§ 01 — config

Every knob, named plainly.

DayMug reads one YAML file at startup. Copy config.example.yaml, change the fields below, and restart the service when you are done.

load order

DayMug tries --config <path>, then DAYMUG_CONFIG, then config.yaml next to the binary.

reload

The file is read once. Restart with systemctl --user restart daymug.service after a change.

example

Open config.example.yaml for a complete copyable template with comments for practical defaults.

server

Network address and install identity for this DayMug instance.

server.addr
:8080

HTTP listen address. Use 127.0.0.1:8090 behind a local reverse proxy, or 0.0.0.0:8080 / :8080 when exposing directly.

server.public_url
empty

External base URL users open. Notifications use it to build clickable deep links; without it, pushes can still send text but cannot open the conversation.

server.client_id
empty

Stable install UUID reported by heartbeats. The installer writes it; leaving it empty works, but each startup uses a temporary identity.

auth

Browser session lifetime and login method switches.

auth.session_ttl
720h

Login session lifetime in Go duration syntax. The session cookie max-age follows this value.

auth.cookie_secure
false

Adds the Secure flag to the session cookie. Set true for HTTPS deployments.

auth.password_login_enabled
true

Enables username and password login. Turn it off when OIDC is the only allowed sign-in path.

admin

Recovery path for administrator access.

admin.bootstrap_usernames
[]

Usernames listed here are promoted to admin on every startup. Add yourself and restart if all admins were accidentally removed.

users

Default filesystem root for user working directories.

users.default_home_root
~/.daymug/users

New users get <root>/<username> as their default work directory. ~/ expands to the service user's home and must resolve to an absolute path.

providers[]

Credential pools for Claude, Codex, or MiMo. The first entry is the new-conversation default, and one entry must be named default.

providers[].name
required

Unique account name inside the YAML. DayMug requires at least one provider named default.

providers[].type
required

Backend type: claude, codex, or mimo. It decides which CLI adapter runs the conversation.

providers[].max_concurrent
1 if <=0

Maximum simultaneous conversations for this account. Extra work queues and clients see a one-based queue position.

providers[].config_dir
type-dependent

Credential directory. Claude and MiMo map it to CLAUDE_CONFIG_DIR and can fall back to ~/.claude; Codex maps it to CODEX_HOME and must be explicit.

providers[].env
{}

Extra environment variables passed only to the child CLI. Use field names such as OPENAI_API_KEY or ANTHROPIC_AUTH_TOKEN; keep real secrets out of public docs.

providers[].models
[]

Optional chat model IDs advertised for this provider type. The first non-empty list wins, and its first model becomes the default for new conversations.

providers[].summary_model
empty

Optional model for internal summaries: automatic titles and /compact.

providers[].runner_mode
inherits global

Per-account override for process spawning: cli pipes stdio, pty wraps the CLI in a pseudo-terminal.

runner

Global CLI launch mode and silence watchdogs.

runner_mode
cli

Global process mode. cli uses stdin/stdout/stderr pipes; pty gives CLIs a terminal-like process, useful for login commands that check isatty().

runner_stall_timeout
10m

How long stdout may be silent before DayMug probes process CPU time and session logs instead of immediately killing the CLI.

runner_max_silent_timeout
2h

Absolute limit for one stdout-silent stretch, even if the activity probe still sees work happening.

tools

Tool names the admin UI can grant to users for Claude runs.

tools.available[].name
none

Tool shown in the admin UI and passed to Claude --allowedTools when selected.

tools.available[].patterns
[]

Optional fine-grained allow patterns for a tool, such as limiting Bash to specific command prefixes.

tools.default_for_new_user
[]

Tool names preselected when an administrator creates a new user. An empty allowed-tools value on a user means no DayMug-side restriction.

sandbox

Optional per-agent process isolation.

sandbox.enabled
false

Turns isolation on when paired with a real sandbox type. enabled: true with type: noop is normalized back to no isolation.

sandbox.type
noop

noop inherits the service user's filesystem access. bwrap uses Linux bubblewrap and confines normal users to their work directory.

sandbox.network
true

Only meaningful for bwrap. True keeps host network access; false starts the jailed process offline.

sandbox.extra_ro_binds
[]

Extra absolute host paths mounted read-only into every jailed agent, useful for shared reference assets.

sandbox.extra_rw_binds
[]

Extra absolute host paths mounted read-write into every jailed agent. Keep this narrow because it expands what agents can modify.

oidc

Optional Casdoor or generic OpenID Connect single sign-on.

oidc.enabled
false

Enables OIDC login. When false, every other OIDC field is ignored.

oidc.issuer
required if enabled

Identity-provider issuer URL. DayMug discovers /.well-known/openid-configuration from it.

oidc.client_id
required if enabled

OAuth client ID issued by the IdP for this DayMug app.

oidc.client_secret
required if enabled

OAuth client secret. Store the real value only in private config, never in public examples or screenshots.

oidc.redirect_uri
required if enabled

Callback URL registered with the IdP. It must exactly match the public app URL plus /api/auth/oidc/callback.

oidc.scopes
openid, profile, email

OAuth scopes requested. Keep profile when using Casdoor so groups, roles, and permissions are available.

oidc.group_claim
groups

Claim name DayMug reads for group membership.

oidc.role_claim
roles

Claim name DayMug reads for role membership.

oidc.permission_claim
permissions

Claim name DayMug reads for permission membership.

oidc.required_groups
[]

Allowed group values. If any required list is non-empty, a user needs at least one match in one configured dimension.

oidc.required_roles
[]

Allowed role values. Empty means this dimension does not restrict access.

oidc.required_permissions
[]

Allowed permission values. With all required lists empty, any authenticated IdP user may enter subject to provisioning.

oidc.auto_provision
true

Creates a local non-admin user on first successful OIDC login when no local user matches the email. False makes OIDC a closed allowlist.

oidc.button_label
Sign in with SSO

Text shown on the login page SSO button.

upgrade

Service restart and health-check settings for self-upgrade.

upgrade.service
daymug

systemd unit name the watchdog restarts after swapping the binary.

upgrade.service_mode
user

user runs systemctl --user; system runs system-level systemctl.

upgrade.health_path
/api/health

HTTP path polled after an upgrade. Host and port are derived from the configured listen address.

upgrade.health_timeout
60s

Maximum time to wait for a healthy response before rolling back to the previous binary.

usage

Timezone used to group token and cost usage by day.

usage.timezone
Asia/Shanghai

IANA timezone name, UTC, or Local. It controls the day boundary for usage charts; changing it does not rewrite older rows.

Not YAML fields: SQLite always lives at <binary_dir>/data/database.db; the self-upgrade manifest URL is hard-coded in the server; per-user provider bindings live in the database and are managed from the admin UI.