ray 2.0 Container CPU limit per ray-worker (deploy.resources.limits.cpus). 2.0 cores per worker. Raise if workers need more parallelism; lower if the host is saturated.
REDIS_SOURCE redis container Single-option source toggle. Redis only ever runs as a container.
Kept as an env entry (rather than a sources: block) so the wizard
does not render a one-option dropdown. The legacy source validator
still expects REDIS_SOURCE=container until Phase D.
REDIS_PORT redis Host port. Container port is always 6379.
REDIS_PASSWORD redis redis_password Used by every consumer (n8n queue, kong rate-limit cache,
open-webui websocket store, backend session/queue, local-deep-
researcher worker queue). The default is for fresh-install
convenience only; rotate before any deployment.
REDIS_URL redis redis://:${REDIS_PASSWORD}@redis:6379/0 Default connection string (database index 0; also n8n's queue and
Kong's rate-limit cache). Consumers that need a different DB index
build their own URL (open-webui + lightrag share /2, jupyterhub
uses /3). REDIS_PASSWORD is substituted at compose-interpolation
time.
REDIS_EXPORTER_PORT redis Host port for redis-exporter (in-container 9121). Sidecar gated by PROMETHEUS_SOURCE.
REDIS_EXPORTER_SCALE redis Set by _generate_prometheus_config() to 1 when PROMETHEUS_SOURCE=container, 0 otherwise.
REDPANDA_SOURCE redpanda disabled -
REDPANDA_KAFKA_PORT redpanda Host port for the Redpanda Kafka API external listener (in-container 19092).
REDPANDA_CONSOLE_PORT redpanda Host port for Redpanda Console (in-container 8080).
REDPANDA_DEMO_TOPICS redpanda atlas_stream_events Comma-separated Kafka topics created idempotently by redpanda-init.
REDPANDA_SCALE redpanda -
REDPANDA_INIT_SCALE redpanda -
REDPANDA_CONSOLE_SCALE redpanda -
REDPANDA_BROKERS redpanda In-network Kafka bootstrap servers for Atlas services.
SPARK_KAFKA_BOOTSTRAP_SERVERS redpanda Spark Structured Streaming Kafka bootstrap servers; blank when Redpanda is disabled.
SEARXNG_SOURCE searxng container -
SEARXNG_PORT searxng -
SEARXNG_SECRET searxng Auto-generated by bootstrapper.
SEARXNG_SCALE searxng -
SPARK_SOURCE spark disabled -
SPARK_MASTER_UI_PORT spark Host port for the Spark Master Web UI (in-container 8080).
SPARK_HISTORY_PORT spark Host port for the Spark History Server (in-container 18080).
SPARK_WORKER_COUNT spark 2 Number of spark-worker replicas alongside the master. 1-8.
SPARK_MASTER_SCALE spark -
SPARK_WORKER_SCALE spark Resolved by the bootstrapper from SPARK_WORKER_COUNT when source=container; 0 otherwise.
SPARK_HISTORY_SCALE spark -
SPARK_INIT_SCALE spark -
SPARK_CONNECT_SCALE spark Resolved by the bootstrapper from SPARK_SOURCE; spark-connect runs as a sidecar to spark-master.
SPARK_CONNECT_CORES_MAX spark 1 Maximum standalone-cluster cores the long-lived Spark Connect server may hold. Keep below total worker cores so Airflow SparkSubmit and Zeppelin standalone workloads can run alongside Connect; raise only when the worker pool has enough headroom.
SPARK_MASTER_MEMORY_LIMIT spark 2g Container memory limit for spark-master (deploy.resources.limits.memory). The standalone master process manages cluster state and requires minimal heap — 2 g is generous on a 32 GB host.
SPARK_MASTER_CPU_LIMIT spark 1.0 Container CPU limit for spark-master (deploy.resources.limits.cpus). Master is lightweight; 1.0 core is ample.
SPARK_WORKER_MEMORY_LIMIT spark 4g Container memory limit per spark-worker (deploy.resources.limits.memory). Workers run executor JVMs; 4 g per replica is a conservative cap on a 32 GB host with the default 2 workers (8 g total). Raise for memory-intensive jobs.
SPARK_WORKER_CPU_LIMIT spark 2.0 Container CPU limit per spark-worker (deploy.resources.limits.cpus). 2.0 cores per worker leaves headroom for other services on the host.
SPEACHES_GPU_IMAGE speaches ghcr.io/speaches-ai/speaches:0.9.0-rc.3-cuda CUDA build of the same image. When the speaches-gpu profile wins, the bootstrapper writes this value into SPEACHES_IMAGE (the compose interpolation target).
SPEACHES_TTS_MODEL speaches hexgrad/Kokoro-82M Model name Open WebUI sends in /v1/audio/speech requests.
SPEACHES_STT_MODEL speaches Systran/faster-distil-whisper-large-v3 -
SPEACHES_PORT speaches Host port for the Speaches container (in-container listen port is 8000).
SPEACHES_SCALE speaches Computed by bootstrapper/services/service_config.py::_generate_stt_provider_config (or _generate_tts_provider_config) — set to 1 when STT_PROVIDER_SOURCE OR TTS_PROVIDER_SOURCE picks a speaches-* variant.
SUPABASE_DB_SOURCE supabase container Single-option (container only). Kept for forward-compat with legacy source-validator.
SUPABASE_DB_PORT supabase -
SUPABASE_DB_USER supabase supabase_admin -
SUPABASE_DB_PASSWORD supabase password Supabase postgres admin password; auto-generated by the bootstrapper when left as the placeholder.
SUPABASE_DB_NAME supabase postgres -
SUPABASE_DB_APP_USER supabase app_user Reserved for a future least-privilege application-tier database user; not created by init scripts today.
SUPABASE_DB_APP_PASSWORD supabase app_password Reserved future app-user password; auto-generated by the bootstrapper when left as the placeholder.
SUPABASE_DB_INIT_SOURCE supabase container Auto-managed by supabase-db. Container/disabled.
POSTGRES_EXPORTER_PORT supabase Host port for postgres-exporter (in-container 9187). Sidecar gated by PROMETHEUS_SOURCE.
POSTGRES_EXPORTER_SCALE supabase Set by _generate_prometheus_config() to 1 when PROMETHEUS_SOURCE=container, 0 otherwise.
SUPABASE_META_SOURCE supabase container -
SUPABASE_META_PORT supabase -
SUPABASE_STORAGE_SOURCE supabase container -
SUPABASE_STORAGE_PORT supabase -
STORAGE_REGION supabase local -
STORAGE_FILE_SIZE_LIMIT supabase 52428800 -
STORAGE_BACKEND supabase file -
PROJECT_REF supabase default -
TENANT_ID supabase stub -
SUPABASE_AUTH_SOURCE supabase container -
SUPABASE_AUTH_PORT supabase -
SUPABASE_JWT_SECRET supabase Auto-generated by bootstrapper/generate_supabase_keys.py on first run.
SUPABASE_ANON_KEY supabase Auto-generated.
SUPABASE_SERVICE_KEY supabase Auto-generated.
SUPABASE_API_SOURCE supabase container -
SUPABASE_API_PORT supabase -
SUPABASE_REALTIME_SOURCE supabase container -
SUPABASE_REALTIME_PORT supabase -
SUPABASE_STUDIO_SOURCE supabase container -
SUPABASE_STUDIO_PORT supabase -
SUPAVISOR_SOURCE supavisor disabled Deployment mode: container (transaction pooler) or disabled/direct Postgres.
SUPAVISOR_SCALE supavisor 1 when SUPAVISOR_SOURCE=container, otherwise 0.
SUPAVISOR_TENANT_ID supavisor atlas Supavisor tenant suffix. Clients connect as ..
SUPAVISOR_DEFAULT_POOL_SIZE supavisor 20 Default upstream Postgres pool size for the Atlas tenant.
SUPAVISOR_MAX_CLIENT_CONN supavisor 100 Maximum client connections accepted by the Atlas tenant.
SUPAVISOR_DB_POOL_SIZE supavisor 5 Supavisor metadata database pool size.
SUPAVISOR_DATABASE_URL supavisor Generated Postgres URL consumed by backend/Celery; points at Supavisor when enabled and direct Supabase Postgres when disabled.
SUPAVISOR_DB_HOST supavisor Generated n8n Postgres host; supavisor when enabled, supabase-db when disabled.
SUPAVISOR_DB_PORT_VALUE supavisor Generated n8n Postgres port; 6543 when enabled, 5432 when disabled.
SUPAVISOR_DB_USER supavisor Generated n8n Postgres user; appends .${SUPAVISOR_TENANT_ID} when Supavisor is enabled.
SUPAVISOR_SECRET_KEY_BASE supavisor Supavisor Phoenix secret; auto-generated by the bootstrapper when blank.
SUPAVISOR_VAULT_ENC_KEY supavisor Supavisor vault encryption key; must be exactly 32 bytes and is auto-generated when blank.
SUPAVISOR_API_JWT_SECRET supavisor Supavisor tenant API JWT secret; auto-generated by the bootstrapper when blank.
SUPAVISOR_METRICS_JWT_SECRET supavisor Supavisor metrics JWT secret; auto-generated by the bootstrapper when blank.
TEI_RERANKER_SOURCE tei-reranker disabled -
TEI_RERANKER_PORT tei-reranker Host port for the TEI rerank API (in-container listen port is 80).
TEI_RERANKER_LOCALHOST_PORT tei-reranker 63049 Host port for the host-installed TEI rerank source variant.
TEI_RERANKER_MODEL_ID tei-reranker mixedbread-ai/mxbai-rerank-base-v1 -
TEI_RERANKER_REVISION tei-reranker main -
TEI_RERANKER_MAX_CLIENT_BATCH_SIZE tei-reranker 32 -
TEI_RERANKER_MEMORY_LIMIT tei-reranker 4g -
TEI_RERANKER_CPU_LIMIT tei-reranker 2.0 -
TEI_RERANKER_HF_CACHE_DIR tei-reranker /data -
TEI_RERANKER_SCALE tei-reranker -
TEI_RERANKER_ENDPOINT tei-reranker Resolved per TEI_RERANKER_SOURCE. Exposes TEI's rerank endpoint to compatible consumers.
TEI_RERANKER_IMAGE_RESOLVED tei-reranker Image picked per source variant (CPU vs GPU).
TEMPO_SOURCE tempo disabled -
TEMPO_SCALE tempo -
TEMPO_ENDPOINT tempo Internal Tempo query/API endpoint consumed by Grafana.
TIKA_SOURCE tika disabled -
TIKA_PORT tika -
TIKA_LOCALHOST_PORT tika 9998 Host port for the tika-localhost source variant.
TIKA_JAVA_TOOL_OPTIONS tika -Xmx768m JVM memory cap for the Tika server container.
TIKA_MAX_FILE_SIZE tika 52428800 Backend maximum bytes accepted for Docling/Tika extraction.
TIKA_TIMEOUT_SECONDS tika 30 Backend timeout for Tika fallback extraction calls.
TIKA_SCALE tika -
TIKA_ENDPOINT tika -
TRINO_SOURCE trino disabled -
TRINO_PORT trino Host port for the Trino coordinator UI/API (in-container 8080).
TRINO_SCALE trino -
TTS_PROVIDER_SOURCE tts-provider speaches-container-cpu -
TTS_PROVIDER_PORT tts-provider Wizard display slot. Real engine port lives on its own container manifest.
TTS_PROVIDER_SCALE tts-provider Aggregate scale across all TTS engines. Reserved for future use.
TTS_ENDPOINT tts-provider Resolved per TTS_PROVIDER_SOURCE. Consumed by n8n, backend, jupyterhub, open-webui, hermes-init (as TTS_INTERNAL_URL — owned by services/hermes/).
VERBA_SOURCE verba disabled -
VERBA_PORT verba Host port for the Verba UI/API (in-container 8000).
VERBA_ENDPOINT verba In-network URL for Atlas services and notebooks.
VERBA_SCALE verba -
VERBA_WEAVIATE_URL verba Resolved Weaviate URL passed to upstream WEAVIATE_URL_VERBA.
VERBA_OPENAI_MODEL verba Optional Verba OpenAI generator model name. Empty lets Verba list LiteLLM models.
VERBA_OPENAI_EMBED_MODEL verba Optional Verba OpenAI-compatible embedding model name. Empty keeps upstream default behavior.
VERBA_DEFAULT_DEPLOYMENT verba Docker Verba deployment selector. Atlas uses Docker to target the external Weaviate container.
WEAVIATE_SOURCE weaviate container -
WEAVIATE_PORT weaviate -
WEAVIATE_GRPC_PORT weaviate -
WEAVIATE_INIT_SOURCE weaviate container Auto-managed by weaviate. Container/disabled.
MULTI2VEC_CLIP_SOURCE weaviate container-cpu Options: container-cpu, container-gpu, disabled. (Effects driven by hook.)
WEAVIATE_ENABLE_MODULES weaviate text2vec-openai,text2vec-ollama,multi2vec-clip,generative-openai,generative-ollama -
CLIP_INFERENCE_API weaviate http://multi2vec-clip:8080 -
MULTI2VEC_CLIP_SIGLIP2_IMAGE weaviate semitechnologies/multi2vec-clip:google-siglip2-so400m-patch16-512-1.5.1 Opt-in SigLIP 2 image reference for MULTI2VEC_CLIP_IMAGE. Produces 1152-d vectors; revectorize or create new Weaviate collections before switching.
WEAVIATE_URL weaviate Resolved per WEAVIATE_SOURCE. Consumed by n8n, backend, jupyterhub.
WEAVIATE_LITELLM_API_KEY weaviate Mirror of LITELLM_MASTER_KEY for Weaviate's vectorizer auth.
WEAVIATE_SCALE weaviate -
WEAVIATE_INIT_SCALE weaviate -
CLIP_SCALE weaviate Computed from MULTI2VEC_CLIP_SOURCE.
CLIP_ENABLE_CUDA weaviate -
CLIP_DEPLOY_RESOURCES weaviate ~ -
WEAVIATE_LOCALHOST_PORT weaviate 8080 Host port for the weaviate-localhost source variant. URL is derived at compose-render time as http://host.docker.internal:8080.
WEAVIATE_MEMORY_LIMIT weaviate 2g Container memory limit for the weaviate container (deploy.resources.limits.memory). 2 g is conservative for a 32 GB host; the Go-based Weaviate data plane plus in-memory HNSW index fits comfortably for small-to-medium collections.
WEAVIATE_CPU_LIMIT weaviate 1.5 Container CPU limit for the weaviate container (deploy.resources.limits.cpus). 1.5 cores covers routine indexing and query serving on a shared host.
ZEPPELIN_SOURCE zeppelin disabled -
ZEPPELIN_PORT zeppelin Host port for the Zeppelin Web UI (in-container 8080).
ZEPPELIN_SCALE zeppelin -
ZEPPELIN_INIT_SCALE zeppelin -
ZEPPELIN_MEMORY_LIMIT zeppelin 2g Container memory limit for the zeppelin container (deploy.resources.limits.memory). Zeppelin's JVM-based interpreter host typically uses under 1 g for a single-user session; 2 g leaves comfortable headroom on a 32 GB host.
ZEPPELIN_CPU_LIMIT zeppelin 1.5 Container CPU limit for the zeppelin container (deploy.resources.limits.cpus). 1.5 cores covers notebook rendering and interpreter dispatch; compute-heavy work runs on the remote Spark cluster, not in this process.