-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathkhoj-aio.xml
More file actions
164 lines (149 loc) · 22.3 KB
/
khoj-aio.xml
File metadata and controls
164 lines (149 loc) · 22.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
<?xml version="1.0"?>
<Container version="2">
<Name>khoj-aio</Name>
<Repository>jsonbored/khoj-aio:latest</Repository>
<Registry>https://hub.docker.com/r/jsonbored/khoj-aio</Registry>
<Network>bridge</Network>
<MyIP/>
<Shell>sh</Shell>
<Privileged>false</Privileged>
<Support>https://github.com/JSONbored/khoj-aio/issues</Support>
<Project>https://github.com/JSONbored/khoj-aio</Project>
<Overview>Khoj is a self-hosted AI second brain for chatting with your docs, the web, and local or hosted LLMs.

[b]All-In-One Unraid Edition[/b]
`khoj-aio` packages the Khoj server with an internally managed PostgreSQL database so beginners can get a clean first boot on Unraid without wiring a separate database container.

[b]Quick Install (Beginners)[/b]
1. Install the template and leave the default appdata paths in place.
2. Optionally set [code]KHOJ_ADMIN_EMAIL[/code], [code]KHOJ_ADMIN_PASSWORD[/code], and [code]KHOJ_DJANGO_SECRET_KEY[/code].
3. Leave [code]KHOJ_ANONYMOUS_MODE=true[/code] for the simplest private LAN-first install, then click Apply.
4. Wait for first boot to finish, open [code]http://SERVER_IP:42110[/code], and restart the container once after the initial setup so all settings are applied cleanly.
5. If you left the password or secret blank, the container generates secure values and saves them in your mapped config folder at [code]/root/.khoj/aio/generated.env[/code].

[b]Power Users (Advanced View)[/b]
- Advanced View exposes the practical upstream self-hosted environment surface plus AIO-specific controls.
- You can keep the bundled internal PostgreSQL default, or point Khoj at external PostgreSQL, search providers, code sandboxes, identity providers, upload storage, Twilio/Notion integrations, and OpenAI-compatible local or hosted LLM endpoints.
- Leave defaults in place for the easiest install. Only set the overrides you actually need.

[b]Important Notes[/b]
- This image intentionally keeps PostgreSQL bundled because that is the critical first-boot dependency for Khoj on Unraid. Search, sandbox, and provider integrations remain optional advanced add-ons.
- If you expose Khoj outside your LAN, set strong admin credentials, configure [code]KHOJ_DOMAIN[/code] and [code]KHOJ_ALLOWED_DOMAIN[/code] correctly, and strongly consider disabling anonymous mode.
- Upstream currently documents Google OAuth mainly against the prod [code]khoj-cloud[/code] image, so the Google auth variables below should be treated as expert-only and tested carefully in this standard self-host image flow.</Overview>
<Changes>### 2026-04-25
- Generated from CHANGELOG.md during release preparation. Do not edit manually.
- Consolidate validation into pytest suite by @JSONbored
- Optimize pytest gating and Trunk uploads by @JSONbored
- Preserve changelog history and publish release commits by @JSONbored
- Capture integration diagnostics on pytest failure by @JSONbored
- Remove automation flag and align publish flow by @JSONbored
- Centralize trunk config and gate release tags by @JSONbored
- Accept squash release titles by @JSONbored
- Pin package tags to release targets by @JSONbored
- Fetch history for release tag lookup by @JSONbored
- Consolidate pytest workflow steps by @JSONbored
- Update pytest and trunk analytics uploader by @JSONbored
- Fix khoj-aio category metadata by @JSONbored
- Preserve history and harden full flow by @JSONbored
- Align image tags with release versions by @JSONbored
- Make derived repo validator portable by @JSONbored
- Use workflow file selector for CI checks by @JSONbored
- Classify local action changes by @JSONbored
- Fail fast on init errors by @JSONbored
- Merge branch 'main' into codex/fix-unraid-ca-categories by @JSONbored
- Update CI to run pytest and simplify release prep by @JSONbored
- Merge branch 'main' into codex/release-target-immutability by @JSONbored
- Use docker volumes for runtime persistence by @JSONbored
- Cover action and container contracts by @JSONbored</Changes>
<Category>AI: Productivity: Tools:Utilities</Category>
<WebUI>http://[IP]:[PORT:42110]</WebUI>
<TemplateURL>https://raw.githubusercontent.com/JSONbored/awesome-unraid/main/khoj-aio.xml</TemplateURL>
<Icon>https://raw.githubusercontent.com/JSONbored/awesome-unraid/main/icons/khoj.png</Icon>
<ExtraSearchTerms>ai second-brain notes documents rag knowledge-base search ollama anthropic gemini openai</ExtraSearchTerms>
<Requires>For public internet exposure, do not leave anonymous mode enabled unless you intentionally accept that risk. Set strong admin credentials and configure [code]KHOJ_DOMAIN[/code] / [code]KHOJ_ALLOWED_DOMAIN[/code] before remote access.</Requires>
<ExtraParams/>
<PostArgs/>
<CPUset/>
<DateInstalled/>
<DonateText>Support JSONbored on GitHub Sponsors.</DonateText>
<DonateLink>https://github.com/sponsors/JSONbored</DonateLink>
<Description/>
<Networking>
<Mode>bridge</Mode>
<Publish>
<Port>
<HostPort>42110</HostPort>
<ContainerPort>42110</ContainerPort>
<Protocol>tcp</Protocol>
</Port>
</Publish>
</Networking>
<Config Name="Web UI Port" Target="42110" Default="42110" Mode="tcp" Description="The main Khoj web interface port." Type="Port" Display="always" Required="true" Mask="false">42110</Config>
<Config Name="AppData - Khoj Config" Target="/root/.khoj" Default="/mnt/user/appdata/khoj-aio/config" Mode="rw" Description="Stores generated credentials, uploads, and Khoj configuration state." Type="Path" Display="always" Required="true" Mask="false">/mnt/user/appdata/khoj-aio/config</Config>
<Config Name="AppData - PostgreSQL Data" Target="/var/lib/postgresql/data" Default="/mnt/user/appdata/khoj-aio/postgres" Mode="rw" Description="Internal PostgreSQL database storage for the AIO deployment." Type="Path" Display="always" Required="true" Mask="false">/mnt/user/appdata/khoj-aio/postgres</Config>
<Config Name="Admin Email" Target="KHOJ_ADMIN_EMAIL" Default="admin@khoj.local" Mode="" Description="Admin login email for the Khoj admin panel. You can change it later." Type="Variable" Display="always" Required="false" Mask="false">admin@khoj.local</Config>
<Config Name="Admin Password" Target="KHOJ_ADMIN_PASSWORD" Default="" Mode="" Description="Optional. Leave blank to auto-generate a secure admin password on first boot and save it in the mapped config folder." Type="Variable" Display="always" Required="false" Mask="true"/>
<Config Name="Django Secret Key" Target="KHOJ_DJANGO_SECRET_KEY" Default="" Mode="" Description="Optional but recommended. Leave blank to auto-generate a secure secret key on first boot and save it in the mapped config folder." Type="Variable" Display="always" Required="false" Mask="true"/>
<Config Name="Anonymous Mode" Target="KHOJ_ANONYMOUS_MODE" Default="true|false" Mode="" Description="Leave true for the simplest single-user LAN-first install. Set false if you want user sign-in and multi-user auth flows." Type="Variable" Display="always" Required="true" Mask="false">true</Config>
<Config Name="AppData - Hugging Face Cache" Target="/root/.cache/huggingface" Default="/mnt/user/appdata/khoj-aio/models/huggingface" Mode="rw" Description="Persistent cache for Hugging Face downloads and model assets." Type="Path" Display="advanced" Required="true" Mask="false">/mnt/user/appdata/khoj-aio/models/huggingface</Config>
<Config Name="AppData - SentenceTransformers Cache" Target="/root/.cache/torch/sentence_transformers" Default="/mnt/user/appdata/khoj-aio/models/sentence-transformers" Mode="rw" Description="Persistent cache for SentenceTransformers embeddings and related model files." Type="Path" Display="advanced" Required="true" Mask="false">/mnt/user/appdata/khoj-aio/models/sentence-transformers</Config>
<Config Name="[Code] Docker Socket" Target="/var/run/docker.sock" Default="" Mode="rw" Description="Optional Docker socket mount for advanced operator/computer workflows. Do not enable this unless you understand the security tradeoff." Type="Path" Display="advanced" Required="false" Mask="false"/>
<Config Name="Use Internal PostgreSQL" Target="KHOJ_USE_INTERNAL_POSTGRES" Default="true|false" Mode="" Description="Default single-container mode. Set false only if you are intentionally using an external PostgreSQL database." Type="Variable" Display="advanced" Required="true" Mask="false">true</Config>
<Config Name="Bind Host" Target="KHOJ_HOST" Default="0.0.0.0" Mode="" Description="Container bind address. Leave at 0.0.0.0 for standard Unraid bridge networking." Type="Variable" Display="advanced" Required="false" Mask="false">0.0.0.0</Config>
<Config Name="Non-Interactive Startup" Target="KHOJ_NON_INTERACTIVE" Default="true|false" Mode="" Description="Recommended for unattended container startup." Type="Variable" Display="advanced" Required="false" Mask="false">true</Config>
<Config Name="Extra CLI Args" Target="KHOJ_EXTRA_ARGS" Default="" Mode="" Description="Optional extra arguments appended to the Khoj startup command." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="Debug Mode" Target="KHOJ_DEBUG" Default="false|true" Mode="" Description="Set true only when troubleshooting with more verbose upstream debug behavior." Type="Variable" Display="advanced" Required="false" Mask="false">false</Config>
<Config Name="[Runtime] Gunicorn Workers" Target="GUNICORN_WORKERS" Default="" Mode="" Description="Optional worker-process override. Leave blank for the upstream default." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Runtime] Gunicorn Timeout" Target="GUNICORN_TIMEOUT" Default="" Mode="" Description="Optional request timeout in seconds. Leave blank for the upstream default." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Runtime] Gunicorn Graceful Timeout" Target="GUNICORN_GRACEFUL_TIMEOUT" Default="" Mode="" Description="Optional graceful shutdown timeout in seconds. Leave blank for the upstream default." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Runtime] Gunicorn Keep Alive" Target="GUNICORN_KEEP_ALIVE" Default="" Mode="" Description="Optional keep-alive timeout in seconds. Leave blank for the upstream default." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Runtime] LLM Seed" Target="KHOJ_LLM_SEED" Default="" Mode="" Description="Optional deterministic seed for supported model providers. Useful for repeatable debugging and testing." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Runtime] Research Iterations" Target="KHOJ_RESEARCH_ITERATIONS" Default="" Mode="" Description="Optional cap for research-mode iterations. Leave blank for the upstream default." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[External DB] PostgreSQL Host" Target="POSTGRES_HOST" Default="" Mode="" Description="Optional external PostgreSQL host. When set, the bundled PostgreSQL stays idle." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[External DB] PostgreSQL Port" Target="POSTGRES_PORT" Default="5432" Mode="" Description="External PostgreSQL port." Type="Variable" Display="advanced" Required="false" Mask="false">5432</Config>
<Config Name="[External DB] PostgreSQL Database" Target="POSTGRES_DB" Default="postgres" Mode="" Description="External PostgreSQL database name." Type="Variable" Display="advanced" Required="false" Mask="false">postgres</Config>
<Config Name="[External DB] PostgreSQL User" Target="POSTGRES_USER" Default="postgres" Mode="" Description="External PostgreSQL username." Type="Variable" Display="advanced" Required="false" Mask="false">postgres</Config>
<Config Name="[External DB] PostgreSQL Password" Target="POSTGRES_PASSWORD" Default="" Mode="" Description="External PostgreSQL password." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[AI] OpenAI API Key" Target="OPENAI_API_KEY" Default="" Mode="" Description="API key for OpenAI itself or other OpenAI-compatible gateways that require auth." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[AI] Anthropic API Key" Target="ANTHROPIC_API_KEY" Default="" Mode="" Description="Anthropic API key for Claude models. Also required for Khoj operator/computer workflows." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[AI] Gemini API Key" Target="GEMINI_API_KEY" Default="" Mode="" Description="Google Gemini API key for Gemini chat or image workflows." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[AI] OpenAI-Compatible Base URL" Target="OPENAI_BASE_URL" Default="" Mode="" Description="Use this for Ollama, vLLM, LM Studio, LiteLLM, LocalAI, or any OpenAI-compatible endpoint. Example: http://host.docker.internal:11434/v1/." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[AI] Default Chat Model" Target="KHOJ_DEFAULT_CHAT_MODEL" Default="" Mode="" Description="Optional default chat model name for your configured OpenAI-compatible endpoint." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Search] External SearxNG URL" Target="KHOJ_SEARXNG_URL" Default="" Mode="" Description="Optional SearxNG endpoint for online search. Example: http://192.168.1.20:8080." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Search] Serper API Key" Target="SERPER_DEV_API_KEY" Default="" Mode="" Description="Optional paid web-search API key from Serper." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Search] Google Search API Key" Target="GOOGLE_SEARCH_API_KEY" Default="" Mode="" Description="Optional Google Custom Search JSON API key for expert search routing." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Search] Google Search Engine ID" Target="GOOGLE_SEARCH_ENGINE_ID" Default="" Mode="" Description="Optional Google Programmable Search Engine ID paired with GOOGLE_SEARCH_API_KEY." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Search] OloStep API Key" Target="OLOSTEP_API_KEY" Default="" Mode="" Description="Optional webpage-read API key from OloStep." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Search] OloStep API URL" Target="OLOSTEP_API_URL" Default="" Mode="" Description="Optional OloStep API base URL override. Leave blank for the upstream default." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Search] Firecrawl API Key" Target="FIRECRAWL_API_KEY" Default="" Mode="" Description="Optional Firecrawl API key for search and webpage reading." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Search] Firecrawl API URL" Target="FIRECRAWL_API_URL" Default="" Mode="" Description="Optional Firecrawl API base URL override. Leave blank for the upstream default." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Search] Exa API Key" Target="EXA_API_KEY" Default="" Mode="" Description="Optional Exa API key for search and webpage reading." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Search] Exa API URL" Target="EXA_API_URL" Default="" Mode="" Description="Optional Exa API base URL override. Leave blank for the upstream default." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Search] Auto Read Search Result Pages" Target="KHOJ_AUTO_READ_WEBPAGE" Default="false|true" Mode="" Description="Set true to have Khoj automatically read a small number of search result pages while researching online." Type="Variable" Display="advanced" Required="false" Mask="false">false</Config>
<Config Name="[Code] Terrarium URL" Target="KHOJ_TERRARIUM_URL" Default="" Mode="" Description="Optional external Terrarium sandbox URL for code execution. Example: http://192.168.1.30:8080." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Code] E2B API Key" Target="E2B_API_KEY" Default="" Mode="" Description="Optional E2B API key if you want remote code sandboxing instead of Terrarium." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Code] E2B Template" Target="E2B_TEMPLATE" Default="" Mode="" Description="Optional E2B template override. Leave blank for Khoj's upstream default template." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Operator] Enable Computer Tool" Target="KHOJ_OPERATOR_ENABLED" Default="false|true" Mode="" Description="Set true only if you intentionally enable Khoj's operator/computer features and understand the extra security and resource cost." Type="Variable" Display="advanced" Required="false" Mask="false">false</Config>
<Config Name="[Operator] Max Iterations" Target="KHOJ_OPERATOR_ITERATIONS" Default="" Mode="" Description="Optional max-iteration cap for operator runs. Leave blank for the upstream default." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Operator] External Browser CDP URL" Target="KHOJ_CDP_URL" Default="" Mode="" Description="Optional Chrome DevTools Protocol URL for expert external-browser operator setups." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Access] Public Domain or IP" Target="KHOJ_DOMAIN" Default="" Mode="" Description="Required for remote access through a custom hostname or IP. Do not include http:// or https://." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Access] Allowed Internal Domain" Target="KHOJ_ALLOWED_DOMAIN" Default="" Mode="" Description="Optional internal hostname/IP for reverse proxy or load balancer setups. If blank, Khoj defaults to KHOJ_DOMAIN." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Access] Disable HTTPS Enforcement" Target="KHOJ_NO_HTTPS" Default="true|false" Mode="" Description="Set true when intentionally serving over plain HTTP on a trusted LAN or behind a reverse proxy that terminates TLS." Type="Variable" Display="advanced" Required="false" Mask="false">true</Config>
<Config Name="[Auth] Resend API Key" Target="RESEND_API_KEY" Default="" Mode="" Description="Optional. Enables emailed magic-link login for multi-user access." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Auth] Resend Sender Email" Target="RESEND_EMAIL" Default="" Mode="" Description="Optional sender address used for magic-link authentication emails." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Auth] Resend Audience ID" Target="RESEND_AUDIENCE_ID" Default="" Mode="" Description="Optional Resend audience ID if you want Khoj to add users to a Resend audience after welcome email flows." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Auth] Google Client ID" Target="GOOGLE_CLIENT_ID" Default="" Mode="" Description="Expert-only Google OAuth client ID. Upstream currently documents Google auth mainly against the prod khoj-cloud image." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Auth] Google Client Secret" Target="GOOGLE_CLIENT_SECRET" Default="" Mode="" Description="Expert-only Google OAuth client secret paired with GOOGLE_CLIENT_ID." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Voice] ElevenLabs API Key" Target="ELEVEN_LABS_API_KEY" Default="" Mode="" Description="Optional. Enables text-to-speech voice responses using ElevenLabs." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Integrations] Notion OAuth Client ID" Target="NOTION_OAUTH_CLIENT_ID" Default="" Mode="" Description="Optional Notion OAuth client ID for advanced self-hosted Notion integration flows." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Integrations] Notion OAuth Client Secret" Target="NOTION_OAUTH_CLIENT_SECRET" Default="" Mode="" Description="Optional Notion OAuth client secret." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Integrations] Notion Redirect URI" Target="NOTION_REDIRECT_URI" Default="" Mode="" Description="Optional Notion OAuth redirect URI registered with your integration." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Storage] AWS Access Key" Target="AWS_ACCESS_KEY" Default="" Mode="" Description="Optional object-storage access key for advanced image upload offload paths." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Storage] AWS Secret Key" Target="AWS_SECRET_KEY" Default="" Mode="" Description="Optional object-storage secret key paired with AWS_ACCESS_KEY." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Storage] Khoj Images Bucket" Target="AWS_IMAGE_UPLOAD_BUCKET" Default="" Mode="" Description="Optional bucket name for Khoj-generated image uploads." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Storage] User Upload Bucket" Target="AWS_USER_UPLOADED_IMAGES_BUCKET_NAME" Default="" Mode="" Description="Optional bucket name for user-uploaded images." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Twilio] Account SID" Target="TWILIO_ACCOUNT_SID" Default="" Mode="" Description="Optional Twilio Account SID for Twilio-backed verification or messaging flows." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Twilio] Auth Token" Target="TWILIO_AUTH_TOKEN" Default="" Mode="" Description="Optional Twilio auth token paired with TWILIO_ACCOUNT_SID." Type="Variable" Display="advanced" Required="false" Mask="true"/>
<Config Name="[Twilio] Verification Service SID" Target="TWILIO_VERIFICATION_SID" Default="" Mode="" Description="Optional Twilio Verify service SID." Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="[Privacy] Disable Telemetry" Target="KHOJ_TELEMETRY_DISABLE" Default="false|true" Mode="" Description="Set true to opt out of Khoj's anonymous self-hosted telemetry." Type="Variable" Display="advanced" Required="false" Mask="false">false</Config>
</Container>