AGmind deploys a full private AI platform in ~25 minutes — Dify and RAGFlow workflows, agentic stacks (Open Notebook, DB-GPT, plugin daemon), local vLLM / Ollama inference, Weaviate or Qdrant vectors, Grafana observability, TLS, firewall, backups — all on your hardware. Built for NVIDIA DGX Spark. Zero vendor lock-in, zero cloud subscriptions.
Not a proof of concept. A real stack with agentic orchestration, vector search, TLS, monitoring, backups, 2FA, rate-limiting, and Day-2 operations built-in from phase 1.
Dify orchestrator with plugin daemon for tool-using agents + RAGFlow knowledge bases + Open Notebook and DB-GPT for autonomous research and SQL agents + vLLM / Ollama inference + Weaviate or Qdrant + Docling OCR + Crawl4AI + SearXNG + MinIO. Open WebUI is an optional chat front-end. All wired as one Docker Compose project.
Tuned for the 128 GB unified memory pool — AGmind allocates ~85 GiB to containers and calibrates vLLM context, KV cache, and TEI embeddings against the 121 GiB usable. VLLM_ATTENTION_BACKEND=TRITON_ATTN is set automatically (FP8 FlashInfer is broken on GB10).
30+ Linux capabilities dropped. UFW + fail2ban + Authelia 2FA. Secrets from /dev/urandom, chmod 600, auto-rotated. Nginx rate limiting. SSRF proxy for code sandbox.
Prometheus + Grafana (5 pre-built dashboards) + Loki + Alertmanager. Telegram/webhook alerts. Node Exporter + cAdvisor. Portainer for visual ops.
LAN — internal only, SSH-tunnel admin surfaces. VPS — public domain, automatic Let's Encrypt, Authelia 2FA, LiteLLM gateway on.
Scheduled backups of PostgreSQL, Redis, volumes. agmind restore replays in minutes. DR-drill script validates the full recovery path on a schedule.
x86_64 dropped 2026-04-25. AGmind targets NVIDIA DGX Spark (GB10 / Blackwell) and equivalent aarch64 hosts running DGX OS 7.5.0 (Ubuntu 24.04 arm64) with driver 580.x — do not upgrade past it. Optional dual-Spark master/worker over 200G QSFP.
Clone. Run. Answer ~15 questions. The wizard generates configs, pulls images by digest, starts the stack, issues TLS, and prints your credentials. No manual YAML. No dangling state.
.env, nginx, Redis, secrets — all chmod 600# Clone and run — the wizard does the rest $ git clone https://github.com/botAGI/AGmind.git $ cd AGmind $ sudo bash install.sh
$ sudo DEPLOY_PROFILE=lan \ LLM_PROVIDER=vllm \ LLM_MODEL=google/gemma-4-26B-A4B-it \ EMBED_PROVIDER=vllm \ EMBEDDING_MODEL=deepvk/USER-bge-m3 \ NON_INTERACTIVE=true \ bash install.sh
Every phase is idempotent and resumable. Fail mid-pull? Re-run the installer and it picks up exactly where it left off.
Detect OS, CPU, GPU, RAM, disk, free ports. Validate minimum requirements before touching the system.
~15 questions: profile, vector DB, LLM provider, model, embeddings, TLS, monitoring, 2FA, backups, tunnel.
Docker CE + NVIDIA Container Toolkit (aarch64 repos). Verifies CDI device discovery for the GB10 GPU and pins driver to the 580.x line.
Generates .env, nginx reverse proxy, Redis, secrets (/dev/urandom), LiteLLM routing, Authelia config.
Validates versions.env manifest against the registry. Pulls every image by digest — no :latest ever.
docker compose up -d. Creates admin users for Dify and Open WebUI. Waits for initial bootstraps.
Optional dual-Spark cluster mode. Pushes vLLM and dedicated GPU services to the worker node over the 200G QSFP link. Skipped on single-node installs.
Healthcheck loop per service with a timeout budget. Obtains Let's Encrypt certificate when profile is VPS.
Downloads LLM + embeddings to the correct runtime (Ollama registry or HF cache). GPU-aware warm-up. Graceful timeout handling for large models.
Configures the backup system — age encryption, optional S3 upload, cron schedule. Wires agmind backup and agmind restore into systemd timers.
Installs CLI & systemd service. Initializes admin users. Writes credentials.txt (chmod 600). Prints the final endpoints table — including *.local mDNS hosts.
agmind CLI — operate without knowing Docker.One command to see the whole stack. One command to back it up. One command to rotate every secret.
5 dashboards pre-provisioned. Alerts routed to Telegram or webhook. Node Exporter + cAdvisor + custom GPU exporter.
Nginx is the only public-facing service. Code sandbox reaches the internet only through a Squid SSRF proxy with an allow-list. Everything else lives on the internal backend.
Nginx is the only thing exposed externally — it terminates TLS, applies rate-limit and security headers. Grafana and Portainer are dual-homed so they reach the host network without leaking onto the public side.
Every data-plane service: Dify orchestration, agentic workers (RAGFlow, Open Notebook, DB-GPT), the GPU inference fleet (vLLM × 3 + Ollama + TEI), state stores, and the full observability pipeline. Non-routable from outside — services find each other by Compose DNS.
Dify's code sandbox runs untrusted user code with zero direct internet. All outbound HTTP is funnelled through a Squid forward proxy with a strict allow-list — the only path off-host.
NVIDIA GB10, 128 GB unified memory. fp8 KV cache. 65K context window.
The same RAG platform. Three paths. One of them ships before lunch.
| Cloud API OpenAI / Anthropic | DIY stack compose from scratch | AGmind one command | |
|---|---|---|---|
| Time to first chat | 10 min | 2–4 weeks | ~25 minutes |
| Data stays on your hardware | – | ||
| Cost at scale | Per-token · unbounded | Hardware + eng time | Hardware only |
| TLS, firewall, 2FA | Provider-managed | You write it | Phase 8 — automatic |
| Grafana + Prometheus + Loki | – | Manual · days | Pre-provisioned |
| Backups · restore drills | – | Bespoke scripts | Built in · cron-scheduled |
| Vendor lock-in | High | None | None · Apache 2.0 |
| Secret rotation | Dashboard | Manual | agmind rotate-secrets |
| GPU autodetect · VRAM split | – | – | |
| Day-2 operations CLI | – | – | agmind status · doctor · backup |
Every service runs with least-privilege. Every secret is 64 random bytes from /dev/urandom. Every public surface is rate-limited.
Every container runs with cap_drop: ALL and only the specific capabilities it needs added back. No SYS_ADMIN anywhere.
Single-sign-on across Dify, Grafana, Portainer, Open WebUI. TOTP or WebAuthn. Session tokens rotated automatically.
The code sandbox has zero direct egress. All outbound HTTP is funnelled through a Squid proxy with a strict allow-list.
Per-IP limits on /v1/chat, /login, /api/*. Burst + sustained buckets. fail2ban bans on 5xx spikes.
64-byte secrets from /dev/urandom, written to credentials.txt with chmod 600. Rotation is a single command.
Every image pulled by sha256 digest — never :latest. The versions.env manifest is auditable and reproducible.
Hard requirement: aarch64 + NVIDIA GB10. AGmind targets NVIDIA DGX Spark — 20-core Grace ARM, 128 GB unified memory (AGmind allocates ~85 GiB for containers), Blackwell GB10. x86_64 is unsupported as of 2026-04-25 — the installer refuses to run. Equivalent aarch64 hosts with a Blackwell-class GPU should work but are not in the tested matrix. OS: DGX OS 7.5.0 (Ubuntu 24.04 arm64), driver 580.x — do not upgrade past it.
Yes. After phase 5 (image pull) the stack runs without outbound internet — service endpoints resolve via mDNS (agmind-dify.local, agmind-rag.local, …) so you don't even need a DNS server. LAN profile skips Let's Encrypt and uses self-signed TLS. SearXNG can be disabled for zero outbound traffic.
Absolutely. Any GGUF model for Ollama, any HuggingFace model for vLLM. Qwen, Llama, Gemma, Mistral, DeepSeek — all tested. LiteLLM lets you route to commercial APIs if you want a hybrid setup.
agmind update --check compares your pinned digests with upstream. agmind update --apply pulls new digests, restarts services in dependency order, and runs the healthcheck loop. If anything fails, rollback is one command.
No. AGmind dropped x86_64 on 2026-04-25 and is not built for ROCm or Apple Silicon. The installer is gated on aarch64 + NVIDIA GB10. Notable arm64 caveats handled automatically: Dify sandbox is amd64-only and runs through QEMU; RAGFlow uses a community-built arm64 image (ar2r223/ragflow-spark); TEI rerank stays on CPU where no arm64 GPU image exists.
Yes. AGmind is Apache 2.0. Ship products on top of it, modify it, re-distribute it. Bundled components carry their own permissive licenses — Dify, vLLM, Ollama, Grafana stack all allow commercial use.
Community support is on GitHub Discussions + Issues. For dedicated engineering, deployments, and SLAs, reach out through the repository.
Apache 2.0. No vendor lock-in. 30+ containers on your hardware, TLS on day one, Grafana on day one, backups on day one.