Install
The setup process is identical whether you’re on a laptop or a server:- Follow the installation guide to run
pnpm run setup, which generates your secrets, starts Postgres and the app in Docker, and runs migrations. - Add the channels and capabilities you need — email, semantic search, web research, Signal — from the same guide’s full setup section.
Installation guide
The complete quick start and full setup steps.
Production considerations
The Docker image runs as a non-root
curia user as part of its security hardening. See the security overview for the full container security model.- The stack restarts automatically. Both the
postgresandcuriaservices userestart: unless-stopped, so the instance comes back after a server reboot or a crash without manual intervention. - Secrets live in the encrypted vault. Application credentials are stored in the vault, not in
.env. Only four bootstrap values stay in.env:DB_USER,DB_PASSWORD,DATABASE_URL, andSECRET_ENCRYPTION_KEY. Treat.envas sensitive — back it up securely and keep it out of version control. - Back up
SECRET_ENCRYPTION_KEYseparately and keep it safe. It is the master key that decrypts the vault. If you lose it, every stored secret becomes unrecoverable and you have to re-seed the vault from scratch. Store a copy somewhere independent of the server (a password manager or secrets store). - Applying configuration changes. After seeding a vault secret (
VAR=value pnpm run seed-vault) or editing.envon the server, recreate the container to pick up the change:docker compose up -d --force-recreate curia.
Next steps
Initial configuration
Environment variables, multi-account email, and configuration layers.
Configuration reference
Every configurable setting: rate limits, security rules, knowledge graph decay, and more.