Environment Variables

Complete reference for all TruSpace configuration options.

Quick Reference

Category	Variables
Core	NODE_ENV, LOG_LEVEL
Network	CORS_ORIGIN, FRONTEND_PORT, BACKEND_PORT
IPFS	IPFS_*, CLUSTER_*
AI	OLLAMA_*, DISABLE_ALL_AI_FUNCTIONALITY
Security	JWT_SECRET, CLUSTER_SECRET
Email	SMTP_*, EMAIL_SENDER, REGISTER_USERS_AS_INACTIVE

---

Core Settings

NODE_ENV

Application environment mode.

Value	Description
development	Development mode with verbose logging
production	Production mode with optimized settings

NODE_ENV=production

LOG_LEVEL

Logging verbosity level.

Value	Description
debug	All messages including debug
info	Informational messages and above
warn	Warnings and errors only
error	Errors only

LOG_LEVEL=info

---

Network Settings

CORS_ORIGIN

Allowed origins for CORS requests. Set to your domain.

# Local development
CORS_ORIGIN=http://localhost:3000

# Production
CORS_ORIGIN=https://yourdomain.com

FRONTEND_PORT

Port for the frontend service.

FRONTEND_PORT=3000

BACKEND_PORT

Port for the backend API service.

BACKEND_PORT=8000

OI_CORS_ALLOW_ORIGIN

CORS origin for Open Web UI.

OI_CORS_ALLOW_ORIGIN=http://localhost:3000

---

IPFS Settings

IPFS_PROFILE

IPFS configuration profile.

Value	Description
server	Optimized for servers (default)
lowpower	Reduced resource usage for Pi/embedded

IPFS_PROFILE=server

IPFS_BOOTSTRAP_REMOVE

Remove default IPFS bootstrap nodes (for private networks).

IPFS_BOOTSTRAP_REMOVE=true

IPFS_PATH

Custom IPFS data directory.

IPFS_PATH=/custom/ipfs/path

---

IPFS Cluster Settings

CLUSTER_SECRET

Shared secret for cluster authentication. Must be the same on all connected nodes.

Security

Generate a unique secret for production: bash openssl rand -hex 32

CLUSTER_SECRET=your-32-byte-hex-secret-here

CLUSTER_PEERNAME

Human-readable name for this cluster peer.

CLUSTER_PEERNAME=node-1

CLUSTER_REPLICATION_MIN

Minimum number of nodes that should pin each item.

CLUSTER_REPLICATION_MIN=2

CLUSTER_REPLICATION_MAX

Maximum number of nodes that should pin each item.

CLUSTER_REPLICATION_MAX=3

---

AI Settings

DISABLE_ALL_AI_FUNCTIONALITY

Completely disable AI features.

# Enable AI (default)
DISABLE_ALL_AI_FUNCTIONALITY=false

# Disable AI
DISABLE_ALL_AI_FUNCTIONALITY=true

OLLAMA_MODEL

Default LLM model for AI analysis.

Model	Size	Quality	Speed
tinyllama	637 MB	Basic	Fast
phi3	2.2 GB	Good	Medium
llama3.2:3b	2.0 GB	Good	Medium
llama3.2:7b	4.7 GB	Better	Slower
mistral	4.1 GB	Better	Slower

OLLAMA_MODEL=llama3.2:3b

OLLAMA_HOST

Ollama API host (if running separately).

OLLAMA_HOST=http://localhost:11434

OLLAMA_GPU

Enable GPU acceleration.

# Auto-detect (default)
OLLAMA_GPU=auto

# Force CPU
OLLAMA_GPU=cpu

---

Security Settings

JWT_SECRET

Secret key for JWT token signing.

Security

Generate a unique secret for production: bash openssl rand -hex 64

JWT_SECRET=your-very-long-secret-key-here

JWT_EXPIRY

JWT token expiration time.

JWT_EXPIRY=24h

BCRYPT_ROUNDS

Number of bcrypt hashing rounds.

BCRYPT_ROUNDS=12

---

Email Settings

TruSpace uses SMTP to send transactional emails such as password resets and, optionally, registration confirmation emails.

Note

Email settings are optional. If not configured, password reset and user activation emails will not be sent.

SMTP_HOST

Address of the SMTP server.

SMTP_HOST=smtp.example.com

SMTP_PORT

Port used to connect to the SMTP server.

Port	Typical use
465	SMTP over SSL (SMTP_SSL=true)
587	SMTP with STARTTLS (SMTP_TLS=true, SMTP_SSL=false)
25	Unencrypted (not recommended)

SMTP_PORT=587

SMTP_USER

Username for authenticating with the SMTP server.

SMTP_USER=noreply@example.com

SMTP_PASSWORD

Password for authenticating with the SMTP server.

Security

Never commit this value to version control. Use a dedicated app password or service account credential.

SMTP_PASSWORD=your-smtp-password

SMTP_SSL

Enable SSL/TLS from the start of the connection (typically used on port 465).

# Enable SSL (port 465)
SMTP_SSL=true

# Disable SSL — use with SMTP_TLS=true on port 587
SMTP_SSL=false

SMTP_TLS

Upgrade an initially unencrypted connection to TLS using STARTTLS (typically on port 587). Set SMTP_SSL=false when using this option.

SMTP_TLS=true

EMAIL_SENDER

The email address that appears as the sender in outgoing notification and system emails.

EMAIL_SENDER=noreply@example.com

REGISTER_USERS_AS_INACTIVE

When set to true, newly registered users are created as inactive and must confirm their email address before they can log in. Requires SMTP to be configured.

# Require email confirmation on registration
REGISTER_USERS_AS_INACTIVE=true

# Allow immediate login after registration (default)
REGISTER_USERS_AS_INACTIVE=false

---

Build Settings

BUILD_OR_PULL_IMAGES

Whether to build images locally or pull from registry.

Value	Description
pull	Pull pre-built images (default, faster)
build	Build images locally

BUILD_OR_PULL_IMAGES=pull

---

Example Configurations

Local Development

.env

NODE_ENV=development
LOG_LEVEL=debug
CORS_ORIGIN=http://localhost:3000
FRONTEND_PORT=3000
BACKEND_PORT=8000
OLLAMA_MODEL=tinyllama

Production

.env

NODE_ENV=production
LOG_LEVEL=info
CORS_ORIGIN=https://truspace.example.com
FRONTEND_PORT=3000
BACKEND_PORT=8000
JWT_SECRET=<generated-secret>
CLUSTER_SECRET=<generated-secret>
OLLAMA_MODEL=llama3.2:7b
BUILD_OR_PULL_IMAGES=pull
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USER=noreply@example.com
SMTP_PASSWORD=<smtp-password>
SMTP_SSL=false
SMTP_TLS=true
EMAIL_SENDER=noreply@example.com
REGISTER_USERS_AS_INACTIVE=true

Raspberry Pi

.env

NODE_ENV=production
LOG_LEVEL=info
IPFS_PROFILE=lowpower
DISABLE_ALL_AI_FUNCTIONALITY=true
CORS_ORIGIN=http://raspberrypi.local:3000

---

Applying Changes

After modifying .env:

# Restart services
docker compose down
docker compose up -d

# Or use start.sh
./start.sh