Configuration Reference
All configuration options for Gumm, organized by category.
Environment variables (.env)
Set these in the .env file at the root of the project before starting the container.
| Variable | Required | Description | Default |
|---|
GUMM_ADMIN_PASSWORD | ✅ | Password for the dashboard login | — |
NUXT_SESSION_PASSWORD | ✅ | Secret used to sign/encrypt session cookies. Min 32 characters. | — |
TZ | — | Server timezone | Europe/Paris |
GITHUB_TOKEN | — | GitHub Personal Access Token for installing private modules | — |
GUMM_PORT | — | Port to expose on the host | 3000 |
VPN_BIND_IP | — | IP to bind the Gumm port to (set to VPN IP to restrict access) | 0.0.0.0 |
REDIS_PORT | — | Redis port on the host (bound to localhost only) | 6379 |
CADDY_DOMAIN | — | Domain for Caddy reverse proxy (enables HTTPS) | localhost |
CADDY_HTTP_PORT | — | HTTP port for Caddy | 80 |
CADDY_HTTPS_PORT | — | HTTPS port for Caddy | 443 |
Generate NUXT_SESSION_PASSWORD
openssl rand -hex 32
Brain configuration keys
These are runtime settings stored in the SQLite database and managed through the Brain dashboard or CLI. Unlike env vars, they can be changed at any time without restarting the container.
Identity
| Key | Description | Example |
|---|
identity.name | Assistant’s name | Gumm |
identity.personality | Behavior description | A concise, technical assistant |
identity.rules | Hard behavioral constraints | Always answer in English |
identity.goals | High-level objectives | Help manage my projects |
Brain settings
| Key | Description | Default |
|---|
brain.language | Response language | en |
brain.timezone | Timezone for time-aware responses | Europe/Paris |
brain.autoMemory | Automatically extract facts from conversations | true |
LLM settings
| Key | Description | Example |
|---|
llm.model | LLM model identifier (OpenRouter slug) | anthropic/claude-3.5-sonnet |
openrouter.apiKey | OpenRouter API key | sk-or-... |
Admin
| Key | Description |
|---|
admin.passwordHash | bcrypt hash of the admin password (managed automatically) |
setup.completed | Whether the setup wizard has been completed |
Telegram
| Key | Description |
|---|
telegram.botToken | Telegram bot token |
telegram.webhookUrl | Public webhook URL (blank = polling mode) |
telegram.allowedChatIds | Comma-separated list of allowed Telegram chat IDs |
telegram.enabled | Whether Telegram integration is active |
Updating configuration
Via the dashboard
Most settings are editable directly in the Brain page (/brain) or Settings page (/settings).
Via the CLI
gumm brain config-set <key> <value>
# Examples
gumm brain config-set brain.language fr
gumm brain config-set llm.model mistral/mistral-medium
gumm brain config-set brain.autoMemory false
Via the REST API
curl -X PUT http://localhost:3000/api/brain/config \
-H 'Content-Type: application/json' \
-H 'Cookie: <session-cookie>' \
-d '{
"entries": [
{ "key": "identity.name", "value": "Atlas" },
{ "key": "brain.language", "value": "en" }
]
}'
Volumes and data directories
| Path (inside container) | Description |
|---|
/app/.data | SQLite database, knowledge files, attachments |
/app/modules/user | User-installed modules (hot-swapped) |
/app/brain | Brain personality/rules/goals markdown files |
/var/lib/tailscale | Tailscale state (persisted across restarts) |
/var/lib/netbird | NetBird state (persisted across restarts) |
All of these are declared as volumes in docker-compose.yml. Never delete the gumm-data volume unless you intend to wipe all data.
TLS / HTTPS
Gumm does not handle TLS itself. Recommended options:
| Method | When to use |
|---|
Caddy (profile proxy) | Public domain or Tailscale .ts.net hostname |
| Tailscale HTTPS | Private mesh — Tailscale issues a certificate for your node |
| Cloudflare Tunnel | Expose via Cloudflare without opening firewall ports |
| Host reverse proxy | If you manage your own Nginx/Apache on the host |