libos.entrypoint = "{{ entrypoint }}"

[loader]
argv = ["{{ entrypoint }}"]
entrypoint = "file:{{ gramine.libos }}"
log_level = "{{ log_level }}"

[loader.env]
### DEBUG ###
RUST_BACKTRACE = "1"
RUST_LOG = "warning"

### Fixed values ###
LD_LIBRARY_PATH = "{{ gramine.runtimedir() }}:/lib"
SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"
PATH = "/bin"
HOME = "/app"

MALLOC_ARENA_MAX = "1"
AZDCAP_DEBUG_LOG_LEVEL = "ignore"
AZDCAP_COLLATERAL_VERSION = "v4"

[fs]
root.uri = "file:/"
start_dir = "/app"
mounts = [
  { type = "tmpfs", path = "/var/tmp" },
  { type = "tmpfs", path = "/tmp" },
  { type = "tmpfs", path = "/app/.dcap-qcnl" },
  { type = "tmpfs", path = "/app/.az-dcap-client" },
]

[sgx]
trusted_files = [
  "file:/app/",
  "file:/bin/",
  "file:/etc/gai.conf",
  "file:/etc/sgx_default_qcnl.conf",
  "file:/etc/ssl/certs/ca-bundle.crt",
  "file:/lib/",
  "file:/nix/",
  "file:{{ gramine.libos }}",
  "file:{{ gramine.runtimedir() }}/",
]
remote_attestation = "dcap"
max_threads = 64
edmm_enable = false
## max enclave size
enclave_size = "2G"

[sys]
enable_extra_runtime_domain_names_conf = true
enable_sigterm_injection = true

# possible tweak option, if problems with mio
# currently mio is compiled with `mio_unsupported_force_waker_pipe`
# insecure__allow_eventfd = true