Struct Config 

pub struct Config {

    pub version: u32,
    pub opencode_web_port: u16,
    pub bind: String,
    pub auto_restart: bool,
    pub boot_mode: String,
    pub restart_retries: u32,
    pub restart_delay: u32,
    pub auth_username: Option<String>,
    pub auth_password: Option<String>,
    pub container_env: Vec<String>,
    pub bind_address: String,
    pub trust_proxy: bool,
    pub allow_unauthenticated_network: bool,
    pub rate_limit_attempts: u32,
    pub rate_limit_window_seconds: u32,
    pub users: Vec<String>,
    pub cockpit_port: u16,
    pub cockpit_enabled: bool,
    pub image_source: String,
    pub update_check: String,
    pub mounts: Vec<String>,
}

Main configuration structure for opencode-cloud

Serialized to/from ~/.config/opencode-cloud/config.json

Fields

version: u32

Config file version for migrations

opencode_web_port: u16

Port for the opencode web UI (default: 3000)

bind: String

Bind address (default: “localhost”) Use “localhost” for local-only access (secure default) Use “0.0.0.0” for network access (requires explicit opt-in)

auto_restart: bool

Auto-restart service on crash (default: true)

boot_mode: String

Boot mode for service registration (default: “user”) “user” - Service starts on user login (no root required) “system” - Service starts on boot (requires root)

restart_retries: u32

Number of restart attempts on crash (default: 3)

restart_delay: u32

Seconds between restart attempts (default: 5)

auth_username: Option<String>

Username for opencode basic auth (DEPRECATED - use PAM users via occ user add instead)

This field is kept for backward compatibility but is ignored. New deployments should create users via occ user add which uses PAM authentication. Legacy deployments can migrate by running occ user add <username>.

auth_password: Option<String>

Password for opencode basic auth (DEPRECATED - use PAM users via occ user add instead)

This field is kept for backward compatibility but is ignored. Passwords are stored in the container’s /etc/shadow via PAM, not in config files.

container_env: Vec<String>

Environment variables passed to container (default: empty) Format: [“KEY=value”, “KEY2=value2”]

bind_address: String

Bind address for opencode web UI (default: “127.0.0.1”) Use “0.0.0.0” or “::” for network exposure (requires explicit opt-in)

trust_proxy: bool

Trust proxy headers (X-Forwarded-For, etc.) for load balancer deployments

allow_unauthenticated_network: bool

Allow unauthenticated access when network exposed Requires double confirmation on first start

rate_limit_attempts: u32

Maximum auth attempts before rate limiting

rate_limit_window_seconds: u32

Rate limit window in seconds

users: Vec<String>

List of usernames configured in container (for persistence tracking) Passwords are NOT stored here - only in container’s /etc/shadow

cockpit_port: u16

Cockpit web console port (default: 9090) Only used when cockpit_enabled is true

cockpit_enabled: bool

Enable Cockpit web console (default: false)

When enabled:

• Container uses systemd as init (required for Cockpit)
• Requires Linux host with native Docker (does NOT work on macOS Docker Desktop)
• Cockpit web UI accessible at cockpit_port

When disabled (default):

• Container uses tini as init (lightweight, works everywhere)
• Works on macOS, Linux, and Windows
• No Cockpit web UI

image_source: String

Source of Docker image: ‘prebuilt’ (pull from registry) or ‘build’ (compile locally)

update_check: String

When to check for updates: ‘always’ (every start), ‘once’ (once per version), ‘never’

mounts: Vec<String>

Bind mounts to apply when starting the container Format: [“/host/path:/container/path”, “/host:/mnt:ro”]

Implementations

impl Config

pub fn new() -> Self

Create a new Config with default values

pub fn has_required_auth(&self) -> bool

Check if required auth credentials are configured

Returns true if:

• The users array is non-empty (PAM-based auth - preferred), OR
• Both auth_username and auth_password are Some and non-empty (legacy - deprecated)

Note: Legacy auth_username/auth_password fields are deprecated and ignored in favor of PAM users. This method still checks them for backward compatibility, but new deployments should use occ user add.

This is used to determine if the setup wizard needs to run.

pub fn is_network_exposed(&self) -> bool

Check if the bind address exposes the service to the network

Returns true if bind_address is “0.0.0.0” (IPv4 all interfaces) or “::” (IPv6 all interfaces).

pub fn is_localhost(&self) -> bool

Check if the bind address is localhost-only

Returns true if bind_address is “127.0.0.1”, “::1”, or “localhost”.

Trait Implementations

impl Clone for Config

fn clone(&self) -> Config

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Config

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Config

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for Config

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for Config

fn eq(&self, other: &Config) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Config

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for Config