From bece71441ce9bf7106bdc96558411a72746af6e3 Mon Sep 17 00:00:00 2001
From: Martin Lablans <m.lablans@dkfz-heidelberg.de>
Date: Tue, 8 Nov 2022 10:39:11 +0100
Subject: [PATCH 01/20] Support DNPM

---
 ccp/vars                        |   4 ++
 dnpm/dnpm-compose.yml           | 104 ++++++++++++++++++++++++++++++++
 dnpm/dnpm-setup.sh              |  11 ++++
 dnpm/origin/Backend.Dockerfile  |  66 ++++++++++++++++++++
 dnpm/origin/Frontend.Dockerfile |  39 ++++++++++++
 dnpm/origin/logback.xml         |  37 ++++++++++++
 6 files changed, 261 insertions(+)
 create mode 100644 dnpm/dnpm-compose.yml
 create mode 100644 dnpm/dnpm-setup.sh
 create mode 100644 dnpm/origin/Backend.Dockerfile
 create mode 100644 dnpm/origin/Frontend.Dockerfile
 create mode 100644 dnpm/origin/logback.xml

diff --git a/ccp/vars b/ccp/vars
index f5f734e7..c334d4e5 100644
--- a/ccp/vars
+++ b/ccp/vars
@@ -11,3 +11,7 @@ PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 # This will load nngm setup. Effective only if nngm configuration is defined.
 source $PROJECT/nngm-setup.sh
 nngmSetup
+
+# This will load DNPM setup. Effective only if DNPM configuration is defined in /etc/bridgehead/dnpm.
+source dnpm/dnpm-setup.sh
+dnpmSetup
diff --git a/dnpm/dnpm-compose.yml b/dnpm/dnpm-compose.yml
new file mode 100644
index 00000000..19041231
--- /dev/null
+++ b/dnpm/dnpm-compose.yml
@@ -0,0 +1,104 @@
+version: "3.7"
+
+secrets:
+  connect_targets.json:
+    file: /etc/bridgehead/dnpm/local_targets.json
+
+services:
+#  traefik:
+#    command:
+#      - --entrypoints.dnpm-frontend.address=:3000
+#      - --entrypoints.dnpm-backend.address=:9000
+#    ports:
+#      - 3000:3000
+#      - 9000:9000
+  beam-proxy:
+    environment:
+      APP_2_ID: dnpm
+      APP_2_KEY: ${DNPM_BEAM_SECRET_SHORT}
+
+  dnpm-beam-connect:
+    depends_on: [ beam-proxy ]
+    image: samply/beam-connect:sites-without-auth
+    environment:
+      PROXY_URL: http://beam-proxy:8081
+      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
+      APP_ID: dnpm.${PROXY_ID}
+      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
+      LOCAL_TARGETS_FILE: /run/secrets/connect_targets.json
+      HTTP_PROXY: http://forward_proxy:3128
+      HTTPS_PROXY: http://forward_proxy:3128
+      NO_PROXY: proxy,dnpm-backend
+      RUST_LOG: ${RUST_LOG:-info}
+    secrets:
+      - connect_targets.json
+# Enable this if you disable the internal DNPM backend/frontend
+#    ports:
+#      - 8062:8062
+# or the same via traefik:
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.connector.rule=PathPrefix(`/dnpm-connector`)"
+#      - "traefik.http.services.connector.loadbalancer.server.port=8062"
+#      - "traefik.http.routers.connector.tls=true"
+
+  dnpm-frontend:
+    depends_on: [ dnpm-backend ]
+    build:
+      context: ./dnpm/origin
+      dockerfile: Frontend.Dockerfile
+      args:
+        NUXT_HOST: 0.0.0.0
+        NUXT_PORT: 3000
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: localhost
+        BACKEND_PORT: 9000
+        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
+    ports:
+        - 3000:3000
+    environment:
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: localhost
+        BACKEND_PORT: 9000
+        no_proxy: dnpm-backend
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.dnpm-frontend.entrypoints=dnpm-frontend"
+#      - "traefik.http.routers.dnpm-frontend.tls=true"
+#      - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
+##      - "traefik.http.routers.dashboard.entrypoints=websecure"
+##      - "traefik.http.routers.dashboard.service=api@internal"
+##      - "traefik.http.routers.dashboard.tls=true"
+##      - "traefik.http.routers.dashboard.middlewares=auth"
+##      - "traefik.http.routers.dnpm-frontend.service=dnpm-frontend"
+
+  dnpm-backend:
+    build:
+      context: ./dnpm/origin
+      dockerfile: Backend.Dockerfile
+      args:
+        BWHC_BASE_DIR: /bwhc-backend
+        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
+    ports:
+      - 9000:9000
+    environment:
+      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
+      ZPM_SITE: ${ZPM_SITE}
+      noproxy: dnpm-frontend,connect
+      # PLAY_HTTP_PORT: 9000
+      # PLAY_HTTP_ADDRESS: 0.0.0.0
+    volumes:
+      - ./origin/logback.xml:/bwhc-backend/logback.xml:ro
+      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
+      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
+      - bwhc_data:/bwhc-backend/data/
+      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.connector.rule=PathPrefix(`/dnpm-backend`)"
+#      - "traefik.http.services.connector.loadbalancer.server.port=9000"
+#      - "traefik.http.routers.connector.tls=true"
+
+volumes:
+  bwhc_data:
+  bwhc_hgnc_data:
diff --git a/dnpm/dnpm-setup.sh b/dnpm/dnpm-setup.sh
new file mode 100644
index 00000000..f8893a37
--- /dev/null
+++ b/dnpm/dnpm-setup.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+function dnpmSetup() {
+	if [ -e /etc/bridgehead/dnpm/local_targets.json ]; then
+		log INFO "DNPM setup detected -- will start DNPM Connector."
+		source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars"
+		OVERRIDE+="-f ./dnpm/dnpm-compose.yml"
+		DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+		DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+	fi
+}
diff --git a/dnpm/origin/Backend.Dockerfile b/dnpm/origin/Backend.Dockerfile
new file mode 100644
index 00000000..e37c008b
--- /dev/null
+++ b/dnpm/origin/Backend.Dockerfile
@@ -0,0 +1,66 @@
+FROM openjdk:11-jre AS builder
+
+ARG DNPM_BWHC_BACKEND_ZIP
+
+# Change to latest release
+ARG VERSION=broker
+
+ARG BWHC_BASE_DIR=/bwhc-backend
+
+ENV BWHC_BASE_DIR=$BWHC_BASE_DIR
+ENV BWHC_USER_DB_DIR=$BWHC_BASE_DIR/data/user-db
+ENV BWHC_DATA_ENTRY_DIR=$BWHC_BASE_DIR/data/data-entry
+ENV BWHC_QUERY_DATA_DIR=$BWHC_BASE_DIR/data/query-data
+
+ADD ${DNPM_BWHC_BACKEND_ZIP} /
+RUN unzip $(basename ${DNPM_BWHC_BACKEND_ZIP}) && rm $(basename ${DNPM_BWHC_BACKEND_ZIP})
+
+WORKDIR $BWHC_BASE_DIR
+
+# Prepare config file to use environment variables from docker
+RUN sed -i -r "s/APPLICATION_SECRET(.*)/#APPLICATION_SECRET\1/" ./config
+RUN sed -i -r "s/ZPM_SITE(.*)/#ZPM_SITE\1/" ./config
+
+# Prepare config file to use fix environment variables for this image
+RUN sed -i -r "s~BWHC_DATA_ENTRY_DIR.*~BWHC_DATA_ENTRY_DIR=$BWHC_DATA_ENTRY_DIR~" ./config
+RUN sed -i -r "s~BWHC_QUERY_DATA_DIR.*~BWHC_QUERY_DATA_DIR=$BWHC_QUERY_DATA_DIR~" ./config
+RUN sed -i -r "s~BWHC_USER_DB_DIR.*~BWHC_USER_DB_DIR=$BWHC_USER_DB_DIR~" ./config
+
+RUN ./install.sh $BWHC_BASE_DIR
+
+RUN mv bwhc-rest-api-gateway-*/  bwhc-rest-api-gateway/
+
+FROM openjdk:11-jre
+
+ARG BWHC_BASE_DIR=/bwhc-backend
+
+ENV BWHC_BASE_DIR=$BWHC_BASE_DIR
+ENV BWHC_USER_DB_DIR=$BWHC_BASE_DIR/data/user-db
+ENV BWHC_DATA_ENTRY_DIR=$BWHC_BASE_DIR/data/data-entry
+ENV BWHC_QUERY_DATA_DIR=$BWHC_BASE_DIR/data/query-data
+ENV BWHC_CONNECTOR_CONFIG=$BWHC_BASE_DIR/bwhcConnectorConfig.xml
+
+COPY --from=builder $BWHC_BASE_DIR/config $BWHC_BASE_DIR/
+COPY --from=builder $BWHC_BASE_DIR/bwhcConnectorConfig.xml $BWHC_BASE_DIR/
+COPY --from=builder $BWHC_BASE_DIR/logback.xml $BWHC_BASE_DIR/
+COPY --from=builder $BWHC_BASE_DIR/production.conf $BWHC_BASE_DIR/
+COPY --from=builder $BWHC_BASE_DIR/bwhc-rest-api-gateway/ $BWHC_BASE_DIR/bwhc-rest-api-gateway/
+
+VOLUME $BWHC_BASE_DIR/data
+VOLUME $BWHC_BASE_DIR/hgnc_data
+
+EXPOSE ${BWHC_BACKEND_PORT}
+
+WORKDIR $BWHC_BASE_DIR
+
+CMD $BWHC_BASE_DIR/bwhc-rest-api-gateway/bin/bwhc-rest-api-gateway \
+    -Dplay.http.secret.key=$APPLICATION_SECRET \
+    -Dconfig.file=$BWHC_BASE_DIR/production.conf \
+    -Dlogger.file=$BWHC_BASE_DIR/logback.xml \
+    -Dpidfile.path=/dev/null \
+    -Dbwhc.zpm.site=$ZPM_SITE \
+    -Dbwhc.data.entry.dir=$BWHC_DATA_ENTRY_DIR \
+    -Dbwhc.query.data.dir=$BWHC_QUERY_DATA_DIR \
+    -Dbwhc.user.data.dir=$BWHC_USER_DB_DIR \
+    -Dbwhc.hgnc.dir=$BWHC_HGNC_DIR \
+    -Dbwhc.connector.configFile=$BWHC_CONNECTOR_CONFIG
diff --git a/dnpm/origin/Frontend.Dockerfile b/dnpm/origin/Frontend.Dockerfile
new file mode 100644
index 00000000..60f7d3d1
--- /dev/null
+++ b/dnpm/origin/Frontend.Dockerfile
@@ -0,0 +1,39 @@
+FROM node:10-alpine
+
+ARG DNPM_BWHC_FRONTEND_ZIP
+
+# Change to latest release
+# Required for image build using local copy of zip file
+ARG VERSION=2207
+
+# nuxt host and port to be replaced in package.json. (See 2.3 in bwHCPrototypeManual)
+# NUXT_HOST should have a value with public available IP address from within container.
+# If changing NUXT_PORT, also change exposed port.
+ARG NUXT_HOST=0.0.0.0
+ARG NUXT_PORT=3000
+
+# Backend access setup. (See 2.4 in bwHCPrototypeManual)
+ARG BACKEND_PROTOCOL=http
+ARG BACKEND_HOSTNAME=localhost
+ARG BACKEND_PORT=8080
+
+ADD ${DNPM_BWHC_FRONTEND_ZIP} /
+RUN unzip $(basename ${DNPM_BWHC_FRONTEND_ZIP}) && rm $(basename ${DNPM_BWHC_FRONTEND_ZIP})
+
+WORKDIR /bwhc-frontend
+
+RUN npm install
+
+# Prepare package.json
+RUN sed -i -r "s/^(\s*)\"host\"[^,]*(,?)/\1\"host\": \"$NUXT_HOST\"\2/" ./package.json
+RUN sed -i -r "s/^(\s*)\"port\"[^,]*(,?)/\1\"port\": \"$NUXT_PORT\"\2/" ./package.json
+
+# Prepare nuxt.config.js
+RUN sed -i -r "s/^(\s*)baseUrl[^,]*(,?)/\1baseUrl: process.env.BASE_URL || '$BACKEND_PROTOCOL:\/\/$BACKEND_HOSTNAME'\2/" ./nuxt.config.js
+RUN sed -i -r "s/^(\s*)port[^,]*(,?)/\1port: process.env.port || ':$BACKEND_PORT'\2/" ./nuxt.config.js
+
+RUN npm run generate
+
+EXPOSE $NUXT_PORT
+
+CMD npm start
diff --git a/dnpm/origin/logback.xml b/dnpm/origin/logback.xml
new file mode 100644
index 00000000..c25cda65
--- /dev/null
+++ b/dnpm/origin/logback.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<configuration scan="true">
+
+  <property name="LOG_DIR"  value="./bwhc_logs/"/>
+  <property name="LOG_FILE" value="bwhealthcloud"/>
+
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+    </encoder>
+  </appender>
+
+<!--
+  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${LOG_DIR}/${LOG_FILE}.log</file>
+
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${LOG_DIR}/${LOG_FILE}-%d{yyyy-MM-dd}.log</fileNamePattern>
+
+      <maxHistory>30</maxHistory>
+      <totalSizeCap>3GB</totalSizeCap>
+    </rollingPolicy>
+
+    <encoder>
+      <pattern>%d [%thread] %-5level %logger{36} - %msg%n</pattern>
+    </encoder>
+  </appender>
+-->
+  <root level="DEBUG">
+    <appender-ref ref="STDOUT"/>
+<!--
+    <appender-ref ref="FILE"/>
+-->
+  </root>
+
+</configuration>

From 3a5444dec05eeef7fe4cb31d00058c8a5297f501 Mon Sep 17 00:00:00 2001
From: Martin Lablans <m.lablans@dkfz-heidelberg.de>
Date: Tue, 8 Nov 2022 10:55:18 +0100
Subject: [PATCH 02/20] Allow to run DNPM with Connect or with BWHC included

---
 dnpm/dnpm-compose-beamconnect.yml |  29 +++++++++
 dnpm/dnpm-compose-bwhc.yml        |  48 ++++++++++++++
 dnpm/dnpm-compose.yml             | 104 ------------------------------
 dnpm/dnpm-setup.sh                |  10 ++-
 4 files changed, 84 insertions(+), 107 deletions(-)
 create mode 100644 dnpm/dnpm-compose-beamconnect.yml
 create mode 100644 dnpm/dnpm-compose-bwhc.yml
 delete mode 100644 dnpm/dnpm-compose.yml

diff --git a/dnpm/dnpm-compose-beamconnect.yml b/dnpm/dnpm-compose-beamconnect.yml
new file mode 100644
index 00000000..57c46eb6
--- /dev/null
+++ b/dnpm/dnpm-compose-beamconnect.yml
@@ -0,0 +1,29 @@
+version: "3.7"
+
+services:
+  beam-proxy:
+    environment:
+      APP_2_ID: dnpm
+      APP_2_KEY: ${DNPM_BEAM_SECRET_SHORT}
+
+  dnpm-beam-connect:
+    depends_on: [ beam-proxy ]
+    image: samply/beam-connect:sites-without-auth
+    environment:
+      PROXY_URL: http://beam-proxy:8081
+      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
+      APP_ID: dnpm.${PROXY_ID}
+      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
+      LOCAL_TARGETS_FILE: /run/secrets/connect_targets.json
+      HTTP_PROXY: http://forward_proxy:3128
+      HTTPS_PROXY: http://forward_proxy:3128
+      NO_PROXY: beam-proxy,dnpm-backend
+      RUST_LOG: ${RUST_LOG:-info}
+    secrets:
+      - connect_targets.json
+    ports:
+      - 8062:8062
+
+secrets:
+  connect_targets.json:
+    file: /etc/bridgehead/dnpm/local_targets.json
diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml
new file mode 100644
index 00000000..1953ca5f
--- /dev/null
+++ b/dnpm/dnpm-compose-bwhc.yml
@@ -0,0 +1,48 @@
+version: "3.7"
+
+services:
+  dnpm-frontend:
+    depends_on: [ dnpm-backend ]
+    build:
+      context: ./dnpm/origin
+      dockerfile: Frontend.Dockerfile
+      args:
+        NUXT_HOST: 0.0.0.0
+        NUXT_PORT: 3000
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: localhost
+        BACKEND_PORT: 9000
+        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
+    ports:
+        - 3000:3000
+    environment:
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: localhost
+        BACKEND_PORT: 9000
+        no_proxy: dnpm-backend
+
+  dnpm-backend:
+    build:
+      context: ./dnpm/origin
+      dockerfile: Backend.Dockerfile
+      args:
+        BWHC_BASE_DIR: /bwhc-backend
+        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
+    ports:
+      - 9000:9000
+    environment:
+      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
+      ZPM_SITE: ${ZPM_SITE}
+      noproxy: dnpm-frontend,connect
+      # PLAY_HTTP_PORT: 9000
+      # PLAY_HTTP_ADDRESS: 0.0.0.0
+    volumes:
+      - ./origin/logback.xml:/bwhc-backend/logback.xml:ro
+      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
+      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
+      - bwhc_data:/bwhc-backend/data/
+      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
+
+volumes:
+  bwhc_data:
+  bwhc_hgnc_data:
diff --git a/dnpm/dnpm-compose.yml b/dnpm/dnpm-compose.yml
deleted file mode 100644
index 19041231..00000000
--- a/dnpm/dnpm-compose.yml
+++ /dev/null
@@ -1,104 +0,0 @@
-version: "3.7"
-
-secrets:
-  connect_targets.json:
-    file: /etc/bridgehead/dnpm/local_targets.json
-
-services:
-#  traefik:
-#    command:
-#      - --entrypoints.dnpm-frontend.address=:3000
-#      - --entrypoints.dnpm-backend.address=:9000
-#    ports:
-#      - 3000:3000
-#      - 9000:9000
-  beam-proxy:
-    environment:
-      APP_2_ID: dnpm
-      APP_2_KEY: ${DNPM_BEAM_SECRET_SHORT}
-
-  dnpm-beam-connect:
-    depends_on: [ beam-proxy ]
-    image: samply/beam-connect:sites-without-auth
-    environment:
-      PROXY_URL: http://beam-proxy:8081
-      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
-      APP_ID: dnpm.${PROXY_ID}
-      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
-      LOCAL_TARGETS_FILE: /run/secrets/connect_targets.json
-      HTTP_PROXY: http://forward_proxy:3128
-      HTTPS_PROXY: http://forward_proxy:3128
-      NO_PROXY: proxy,dnpm-backend
-      RUST_LOG: ${RUST_LOG:-info}
-    secrets:
-      - connect_targets.json
-# Enable this if you disable the internal DNPM backend/frontend
-#    ports:
-#      - 8062:8062
-# or the same via traefik:
-#    labels:
-#      - "traefik.enable=true"
-#      - "traefik.http.routers.connector.rule=PathPrefix(`/dnpm-connector`)"
-#      - "traefik.http.services.connector.loadbalancer.server.port=8062"
-#      - "traefik.http.routers.connector.tls=true"
-
-  dnpm-frontend:
-    depends_on: [ dnpm-backend ]
-    build:
-      context: ./dnpm/origin
-      dockerfile: Frontend.Dockerfile
-      args:
-        NUXT_HOST: 0.0.0.0
-        NUXT_PORT: 3000
-        BACKEND_PROTOCOL: http
-        BACKEND_HOSTNAME: localhost
-        BACKEND_PORT: 9000
-        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
-    ports:
-        - 3000:3000
-    environment:
-        BACKEND_PROTOCOL: http
-        BACKEND_HOSTNAME: localhost
-        BACKEND_PORT: 9000
-        no_proxy: dnpm-backend
-#    labels:
-#      - "traefik.enable=true"
-#      - "traefik.http.routers.dnpm-frontend.entrypoints=dnpm-frontend"
-#      - "traefik.http.routers.dnpm-frontend.tls=true"
-#      - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
-##      - "traefik.http.routers.dashboard.entrypoints=websecure"
-##      - "traefik.http.routers.dashboard.service=api@internal"
-##      - "traefik.http.routers.dashboard.tls=true"
-##      - "traefik.http.routers.dashboard.middlewares=auth"
-##      - "traefik.http.routers.dnpm-frontend.service=dnpm-frontend"
-
-  dnpm-backend:
-    build:
-      context: ./dnpm/origin
-      dockerfile: Backend.Dockerfile
-      args:
-        BWHC_BASE_DIR: /bwhc-backend
-        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
-    ports:
-      - 9000:9000
-    environment:
-      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
-      ZPM_SITE: ${ZPM_SITE}
-      noproxy: dnpm-frontend,connect
-      # PLAY_HTTP_PORT: 9000
-      # PLAY_HTTP_ADDRESS: 0.0.0.0
-    volumes:
-      - ./origin/logback.xml:/bwhc-backend/logback.xml:ro
-      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
-      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
-      - bwhc_data:/bwhc-backend/data/
-      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
-#    labels:
-#      - "traefik.enable=true"
-#      - "traefik.http.routers.connector.rule=PathPrefix(`/dnpm-backend`)"
-#      - "traefik.http.services.connector.loadbalancer.server.port=9000"
-#      - "traefik.http.routers.connector.tls=true"
-
-volumes:
-  bwhc_data:
-  bwhc_hgnc_data:
diff --git a/dnpm/dnpm-setup.sh b/dnpm/dnpm-setup.sh
index f8893a37..360a7ccf 100644
--- a/dnpm/dnpm-setup.sh
+++ b/dnpm/dnpm-setup.sh
@@ -2,10 +2,14 @@
 
 function dnpmSetup() {
 	if [ -e /etc/bridgehead/dnpm/local_targets.json ]; then
-		log INFO "DNPM setup detected -- will start DNPM Connector."
-		source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars"
-		OVERRIDE+="-f ./dnpm/dnpm-compose.yml"
+		log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
+		OVERRIDE+=" -f ./dnpm/dnpm-compose-beamconnect.yml"
 		DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 		DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+		if [ -e /etc/bridgehead/dnpm/bwhcConnectorConfig.xml ]; then
+			log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend."
+			source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars"
+			OVERRIDE+=" -f ./dnpm/dnpm-compose-bwhc.yml"
+		fi
 	fi
 }

From 6c2d970d01ed07f3cdacf9bc9d607a026c0efba6 Mon Sep 17 00:00:00 2001
From: Martin Lablans <m.lablans@dkfz-heidelberg.de>
Date: Tue, 8 Nov 2022 10:56:45 +0100
Subject: [PATCH 03/20] Support DNPM Discovery URL

---
 dnpm/dnpm-setup.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dnpm/dnpm-setup.sh b/dnpm/dnpm-setup.sh
index 360a7ccf..3b94a864 100644
--- a/dnpm/dnpm-setup.sh
+++ b/dnpm/dnpm-setup.sh
@@ -6,9 +6,10 @@ function dnpmSetup() {
 		OVERRIDE+=" -f ./dnpm/dnpm-compose-beamconnect.yml"
 		DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 		DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+		source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars"
+		export DNPM_DISCOVERY_URL
 		if [ -e /etc/bridgehead/dnpm/bwhcConnectorConfig.xml ]; then
 			log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend."
-			source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars"
 			OVERRIDE+=" -f ./dnpm/dnpm-compose-bwhc.yml"
 		fi
 	fi

From 455d45603c974acca24c79ac61342eae24fcbc96 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Tue, 8 Nov 2022 12:45:29 +0000
Subject: [PATCH 04/20] Fix dnpm volume mounting path

---
 dnpm/dnpm-compose-bwhc.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml
index 1953ca5f..4e7343c1 100644
--- a/dnpm/dnpm-compose-bwhc.yml
+++ b/dnpm/dnpm-compose-bwhc.yml
@@ -37,7 +37,7 @@ services:
       # PLAY_HTTP_PORT: 9000
       # PLAY_HTTP_ADDRESS: 0.0.0.0
     volumes:
-      - ./origin/logback.xml:/bwhc-backend/logback.xml:ro
+      - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro
       - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
       - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
       - bwhc_data:/bwhc-backend/data/

From e11b24bf70e9f9883aea5c44792866f56cad9ad0 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Wed, 9 Nov 2022 09:46:30 +0000
Subject: [PATCH 05/20] Fix dnpm build context

---
 dnpm/dnpm-compose-bwhc.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml
index 4e7343c1..9ff0f476 100644
--- a/dnpm/dnpm-compose-bwhc.yml
+++ b/dnpm/dnpm-compose-bwhc.yml
@@ -4,7 +4,7 @@ services:
   dnpm-frontend:
     depends_on: [ dnpm-backend ]
     build:
-      context: ./dnpm/origin
+      context: ../dnpm/origin
       dockerfile: Frontend.Dockerfile
       args:
         NUXT_HOST: 0.0.0.0
@@ -23,7 +23,7 @@ services:
 
   dnpm-backend:
     build:
-      context: ./dnpm/origin
+      context: ../dnpm/origin
       dockerfile: Backend.Dockerfile
       args:
         BWHC_BASE_DIR: /bwhc-backend

From b6f0cd7a135c61ee451bf936a00f45fc70a9e3c4 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Wed, 9 Nov 2022 10:43:08 +0000
Subject: [PATCH 06/20] Set HTTP(S) Proxy for bwhc frontend build

---
 dnpm/dnpm-compose-bwhc.yml      | 2 ++
 dnpm/origin/Frontend.Dockerfile | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml
index 9ff0f476..c40b4d82 100644
--- a/dnpm/dnpm-compose-bwhc.yml
+++ b/dnpm/dnpm-compose-bwhc.yml
@@ -13,6 +13,8 @@ services:
         BACKEND_HOSTNAME: localhost
         BACKEND_PORT: 9000
         DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
+        HTTP_PROXY: ${http_proxy}
+        HTTPS_PROXY: ${https_proxy}
     ports:
         - 3000:3000
     environment:
diff --git a/dnpm/origin/Frontend.Dockerfile b/dnpm/origin/Frontend.Dockerfile
index 60f7d3d1..1d4bb307 100644
--- a/dnpm/origin/Frontend.Dockerfile
+++ b/dnpm/origin/Frontend.Dockerfile
@@ -17,6 +17,9 @@ ARG BACKEND_PROTOCOL=http
 ARG BACKEND_HOSTNAME=localhost
 ARG BACKEND_PORT=8080
 
+ARG HTTP_PROXY=""
+ARG HTTPS_PROXY=""
+
 ADD ${DNPM_BWHC_FRONTEND_ZIP} /
 RUN unzip $(basename ${DNPM_BWHC_FRONTEND_ZIP}) && rm $(basename ${DNPM_BWHC_FRONTEND_ZIP})
 

From bec42764bbd7a740cd6fa170de9605c1da808bf7 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Wed, 9 Nov 2022 11:39:21 +0000
Subject: [PATCH 07/20] Build the dnpm frontend in host network mode

---
 dnpm/dnpm-compose-bwhc.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml
index c40b4d82..d8f4ebb0 100644
--- a/dnpm/dnpm-compose-bwhc.yml
+++ b/dnpm/dnpm-compose-bwhc.yml
@@ -6,6 +6,7 @@ services:
     build:
       context: ../dnpm/origin
       dockerfile: Frontend.Dockerfile
+      network: host
       args:
         NUXT_HOST: 0.0.0.0
         NUXT_PORT: 3000

From 4a53bb3fb269d0ab392d462c120fcf73a183c886 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Wed, 9 Nov 2022 12:36:58 +0000
Subject: [PATCH 08/20] Expose dnpm backend hostname

---
 dnpm/dnpm-compose-bwhc.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml
index d8f4ebb0..60fe3f0d 100644
--- a/dnpm/dnpm-compose-bwhc.yml
+++ b/dnpm/dnpm-compose-bwhc.yml
@@ -10,8 +10,8 @@ services:
       args:
         NUXT_HOST: 0.0.0.0
         NUXT_PORT: 3000
-        BACKEND_PROTOCOL: http
-        BACKEND_HOSTNAME: localhost
+        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
+        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
         BACKEND_PORT: 9000
         DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
         HTTP_PROXY: ${http_proxy}
@@ -19,8 +19,8 @@ services:
     ports:
         - 3000:3000
     environment:
-        BACKEND_PROTOCOL: http
-        BACKEND_HOSTNAME: localhost
+        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
+        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
         BACKEND_PORT: 9000
         no_proxy: dnpm-backend
 

From 3a42570ac4c6842986c981ca4ec520b5436c2c8f Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Tue, 4 Apr 2023 13:11:33 +0200
Subject: [PATCH 09/20] Add DNPM discovery URL as public configuration

---
 dnpm/dnpm-setup.sh | 4 ++--
 dnpm/vars          | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)
 create mode 100644 dnpm/vars

diff --git a/dnpm/dnpm-setup.sh b/dnpm/dnpm-setup.sh
index 3b94a864..ff32c687 100644
--- a/dnpm/dnpm-setup.sh
+++ b/dnpm/dnpm-setup.sh
@@ -6,10 +6,10 @@ function dnpmSetup() {
 		OVERRIDE+=" -f ./dnpm/dnpm-compose-beamconnect.yml"
 		DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 		DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-		source /etc/bridgehead/dnpm/shared-but-secret-vars || fail_and_report 1 "Unable to load /etc/bridgehead/dnpm/shared-but-secret-vars"
+		source /srv/docker/bridgehead/dnpm/vars || fail_and_report 1 "Unable to load /srv/docker/bridgehead/dnpm/vars"
 		export DNPM_DISCOVERY_URL
 		if [ -e /etc/bridgehead/dnpm/bwhcConnectorConfig.xml ]; then
-			log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend."
+			log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
 			OVERRIDE+=" -f ./dnpm/dnpm-compose-bwhc.yml"
 		fi
 	fi
diff --git a/dnpm/vars b/dnpm/vars
new file mode 100644
index 00000000..69c22208
--- /dev/null
+++ b/dnpm/vars
@@ -0,0 +1 @@
+DNPM_DISCOVERY_URL=https://dnpm.medizin.uni-tuebingen.de/sites

From 3e1659a38d3c4eb6bc64d960445d124c8a808d14 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Wed, 10 May 2023 10:54:05 +0000
Subject: [PATCH 10/20] Modularize DNPM components

---
 bbmri/docker-compose.yml                     | 52 ------------------
 bbmri/modules/dnpm-compose-beamconnect.yml   | 47 ++++++++++++++++
 bbmri/modules/dnpm-compose-bwhc.yml          | 54 +++++++++++++++++++
 bbmri/modules/dnpm-setup.sh                  | 17 ++++++
 bbmri/vars                                   |  8 ++-
 bridgehead                                   | 14 +++--
 ccp/docker-compose.yml                       | 52 ------------------
 ccp/modules/dnpm-compose-beamconnect.yml     | 28 ++++++++++
 ccp/modules/dnpm-compose-bwhc.yml            | 54 +++++++++++++++++++
 ccp/modules/dnpm-setup.sh                    | 17 ++++++
 ccp/vars                                     |  8 +--
 lib/functions.sh                             |  2 +-
 lib/update-bridgehead.sh                     |  2 +-
 minimal/docker-compose.yml                   | 56 ++++++++++++++++++++
 minimal/modules/dnpm-compose-beamconnect.yml | 47 ++++++++++++++++
 minimal/modules/dnpm-compose-bwhc.yml        | 54 +++++++++++++++++++
 minimal/modules/dnpm-setup.sh                | 17 ++++++
 minimal/vars                                 |  5 ++
 18 files changed, 421 insertions(+), 113 deletions(-)
 create mode 100644 bbmri/modules/dnpm-compose-beamconnect.yml
 create mode 100644 bbmri/modules/dnpm-compose-bwhc.yml
 create mode 100644 bbmri/modules/dnpm-setup.sh
 create mode 100644 ccp/modules/dnpm-compose-beamconnect.yml
 create mode 100644 ccp/modules/dnpm-compose-bwhc.yml
 create mode 100644 ccp/modules/dnpm-setup.sh
 create mode 100644 minimal/docker-compose.yml
 create mode 100644 minimal/modules/dnpm-compose-beamconnect.yml
 create mode 100644 minimal/modules/dnpm-compose-bwhc.yml
 create mode 100644 minimal/modules/dnpm-setup.sh
 create mode 100644 minimal/vars

diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml
index d15f694c..42556840 100644
--- a/bbmri/docker-compose.yml
+++ b/bbmri/docker-compose.yml
@@ -1,58 +1,6 @@
 version: "3.7"
 
 services:
-  traefik:
-    container_name: bridgehead-traefik
-    image: docker.verbis.dkfz.de/cache/traefik:latest
-    command:
-      - --entrypoints.web.address=:80
-      - --entrypoints.websecure.address=:443
-      - --providers.docker=true
-      - --providers.docker.exposedbydefault=false
-      - --providers.file.directory=/configuration/
-      - --api.dashboard=true
-      - --accesslog=true
-      - --entrypoints.web.http.redirections.entrypoint.to=websecure
-      - --entrypoints.web.http.redirections.entrypoint.scheme=https
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
-      - "traefik.http.routers.dashboard.entrypoints=websecure"
-      - "traefik.http.routers.dashboard.service=api@internal"
-      - "traefik.http.routers.dashboard.tls=true"
-      - "traefik.http.routers.dashboard.middlewares=auth"
-      - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}"
-    ports:
-      - 80:80
-      - 443:443
-    volumes:
-      - /etc/bridgehead/traefik-tls:/certs:ro
-      - ../lib/traefik-configuration/:/configuration:ro
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-
-  forward_proxy:
-    container_name: bridgehead-forward-proxy
-    image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest
-    environment:
-      HTTPS_PROXY: ${HTTPS_PROXY_URL}
-      USERNAME: ${HTTPS_PROXY_USERNAME}
-      PASSWORD: ${HTTPS_PROXY_PASSWORD}
-    volumes:
-      - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro
-
-  landing:
-    container_name: bridgehead-landingpage
-    image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.services.landing.loadbalancer.server.port=80"
-      - "traefik.http.routers.landing.tls=true"
-    environment:
-      HOST: ${HOST}
-      PROJECT: ${PROJECT}
-      SITE_NAME: ${SITE_NAME}
-
   blaze:
     image: docker.verbis.dkfz.de/cache/samply/blaze:0.19
     container_name: bridgehead-bbmri-blaze
diff --git a/bbmri/modules/dnpm-compose-beamconnect.yml b/bbmri/modules/dnpm-compose-beamconnect.yml
new file mode 100644
index 00000000..9d3be803
--- /dev/null
+++ b/bbmri/modules/dnpm-compose-beamconnect.yml
@@ -0,0 +1,47 @@
+version: "3.7"
+
+services:
+  dnpm-beam-proxy:
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
+    container_name: bridgehead-dnpm-beam-proxy
+    environment:
+      BROKER_URL: ${BROKER_URL}
+      PROXY_ID: ${PROXY_ID}
+      APP_3_ID: dnpm-connect
+      APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT}
+      PRIVKEY_FILE: /run/secrets/proxy.pem
+      ALL_PROXY: http://forward_proxy:3128
+      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
+      ROOTCERT_FILE: /conf/root.crt.pem
+    secrets:
+      - proxy.pem
+    depends_on:
+      - "forward_proxy"
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
+      - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro
+
+  dnpm-beam-connect:
+    depends_on: [ dnpm-beam-proxy ]
+    image: samply/beam-connect:sites-without-auth
+    environment:
+      PROXY_URL: http://dnpm-beam-proxy:8081
+      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
+      APP_ID: dnpm-connect.${PROXY_ID}
+      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
+      LOCAL_TARGETS_FILE: /conf/connect_targets.json
+      HTTP_PROXY: http://forward_proxy:3128
+      HTTPS_PROXY: http://forward_proxy:3128
+      NO_PROXY: dnpm-beam-proxy,dnpm-backend
+      RUST_LOG: ${RUST_LOG:-info}
+    volumes:
+      - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
+      - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062"
+      - "traefik.http.routers.dnpm-connect.tls=true"
+
+secrets:
+  proxy.pem:
+    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
diff --git a/bbmri/modules/dnpm-compose-bwhc.yml b/bbmri/modules/dnpm-compose-bwhc.yml
new file mode 100644
index 00000000..9ba13577
--- /dev/null
+++ b/bbmri/modules/dnpm-compose-bwhc.yml
@@ -0,0 +1,54 @@
+version: "3.7"
+
+services:
+  dnpm-frontend:
+    depends_on: [ dnpm-backend ]
+    build:
+      context: ../../dnpm/origin
+      dockerfile: Frontend.Dockerfile
+      network: host
+      args:
+        NUXT_HOST: 0.0.0.0
+        NUXT_PORT: 3000
+        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
+        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PORT: 9000
+        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
+        HTTP_PROXY: ${http_proxy}
+        HTTPS_PROXY: ${https_proxy}
+    environment:
+        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
+        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PORT: 9000
+        no_proxy: dnpm-backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/dnpm-frontend`)"
+      - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
+      - "traefik.http.routers.dnpm-frontend.tls=true"
+
+  dnpm-backend:
+    build:
+      context: ../../dnpm/origin
+      dockerfile: Backend.Dockerfile
+      args:
+        BWHC_BASE_DIR: /bwhc-backend
+        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
+    ports:
+      - 9000:9000
+    environment:
+      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
+      ZPM_SITE: ${ZPM_SITE}
+      noproxy: dnpm-frontend,dnpm-beam-connect
+      # PLAY_HTTP_PORT: 9000
+      # PLAY_HTTP_ADDRESS: 0.0.0.0
+    volumes:
+      - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro
+      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
+      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
+      - bwhc_data:/bwhc-backend/data/
+      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
+
+volumes:
+  bwhc_data:
+  bwhc_hgnc_data:
diff --git a/bbmri/modules/dnpm-setup.sh b/bbmri/modules/dnpm-setup.sh
new file mode 100644
index 00000000..9a3cbf48
--- /dev/null
+++ b/bbmri/modules/dnpm-setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [ -n "${ENABLE_DNPM}" ]; then
+	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
+	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-beamconnect.yml"
+
+	# Set variables required for Beam-Connect
+	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+	DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites"
+
+	# Optionally, start bwhc as well. This is currently only experimental
+	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
+		log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
+		OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml"
+	fi
+fi
diff --git a/bbmri/vars b/bbmri/vars
index 434cb4fb..be7805a9 100644
--- a/bbmri/vars
+++ b/bbmri/vars
@@ -4,4 +4,10 @@ PROXY_ID_LONG=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=32
 SUPPORT_EMAIL=bridgehead@helpdesk.bbmri-eric.eu
-PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
\ No newline at end of file
+PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
+
+for module in $PROJECT/modules/*.sh
+do
+    log INFO "sourcing $module"
+    source $module
+done
diff --git a/bridgehead b/bridgehead
index 13cb6824..7ca7af1d 100755
--- a/bridgehead
+++ b/bridgehead
@@ -32,6 +32,9 @@ case "$PROJECT" in
 	bbmri)
 		#nothing extra to do
 		;;
+	minimal)
+		#nothing extra to do
+		;;
 	*)
 		printUsage
 		exit 1
@@ -51,6 +54,11 @@ loadVars() {
 	set +a
 
 	OVERRIDE=${OVERRIDE:=""}
+	# minimal contains shared components, so potential overrides must be applied in every project
+	if [ -f "minimal/docker-compose.override.yml" ]; then
+		log INFO "Applying minimal/docker-compose.override.yml"
+		OVERRIDE+=" -f ./minimal/docker-compose.override.yml"
+	fi
 	if [ -f "$PROJECT/docker-compose.override.yml" ]; then
 		log INFO "Applying $PROJECT/docker-compose.override.yml"
 		OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml"
@@ -66,13 +74,13 @@ case "$ACTION" in
 		checkRequirements
 		hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
 		export LDM_LOGIN=$(getLdmPassword)
-		exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
+		exec $COMPOSE -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
 		;;
 	stop)
 		loadVars
 		# HACK: This is tempoarily to properly shut down false bridgehead instances (bridgehead-ccp instead ccp)
-		$COMPOSE -p bridgehead-$PROJECT -f ./$PROJECT/docker-compose.yml $OVERRIDE down
-		exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down
+		$COMPOSE -p bridgehead-$PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down
+		exec $COMPOSE -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down
 		;;
 	is-running)
 		bk_is_running
diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml
index 209ee70c..456eef1e 100644
--- a/ccp/docker-compose.yml
+++ b/ccp/docker-compose.yml
@@ -1,58 +1,6 @@
 version: "3.7"
 
 services:
-  traefik:
-    container_name: bridgehead-traefik
-    image: docker.verbis.dkfz.de/cache/traefik:latest
-    command:
-      - --entrypoints.web.address=:80
-      - --entrypoints.websecure.address=:443
-      - --providers.docker=true
-      - --providers.docker.exposedbydefault=false
-      - --providers.file.directory=/configuration/
-      - --api.dashboard=true
-      - --accesslog=true
-      - --entrypoints.web.http.redirections.entrypoint.to=websecure
-      - --entrypoints.web.http.redirections.entrypoint.scheme=https
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
-      - "traefik.http.routers.dashboard.entrypoints=websecure"
-      - "traefik.http.routers.dashboard.service=api@internal"
-      - "traefik.http.routers.dashboard.tls=true"
-      - "traefik.http.routers.dashboard.middlewares=auth"
-      - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}"
-    ports:
-      - 80:80
-      - 443:443
-    volumes:
-      - /etc/bridgehead/traefik-tls:/certs:ro
-      - ../lib/traefik-configuration/:/configuration:ro
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-
-  forward_proxy:
-    container_name: bridgehead-forward-proxy
-    image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest
-    environment:
-      HTTPS_PROXY: ${HTTPS_PROXY_URL}
-      USERNAME: ${HTTPS_PROXY_USERNAME}
-      PASSWORD: ${HTTPS_PROXY_PASSWORD}
-    volumes:
-      - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro
-
-  landing:
-    container_name: bridgehead-landingpage
-    image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.services.landing.loadbalancer.server.port=80"
-      - "traefik.http.routers.landing.tls=true"
-    environment:
-      HOST: ${HOST}
-      PROJECT: ${PROJECT}
-      SITE_NAME: ${SITE_NAME}
-
   blaze:
     image: docker.verbis.dkfz.de/cache/samply/blaze:0.19
     container_name: bridgehead-ccp-blaze
diff --git a/ccp/modules/dnpm-compose-beamconnect.yml b/ccp/modules/dnpm-compose-beamconnect.yml
new file mode 100644
index 00000000..8db45acb
--- /dev/null
+++ b/ccp/modules/dnpm-compose-beamconnect.yml
@@ -0,0 +1,28 @@
+version: "3.7"
+
+services:
+  beam-proxy:
+    environment:
+      APP_3_ID: dnpm-connect
+      APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT}
+
+  dnpm-beam-connect:
+    depends_on: [ beam-proxy ]
+    image: samply/beam-connect:sites-without-auth
+    environment:
+      PROXY_URL: http://beam-proxy:8081
+      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
+      APP_ID: dnpm-connect.${PROXY_ID}
+      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
+      LOCAL_TARGETS_FILE: /conf/connect_targets.json
+      HTTP_PROXY: http://forward_proxy:3128
+      HTTPS_PROXY: http://forward_proxy:3128
+      NO_PROXY: beam-proxy,dnpm-backend
+      RUST_LOG: ${RUST_LOG:-info}
+    volumes:
+      - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
+      - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062"
+      - "traefik.http.routers.dnpm-connect.tls=true"
diff --git a/ccp/modules/dnpm-compose-bwhc.yml b/ccp/modules/dnpm-compose-bwhc.yml
new file mode 100644
index 00000000..9ba13577
--- /dev/null
+++ b/ccp/modules/dnpm-compose-bwhc.yml
@@ -0,0 +1,54 @@
+version: "3.7"
+
+services:
+  dnpm-frontend:
+    depends_on: [ dnpm-backend ]
+    build:
+      context: ../../dnpm/origin
+      dockerfile: Frontend.Dockerfile
+      network: host
+      args:
+        NUXT_HOST: 0.0.0.0
+        NUXT_PORT: 3000
+        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
+        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PORT: 9000
+        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
+        HTTP_PROXY: ${http_proxy}
+        HTTPS_PROXY: ${https_proxy}
+    environment:
+        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
+        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PORT: 9000
+        no_proxy: dnpm-backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/dnpm-frontend`)"
+      - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
+      - "traefik.http.routers.dnpm-frontend.tls=true"
+
+  dnpm-backend:
+    build:
+      context: ../../dnpm/origin
+      dockerfile: Backend.Dockerfile
+      args:
+        BWHC_BASE_DIR: /bwhc-backend
+        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
+    ports:
+      - 9000:9000
+    environment:
+      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
+      ZPM_SITE: ${ZPM_SITE}
+      noproxy: dnpm-frontend,dnpm-beam-connect
+      # PLAY_HTTP_PORT: 9000
+      # PLAY_HTTP_ADDRESS: 0.0.0.0
+    volumes:
+      - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro
+      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
+      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
+      - bwhc_data:/bwhc-backend/data/
+      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
+
+volumes:
+  bwhc_data:
+  bwhc_hgnc_data:
diff --git a/ccp/modules/dnpm-setup.sh b/ccp/modules/dnpm-setup.sh
new file mode 100644
index 00000000..9a3cbf48
--- /dev/null
+++ b/ccp/modules/dnpm-setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [ -n "${ENABLE_DNPM}" ]; then
+	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
+	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-beamconnect.yml"
+
+	# Set variables required for Beam-Connect
+	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+	DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites"
+
+	# Optionally, start bwhc as well. This is currently only experimental
+	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
+		log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
+		OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml"
+	fi
+fi
diff --git a/ccp/vars b/ccp/vars
index 456dda98..2a295f4d 100644
--- a/ccp/vars
+++ b/ccp/vars
@@ -19,6 +19,8 @@ source $PROJECT/exliquid-setup.sh
 exliquidSetup
 mtbaSetup
 
-# This will load DNPM setup. Effective only if DNPM configuration is defined in /etc/bridgehead/dnpm.
-source dnpm/dnpm-setup.sh
-dnpmSetup
+for module in $PROJECT/modules/*.sh
+do
+    log INFO "sourcing $module"
+    source $module
+done
diff --git a/lib/functions.sh b/lib/functions.sh
index ac5ae6b2..a243842e 100644
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -171,7 +171,7 @@ function retry {
 
 function bk_is_running {
 	detectCompose
-	RUNNING="$($COMPOSE -p $PROJECT -f ./$PROJECT/docker-compose.yml $OVERRIDE ps -q)"
+	RUNNING="$($COMPOSE -p $PROJECT -f minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE ps -q)"
 	NUMBEROFRUNNING=$(echo "$RUNNING" | wc -l)
 	if [ $NUMBEROFRUNNING -ge 2 ]; then
 		return 0
diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh
index bce720de..89db3694 100755
--- a/lib/update-bridgehead.sh
+++ b/lib/update-bridgehead.sh
@@ -86,7 +86,7 @@ done
 # Check docker updates
 log "INFO" "Checking for updates to running docker images ..."
 docker_updated="false"
-for IMAGE in $(cat $PROJECT/docker-compose.yml ${OVERRIDE//-f/} | grep -v "^#" | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do
+for IMAGE in $(cat $PROJECT/docker-compose.yml ${OVERRIDE//-f/} minimal/docker-compose.yml | grep -v "^#" | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do
   log "INFO" "Checking for Updates of Image: $IMAGE"
   if docker pull $IMAGE | grep "Downloaded newer image"; then
     CHANGE="Image $IMAGE updated."
diff --git a/minimal/docker-compose.yml b/minimal/docker-compose.yml
new file mode 100644
index 00000000..cd4c2e5c
--- /dev/null
+++ b/minimal/docker-compose.yml
@@ -0,0 +1,56 @@
+version: "3.7"
+
+services:
+  traefik:
+    container_name: bridgehead-traefik
+    image: docker.verbis.dkfz.de/cache/traefik:latest
+    command:
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.file.directory=/configuration/
+      - --api.dashboard=true
+      - --accesslog=true
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}"
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /etc/bridgehead/traefik-tls:/certs:ro
+      - ../lib/traefik-configuration/:/configuration:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
+  forward_proxy:
+    container_name: bridgehead-forward-proxy
+    image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest
+    environment:
+      HTTPS_PROXY: ${HTTPS_PROXY_URL}
+      USERNAME: ${HTTPS_PROXY_USERNAME}
+      PASSWORD: ${HTTPS_PROXY_PASSWORD}
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro
+
+  landing:
+    container_name: bridgehead-landingpage
+    image: docker.verbis.dkfz.de/cache/samply/bridgehead-landingpage:master
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
+      - "traefik.http.services.landing.loadbalancer.server.port=80"
+      - "traefik.http.routers.landing.tls=true"
+    environment:
+      HOST: ${HOST}
+      PROJECT: ${PROJECT}
+      SITE_NAME: ${SITE_NAME}
+
+
diff --git a/minimal/modules/dnpm-compose-beamconnect.yml b/minimal/modules/dnpm-compose-beamconnect.yml
new file mode 100644
index 00000000..9d3be803
--- /dev/null
+++ b/minimal/modules/dnpm-compose-beamconnect.yml
@@ -0,0 +1,47 @@
+version: "3.7"
+
+services:
+  dnpm-beam-proxy:
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
+    container_name: bridgehead-dnpm-beam-proxy
+    environment:
+      BROKER_URL: ${BROKER_URL}
+      PROXY_ID: ${PROXY_ID}
+      APP_3_ID: dnpm-connect
+      APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT}
+      PRIVKEY_FILE: /run/secrets/proxy.pem
+      ALL_PROXY: http://forward_proxy:3128
+      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
+      ROOTCERT_FILE: /conf/root.crt.pem
+    secrets:
+      - proxy.pem
+    depends_on:
+      - "forward_proxy"
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
+      - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro
+
+  dnpm-beam-connect:
+    depends_on: [ dnpm-beam-proxy ]
+    image: samply/beam-connect:sites-without-auth
+    environment:
+      PROXY_URL: http://dnpm-beam-proxy:8081
+      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
+      APP_ID: dnpm-connect.${PROXY_ID}
+      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
+      LOCAL_TARGETS_FILE: /conf/connect_targets.json
+      HTTP_PROXY: http://forward_proxy:3128
+      HTTPS_PROXY: http://forward_proxy:3128
+      NO_PROXY: dnpm-beam-proxy,dnpm-backend
+      RUST_LOG: ${RUST_LOG:-info}
+    volumes:
+      - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
+      - "traefik.http.services.dnpm-connect.loadbalancer.server.port=8062"
+      - "traefik.http.routers.dnpm-connect.tls=true"
+
+secrets:
+  proxy.pem:
+    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
diff --git a/minimal/modules/dnpm-compose-bwhc.yml b/minimal/modules/dnpm-compose-bwhc.yml
new file mode 100644
index 00000000..9ba13577
--- /dev/null
+++ b/minimal/modules/dnpm-compose-bwhc.yml
@@ -0,0 +1,54 @@
+version: "3.7"
+
+services:
+  dnpm-frontend:
+    depends_on: [ dnpm-backend ]
+    build:
+      context: ../../dnpm/origin
+      dockerfile: Frontend.Dockerfile
+      network: host
+      args:
+        NUXT_HOST: 0.0.0.0
+        NUXT_PORT: 3000
+        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
+        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PORT: 9000
+        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
+        HTTP_PROXY: ${http_proxy}
+        HTTPS_PROXY: ${https_proxy}
+    environment:
+        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
+        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PORT: 9000
+        no_proxy: dnpm-backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/dnpm-frontend`)"
+      - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
+      - "traefik.http.routers.dnpm-frontend.tls=true"
+
+  dnpm-backend:
+    build:
+      context: ../../dnpm/origin
+      dockerfile: Backend.Dockerfile
+      args:
+        BWHC_BASE_DIR: /bwhc-backend
+        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
+    ports:
+      - 9000:9000
+    environment:
+      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
+      ZPM_SITE: ${ZPM_SITE}
+      noproxy: dnpm-frontend,dnpm-beam-connect
+      # PLAY_HTTP_PORT: 9000
+      # PLAY_HTTP_ADDRESS: 0.0.0.0
+    volumes:
+      - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro
+      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
+      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
+      - bwhc_data:/bwhc-backend/data/
+      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
+
+volumes:
+  bwhc_data:
+  bwhc_hgnc_data:
diff --git a/minimal/modules/dnpm-setup.sh b/minimal/modules/dnpm-setup.sh
new file mode 100644
index 00000000..9a3cbf48
--- /dev/null
+++ b/minimal/modules/dnpm-setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [ -n "${ENABLE_DNPM}" ]; then
+	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
+	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-beamconnect.yml"
+
+	# Set variables required for Beam-Connect
+	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+	DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites"
+
+	# Optionally, start bwhc as well. This is currently only experimental
+	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
+		log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
+		OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml"
+	fi
+fi
diff --git a/minimal/vars b/minimal/vars
new file mode 100644
index 00000000..acca503d
--- /dev/null
+++ b/minimal/vars
@@ -0,0 +1,5 @@
+for module in $PROJECT/modules/*.sh
+do
+    log INFO "sourcing $module"
+    source $module
+done

From d87745443e3f7958f606903d78942583ca970d8c Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Wed, 10 May 2023 20:15:14 +0200
Subject: [PATCH 11/20] support minimal project in system preparation

---
 lib/prepare-system.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/prepare-system.sh b/lib/prepare-system.sh
index c0caa79f..1bddf3ec 100755
--- a/lib/prepare-system.sh
+++ b/lib/prepare-system.sh
@@ -52,6 +52,9 @@ case "$PROJECT" in
 	bbmri)
 		site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/"
 		;;
+	minimal)
+		site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/"
+		;;
 	*)
 		log ERROR "Internal error, this should not happen."
         exit 1

From c9806ad874530d7da25c24d871392cecdb6e2e99 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Mon, 15 May 2023 13:43:01 +0200
Subject: [PATCH 12/20] Adapt DNPM configuration

---
 bbmri/modules/dnpm-compose-beamconnect.yml   | 15 ++++++++-------
 bbmri/modules/dnpm-setup.sh                  |  4 +++-
 ccp/modules/dnpm-compose-beamconnect.yml     |  9 +++++----
 ccp/modules/dnpm-setup.sh                    |  1 -
 minimal/modules/dnpm-compose-beamconnect.yml | 19 ++++++++++---------
 minimal/modules/dnpm-setup.sh                |  4 +++-
 6 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/bbmri/modules/dnpm-compose-beamconnect.yml b/bbmri/modules/dnpm-compose-beamconnect.yml
index 9d3be803..90f6cf1d 100644
--- a/bbmri/modules/dnpm-compose-beamconnect.yml
+++ b/bbmri/modules/dnpm-compose-beamconnect.yml
@@ -5,10 +5,10 @@ services:
     image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
     container_name: bridgehead-dnpm-beam-proxy
     environment:
-      BROKER_URL: ${BROKER_URL}
-      PROXY_ID: ${PROXY_ID}
-      APP_3_ID: dnpm-connect
-      APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT}
+      BROKER_URL: ${DNPM_BROKER_URL}
+      PROXY_ID: ${DNPM_PROXY_ID}
+      APP_0_ID: dnpm-connect
+      APP_0_KEY: ${DNPM_BEAM_SECRET_SHORT}
       PRIVKEY_FILE: /run/secrets/proxy.pem
       ALL_PROXY: http://forward_proxy:3128
       TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
@@ -27,15 +27,16 @@ services:
     environment:
       PROXY_URL: http://dnpm-beam-proxy:8081
       PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
-      APP_ID: dnpm-connect.${PROXY_ID}
-      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
-      LOCAL_TARGETS_FILE: /conf/connect_targets.json
+      APP_ID: dnpm-connect.${DNPM_PROXY_ID}
+      DISCOVERY_URL: "./conf/central_targets.json"
+      LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
       HTTP_PROXY: http://forward_proxy:3128
       HTTPS_PROXY: http://forward_proxy:3128
       NO_PROXY: dnpm-beam-proxy,dnpm-backend
       RUST_LOG: ${RUST_LOG:-info}
     volumes:
       - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+      - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
diff --git a/bbmri/modules/dnpm-setup.sh b/bbmri/modules/dnpm-setup.sh
index 9a3cbf48..db1969ae 100644
--- a/bbmri/modules/dnpm-setup.sh
+++ b/bbmri/modules/dnpm-setup.sh
@@ -7,7 +7,9 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-	DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites"
+	DNPM_BROKER_ID="broker.dev.ccp-it.dktk.dkfz.de"
+	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
+	DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}"
 
 	# Optionally, start bwhc as well. This is currently only experimental
 	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
diff --git a/ccp/modules/dnpm-compose-beamconnect.yml b/ccp/modules/dnpm-compose-beamconnect.yml
index 8db45acb..2dce2513 100644
--- a/ccp/modules/dnpm-compose-beamconnect.yml
+++ b/ccp/modules/dnpm-compose-beamconnect.yml
@@ -13,14 +13,15 @@ services:
       PROXY_URL: http://beam-proxy:8081
       PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
       APP_ID: dnpm-connect.${PROXY_ID}
-      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
-      LOCAL_TARGETS_FILE: /conf/connect_targets.json
-      HTTP_PROXY: http://forward_proxy:3128
-      HTTPS_PROXY: http://forward_proxy:3128
+      DISCOVERY_URL: "./conf/central_targets.json"
+      LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
+      HTTP_PROXY: "http://forward_proxy:3128"
+      HTTPS_PROXY: "http://forward_proxy:3128"
       NO_PROXY: beam-proxy,dnpm-backend
       RUST_LOG: ${RUST_LOG:-info}
     volumes:
       - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+      - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
diff --git a/ccp/modules/dnpm-setup.sh b/ccp/modules/dnpm-setup.sh
index 9a3cbf48..ce39731d 100644
--- a/ccp/modules/dnpm-setup.sh
+++ b/ccp/modules/dnpm-setup.sh
@@ -7,7 +7,6 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-	DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites"
 
 	# Optionally, start bwhc as well. This is currently only experimental
 	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
diff --git a/minimal/modules/dnpm-compose-beamconnect.yml b/minimal/modules/dnpm-compose-beamconnect.yml
index 9d3be803..16cfdb9f 100644
--- a/minimal/modules/dnpm-compose-beamconnect.yml
+++ b/minimal/modules/dnpm-compose-beamconnect.yml
@@ -5,14 +5,14 @@ services:
     image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
     container_name: bridgehead-dnpm-beam-proxy
     environment:
-      BROKER_URL: ${BROKER_URL}
-      PROXY_ID: ${PROXY_ID}
-      APP_3_ID: dnpm-connect
-      APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT}
+      BROKER_URL: ${DNPM_BROKER_URL}
+      PROXY_ID: ${DNPM_PROXY_ID}
+      APP_0_ID: dnpm-connect
+      APP_0_KEY: ${DNPM_BEAM_SECRET_SHORT}
       PRIVKEY_FILE: /run/secrets/proxy.pem
       ALL_PROXY: http://forward_proxy:3128
-      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
-      ROOTCERT_FILE: /conf/root.crt.pem
+      TLS_CA_CERTIFICATES_DIR: ./conf/trusted-ca-certs
+      ROOTCERT_FILE: ./conf/root.crt.pem
     secrets:
       - proxy.pem
     depends_on:
@@ -27,15 +27,16 @@ services:
     environment:
       PROXY_URL: http://dnpm-beam-proxy:8081
       PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
-      APP_ID: dnpm-connect.${PROXY_ID}
-      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
-      LOCAL_TARGETS_FILE: /conf/connect_targets.json
+      APP_ID: dnpm-connect.${DNPM_PROXY_ID}
+      DISCOVERY_URL: "./conf/central_targets.json"
+      LOCAL_TARGETS_FILE: "./conf/connect_targets.json"
       HTTP_PROXY: http://forward_proxy:3128
       HTTPS_PROXY: http://forward_proxy:3128
       NO_PROXY: dnpm-beam-proxy,dnpm-backend
       RUST_LOG: ${RUST_LOG:-info}
     volumes:
       - /etc/bridgehead/dnpm/local_targets.json:/conf/connect_targets.json:ro
+      - /etc/bridgehead/dnpm/central_targets.json:/conf/central_targets.json:ro
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.dnpm-connect.rule=PathPrefix(`/dnpm-connect`)"
diff --git a/minimal/modules/dnpm-setup.sh b/minimal/modules/dnpm-setup.sh
index 9a3cbf48..db1969ae 100644
--- a/minimal/modules/dnpm-setup.sh
+++ b/minimal/modules/dnpm-setup.sh
@@ -7,7 +7,9 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-	DNPM_DISCOVERY_URL="https://dnpm.medizin.uni-tuebingen.de/sites"
+	DNPM_BROKER_ID="broker.dev.ccp-it.dktk.dkfz.de"
+	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
+	DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}"
 
 	# Optionally, start bwhc as well. This is currently only experimental
 	if [ -n "${ENABLE_DNPM_BWHC}" ]; then

From 7b753c03c008a4946ea43f40cc2532e4767fa3aa Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Tue, 16 May 2023 10:46:17 +0200
Subject: [PATCH 13/20] Add minimal project to readme

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 5acb5f0a..9d95d32c 100644
--- a/README.md
+++ b/README.md
@@ -87,7 +87,7 @@ To request a new repository, please contact your research network administration
 - For the ccp project: support-ccp@dkfz-heidelberg.de
 
 Mention:
-- which project you belong to, i.e. "bbmri" or "ccp"
+- which project you belong to, i.e. "bbmri", "ccp", or "minimal"
 - site name (According to conventions listed above)
 - operator name and email
 
@@ -248,7 +248,7 @@ Your Bridgehead's actual data is not stored in the above directories, but in nam
 
 Your Bridgehead will automatically and regularly check for updates. Whenever something has been updates (e.g., one of the git repositories or one of the docker images), your Bridgehead is automatically restarted. This should happen automatically and does not need any configuration.
 
-If you would like to understand what happens exactly and when, please check the systemd units deployed during the [installation](#base-installation) via `systemctl cat bridgehead-update@<PROJECT>.service` and `systemctl cat bridgehead-update@<PROJECT.timer`.
+If you would like to understand what happens exactly and when, please check the systemd units deployed during the [installation](#base-installation) via `systemctl cat bridgehead-update@<PROJECT>.service` and `systemctl cat bridgehead-update@<PROJECT>.timer`.
 
 ### Auto-Backups
 

From 4e7f023b8a3e050c9c591145510e3ee36a2bf939 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Tue, 16 May 2023 10:56:28 +0000
Subject: [PATCH 14/20] Clean up bwhc startup

---
 bbmri/modules/dnpm-compose-bwhc.yml           | 20 +++-----
 bbmri/modules/dnpm-setup.sh                   | 10 ++++
 ccp/modules/dnpm-compose-bwhc.yml             | 20 +++-----
 ccp/modules/dnpm-setup.sh                     | 10 ++++
 dnpm/dnpm-compose-beamconnect.yml             | 29 -----------
 dnpm/dnpm-compose-bwhc.yml                    | 51 -------------------
 dnpm/dnpm-setup.sh                            | 16 ------
 dnpm/origin/logback.xml                       | 37 --------------
 dnpm/vars                                     |  1 -
 .../modules/dnpm-backend.Dockerfile           |  0
 minimal/modules/dnpm-compose-bwhc.yml         | 20 +++-----
 .../modules/dnpm-frontend.Dockerfile          |  0
 minimal/modules/dnpm-setup.sh                 | 10 ++++
 13 files changed, 54 insertions(+), 170 deletions(-)
 delete mode 100644 dnpm/dnpm-compose-beamconnect.yml
 delete mode 100644 dnpm/dnpm-compose-bwhc.yml
 delete mode 100644 dnpm/dnpm-setup.sh
 delete mode 100644 dnpm/origin/logback.xml
 delete mode 100644 dnpm/vars
 rename dnpm/origin/Backend.Dockerfile => minimal/modules/dnpm-backend.Dockerfile (100%)
 rename dnpm/origin/Frontend.Dockerfile => minimal/modules/dnpm-frontend.Dockerfile (100%)

diff --git a/bbmri/modules/dnpm-compose-bwhc.yml b/bbmri/modules/dnpm-compose-bwhc.yml
index 9ba13577..a2647280 100644
--- a/bbmri/modules/dnpm-compose-bwhc.yml
+++ b/bbmri/modules/dnpm-compose-bwhc.yml
@@ -4,21 +4,20 @@ services:
   dnpm-frontend:
     depends_on: [ dnpm-backend ]
     build:
-      context: ../../dnpm/origin
-      dockerfile: Frontend.Dockerfile
-      network: host
+      context: ../../minimal/modules
+      dockerfile: dnpm-frontend.Dockerfile
       args:
         NUXT_HOST: 0.0.0.0
         NUXT_PORT: 3000
-        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
-        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: dnpm-backend
         BACKEND_PORT: 9000
         DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
         HTTP_PROXY: ${http_proxy}
         HTTPS_PROXY: ${https_proxy}
     environment:
-        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
-        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: dnpm-backend
         BACKEND_PORT: 9000
         no_proxy: dnpm-backend
     labels:
@@ -29,13 +28,11 @@ services:
 
   dnpm-backend:
     build:
-      context: ../../dnpm/origin
-      dockerfile: Backend.Dockerfile
+      context: ../../minimal/modules
+      dockerfile: dnpm-backend.Dockerfile
       args:
         BWHC_BASE_DIR: /bwhc-backend
         DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
-    ports:
-      - 9000:9000
     environment:
       APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
       ZPM_SITE: ${ZPM_SITE}
@@ -43,7 +40,6 @@ services:
       # PLAY_HTTP_PORT: 9000
       # PLAY_HTTP_ADDRESS: 0.0.0.0
     volumes:
-      - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro
       - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
       - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
       - bwhc_data:/bwhc-backend/data/
diff --git a/bbmri/modules/dnpm-setup.sh b/bbmri/modules/dnpm-setup.sh
index db1969ae..ca98542f 100644
--- a/bbmri/modules/dnpm-setup.sh
+++ b/bbmri/modules/dnpm-setup.sh
@@ -15,5 +15,15 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
 		log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
 		OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml"
+
+		if [ -z "${DNPM_BWHC_FRONTEND_ZIP}" ]; then
+			fail_and_report 1 "Variable DNPM_BWHC_FRONTEND_ZIP is not set."
+		fi
+		if [ -z "${DNPM_BWHC_BACKEND_ZIP}" ]; then
+			fail_and_report 1 "Variable DNPM_BWHC_BACKEND_ZIP is not set."
+		fi
+		if [ -z "${ZPM_SITE}" ]; then
+			fail_and_report 1 "Variable ZPM_SITE is not set."
+		fi
 	fi
 fi
diff --git a/ccp/modules/dnpm-compose-bwhc.yml b/ccp/modules/dnpm-compose-bwhc.yml
index 9ba13577..a2647280 100644
--- a/ccp/modules/dnpm-compose-bwhc.yml
+++ b/ccp/modules/dnpm-compose-bwhc.yml
@@ -4,21 +4,20 @@ services:
   dnpm-frontend:
     depends_on: [ dnpm-backend ]
     build:
-      context: ../../dnpm/origin
-      dockerfile: Frontend.Dockerfile
-      network: host
+      context: ../../minimal/modules
+      dockerfile: dnpm-frontend.Dockerfile
       args:
         NUXT_HOST: 0.0.0.0
         NUXT_PORT: 3000
-        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
-        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: dnpm-backend
         BACKEND_PORT: 9000
         DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
         HTTP_PROXY: ${http_proxy}
         HTTPS_PROXY: ${https_proxy}
     environment:
-        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
-        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: dnpm-backend
         BACKEND_PORT: 9000
         no_proxy: dnpm-backend
     labels:
@@ -29,13 +28,11 @@ services:
 
   dnpm-backend:
     build:
-      context: ../../dnpm/origin
-      dockerfile: Backend.Dockerfile
+      context: ../../minimal/modules
+      dockerfile: dnpm-backend.Dockerfile
       args:
         BWHC_BASE_DIR: /bwhc-backend
         DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
-    ports:
-      - 9000:9000
     environment:
       APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
       ZPM_SITE: ${ZPM_SITE}
@@ -43,7 +40,6 @@ services:
       # PLAY_HTTP_PORT: 9000
       # PLAY_HTTP_ADDRESS: 0.0.0.0
     volumes:
-      - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro
       - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
       - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
       - bwhc_data:/bwhc-backend/data/
diff --git a/ccp/modules/dnpm-setup.sh b/ccp/modules/dnpm-setup.sh
index ce39731d..c6c2b29b 100644
--- a/ccp/modules/dnpm-setup.sh
+++ b/ccp/modules/dnpm-setup.sh
@@ -12,5 +12,15 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
 		log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
 		OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml"
+
+		if [ -z "${DNPM_BWHC_FRONTEND_ZIP}" ]; then
+			fail_and_report 1 "Variable DNPM_BWHC_FRONTEND_ZIP is not set."
+		fi
+		if [ -z "${DNPM_BWHC_BACKEND_ZIP}" ]; then
+			fail_and_report 1 "Variable DNPM_BWHC_BACKEND_ZIP is not set."
+		fi
+		if [ -z "${ZPM_SITE}" ]; then
+			fail_and_report 1 "Variable ZPM_SITE is not set."
+		fi
 	fi
 fi
diff --git a/dnpm/dnpm-compose-beamconnect.yml b/dnpm/dnpm-compose-beamconnect.yml
deleted file mode 100644
index 57c46eb6..00000000
--- a/dnpm/dnpm-compose-beamconnect.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-version: "3.7"
-
-services:
-  beam-proxy:
-    environment:
-      APP_2_ID: dnpm
-      APP_2_KEY: ${DNPM_BEAM_SECRET_SHORT}
-
-  dnpm-beam-connect:
-    depends_on: [ beam-proxy ]
-    image: samply/beam-connect:sites-without-auth
-    environment:
-      PROXY_URL: http://beam-proxy:8081
-      PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
-      APP_ID: dnpm.${PROXY_ID}
-      DISCOVERY_URL: ${DNPM_DISCOVERY_URL}
-      LOCAL_TARGETS_FILE: /run/secrets/connect_targets.json
-      HTTP_PROXY: http://forward_proxy:3128
-      HTTPS_PROXY: http://forward_proxy:3128
-      NO_PROXY: beam-proxy,dnpm-backend
-      RUST_LOG: ${RUST_LOG:-info}
-    secrets:
-      - connect_targets.json
-    ports:
-      - 8062:8062
-
-secrets:
-  connect_targets.json:
-    file: /etc/bridgehead/dnpm/local_targets.json
diff --git a/dnpm/dnpm-compose-bwhc.yml b/dnpm/dnpm-compose-bwhc.yml
deleted file mode 100644
index 60fe3f0d..00000000
--- a/dnpm/dnpm-compose-bwhc.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-version: "3.7"
-
-services:
-  dnpm-frontend:
-    depends_on: [ dnpm-backend ]
-    build:
-      context: ../dnpm/origin
-      dockerfile: Frontend.Dockerfile
-      network: host
-      args:
-        NUXT_HOST: 0.0.0.0
-        NUXT_PORT: 3000
-        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
-        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
-        BACKEND_PORT: 9000
-        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
-        HTTP_PROXY: ${http_proxy}
-        HTTPS_PROXY: ${https_proxy}
-    ports:
-        - 3000:3000
-    environment:
-        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
-        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
-        BACKEND_PORT: 9000
-        no_proxy: dnpm-backend
-
-  dnpm-backend:
-    build:
-      context: ../dnpm/origin
-      dockerfile: Backend.Dockerfile
-      args:
-        BWHC_BASE_DIR: /bwhc-backend
-        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
-    ports:
-      - 9000:9000
-    environment:
-      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
-      ZPM_SITE: ${ZPM_SITE}
-      noproxy: dnpm-frontend,connect
-      # PLAY_HTTP_PORT: 9000
-      # PLAY_HTTP_ADDRESS: 0.0.0.0
-    volumes:
-      - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro
-      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
-      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
-      - bwhc_data:/bwhc-backend/data/
-      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
-
-volumes:
-  bwhc_data:
-  bwhc_hgnc_data:
diff --git a/dnpm/dnpm-setup.sh b/dnpm/dnpm-setup.sh
deleted file mode 100644
index ff32c687..00000000
--- a/dnpm/dnpm-setup.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-function dnpmSetup() {
-	if [ -e /etc/bridgehead/dnpm/local_targets.json ]; then
-		log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
-		OVERRIDE+=" -f ./dnpm/dnpm-compose-beamconnect.yml"
-		DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
-		DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-		source /srv/docker/bridgehead/dnpm/vars || fail_and_report 1 "Unable to load /srv/docker/bridgehead/dnpm/vars"
-		export DNPM_DISCOVERY_URL
-		if [ -e /etc/bridgehead/dnpm/bwhcConnectorConfig.xml ]; then
-			log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
-			OVERRIDE+=" -f ./dnpm/dnpm-compose-bwhc.yml"
-		fi
-	fi
-}
diff --git a/dnpm/origin/logback.xml b/dnpm/origin/logback.xml
deleted file mode 100644
index c25cda65..00000000
--- a/dnpm/origin/logback.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-
-<configuration scan="true">
-
-  <property name="LOG_DIR"  value="./bwhc_logs/"/>
-  <property name="LOG_FILE" value="bwhealthcloud"/>
-
-  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-    <encoder>
-      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-    </encoder>
-  </appender>
-
-<!--
-  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
-    <file>${LOG_DIR}/${LOG_FILE}.log</file>
-
-    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-      <fileNamePattern>${LOG_DIR}/${LOG_FILE}-%d{yyyy-MM-dd}.log</fileNamePattern>
-
-      <maxHistory>30</maxHistory>
-      <totalSizeCap>3GB</totalSizeCap>
-    </rollingPolicy>
-
-    <encoder>
-      <pattern>%d [%thread] %-5level %logger{36} - %msg%n</pattern>
-    </encoder>
-  </appender>
--->
-  <root level="DEBUG">
-    <appender-ref ref="STDOUT"/>
-<!--
-    <appender-ref ref="FILE"/>
--->
-  </root>
-
-</configuration>
diff --git a/dnpm/vars b/dnpm/vars
deleted file mode 100644
index 69c22208..00000000
--- a/dnpm/vars
+++ /dev/null
@@ -1 +0,0 @@
-DNPM_DISCOVERY_URL=https://dnpm.medizin.uni-tuebingen.de/sites
diff --git a/dnpm/origin/Backend.Dockerfile b/minimal/modules/dnpm-backend.Dockerfile
similarity index 100%
rename from dnpm/origin/Backend.Dockerfile
rename to minimal/modules/dnpm-backend.Dockerfile
diff --git a/minimal/modules/dnpm-compose-bwhc.yml b/minimal/modules/dnpm-compose-bwhc.yml
index 9ba13577..a2647280 100644
--- a/minimal/modules/dnpm-compose-bwhc.yml
+++ b/minimal/modules/dnpm-compose-bwhc.yml
@@ -4,21 +4,20 @@ services:
   dnpm-frontend:
     depends_on: [ dnpm-backend ]
     build:
-      context: ../../dnpm/origin
-      dockerfile: Frontend.Dockerfile
-      network: host
+      context: ../../minimal/modules
+      dockerfile: dnpm-frontend.Dockerfile
       args:
         NUXT_HOST: 0.0.0.0
         NUXT_PORT: 3000
-        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
-        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: dnpm-backend
         BACKEND_PORT: 9000
         DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
         HTTP_PROXY: ${http_proxy}
         HTTPS_PROXY: ${https_proxy}
     environment:
-        BACKEND_PROTOCOL: ${DNPM_BMHC_BACKEND_PROTOCOL}
-        BACKEND_HOSTNAME: ${DNPM_BWHC_BACKEND_HOSTNAME}
+        BACKEND_PROTOCOL: http
+        BACKEND_HOSTNAME: dnpm-backend
         BACKEND_PORT: 9000
         no_proxy: dnpm-backend
     labels:
@@ -29,13 +28,11 @@ services:
 
   dnpm-backend:
     build:
-      context: ../../dnpm/origin
-      dockerfile: Backend.Dockerfile
+      context: ../../minimal/modules
+      dockerfile: dnpm-backend.Dockerfile
       args:
         BWHC_BASE_DIR: /bwhc-backend
         DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
-    ports:
-      - 9000:9000
     environment:
       APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
       ZPM_SITE: ${ZPM_SITE}
@@ -43,7 +40,6 @@ services:
       # PLAY_HTTP_PORT: 9000
       # PLAY_HTTP_ADDRESS: 0.0.0.0
     volumes:
-      - ../dnpm/origin/logback.xml:/bwhc-backend/logback.xml:ro
       - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
       - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
       - bwhc_data:/bwhc-backend/data/
diff --git a/dnpm/origin/Frontend.Dockerfile b/minimal/modules/dnpm-frontend.Dockerfile
similarity index 100%
rename from dnpm/origin/Frontend.Dockerfile
rename to minimal/modules/dnpm-frontend.Dockerfile
diff --git a/minimal/modules/dnpm-setup.sh b/minimal/modules/dnpm-setup.sh
index db1969ae..ca98542f 100644
--- a/minimal/modules/dnpm-setup.sh
+++ b/minimal/modules/dnpm-setup.sh
@@ -15,5 +15,15 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
 		log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
 		OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml"
+
+		if [ -z "${DNPM_BWHC_FRONTEND_ZIP}" ]; then
+			fail_and_report 1 "Variable DNPM_BWHC_FRONTEND_ZIP is not set."
+		fi
+		if [ -z "${DNPM_BWHC_BACKEND_ZIP}" ]; then
+			fail_and_report 1 "Variable DNPM_BWHC_BACKEND_ZIP is not set."
+		fi
+		if [ -z "${ZPM_SITE}" ]; then
+			fail_and_report 1 "Variable ZPM_SITE is not set."
+		fi
 	fi
 fi

From f4134bcfca5f3f96974568c57ad5c2651990cf1a Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Wed, 17 May 2023 09:26:55 +0000
Subject: [PATCH 15/20] Remove DNPM-BwHC experiment

---
 bbmri/modules/dnpm-compose-bwhc.yml           | 50 --------------
 ...mpose-beamconnect.yml => dnpm-compose.yml} |  0
 bbmri/modules/dnpm-setup.sh                   | 18 +----
 ccp/modules/dnpm-compose-bwhc.yml             | 50 --------------
 ...mpose-beamconnect.yml => dnpm-compose.yml} |  0
 ccp/modules/dnpm-setup.sh                     | 18 +----
 minimal/modules/dnpm-backend.Dockerfile       | 66 -------------------
 minimal/modules/dnpm-compose-bwhc.yml         | 50 --------------
 ...mpose-beamconnect.yml => dnpm-compose.yml} |  0
 minimal/modules/dnpm-frontend.Dockerfile      | 42 ------------
 minimal/modules/dnpm-setup.sh                 | 18 +----
 11 files changed, 3 insertions(+), 309 deletions(-)
 delete mode 100644 bbmri/modules/dnpm-compose-bwhc.yml
 rename bbmri/modules/{dnpm-compose-beamconnect.yml => dnpm-compose.yml} (100%)
 delete mode 100644 ccp/modules/dnpm-compose-bwhc.yml
 rename ccp/modules/{dnpm-compose-beamconnect.yml => dnpm-compose.yml} (100%)
 delete mode 100644 minimal/modules/dnpm-backend.Dockerfile
 delete mode 100644 minimal/modules/dnpm-compose-bwhc.yml
 rename minimal/modules/{dnpm-compose-beamconnect.yml => dnpm-compose.yml} (100%)
 delete mode 100644 minimal/modules/dnpm-frontend.Dockerfile

diff --git a/bbmri/modules/dnpm-compose-bwhc.yml b/bbmri/modules/dnpm-compose-bwhc.yml
deleted file mode 100644
index a2647280..00000000
--- a/bbmri/modules/dnpm-compose-bwhc.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-version: "3.7"
-
-services:
-  dnpm-frontend:
-    depends_on: [ dnpm-backend ]
-    build:
-      context: ../../minimal/modules
-      dockerfile: dnpm-frontend.Dockerfile
-      args:
-        NUXT_HOST: 0.0.0.0
-        NUXT_PORT: 3000
-        BACKEND_PROTOCOL: http
-        BACKEND_HOSTNAME: dnpm-backend
-        BACKEND_PORT: 9000
-        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
-        HTTP_PROXY: ${http_proxy}
-        HTTPS_PROXY: ${https_proxy}
-    environment:
-        BACKEND_PROTOCOL: http
-        BACKEND_HOSTNAME: dnpm-backend
-        BACKEND_PORT: 9000
-        no_proxy: dnpm-backend
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/dnpm-frontend`)"
-      - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
-      - "traefik.http.routers.dnpm-frontend.tls=true"
-
-  dnpm-backend:
-    build:
-      context: ../../minimal/modules
-      dockerfile: dnpm-backend.Dockerfile
-      args:
-        BWHC_BASE_DIR: /bwhc-backend
-        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
-    environment:
-      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
-      ZPM_SITE: ${ZPM_SITE}
-      noproxy: dnpm-frontend,dnpm-beam-connect
-      # PLAY_HTTP_PORT: 9000
-      # PLAY_HTTP_ADDRESS: 0.0.0.0
-    volumes:
-      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
-      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
-      - bwhc_data:/bwhc-backend/data/
-      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
-
-volumes:
-  bwhc_data:
-  bwhc_hgnc_data:
diff --git a/bbmri/modules/dnpm-compose-beamconnect.yml b/bbmri/modules/dnpm-compose.yml
similarity index 100%
rename from bbmri/modules/dnpm-compose-beamconnect.yml
rename to bbmri/modules/dnpm-compose.yml
diff --git a/bbmri/modules/dnpm-setup.sh b/bbmri/modules/dnpm-setup.sh
index ca98542f..4ece1153 100644
--- a/bbmri/modules/dnpm-setup.sh
+++ b/bbmri/modules/dnpm-setup.sh
@@ -2,7 +2,7 @@
 
 if [ -n "${ENABLE_DNPM}" ]; then
 	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
-	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-beamconnect.yml"
+	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
 
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
@@ -10,20 +10,4 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	DNPM_BROKER_ID="broker.dev.ccp-it.dktk.dkfz.de"
 	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
 	DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}"
-
-	# Optionally, start bwhc as well. This is currently only experimental
-	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
-		log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
-		OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml"
-
-		if [ -z "${DNPM_BWHC_FRONTEND_ZIP}" ]; then
-			fail_and_report 1 "Variable DNPM_BWHC_FRONTEND_ZIP is not set."
-		fi
-		if [ -z "${DNPM_BWHC_BACKEND_ZIP}" ]; then
-			fail_and_report 1 "Variable DNPM_BWHC_BACKEND_ZIP is not set."
-		fi
-		if [ -z "${ZPM_SITE}" ]; then
-			fail_and_report 1 "Variable ZPM_SITE is not set."
-		fi
-	fi
 fi
diff --git a/ccp/modules/dnpm-compose-bwhc.yml b/ccp/modules/dnpm-compose-bwhc.yml
deleted file mode 100644
index a2647280..00000000
--- a/ccp/modules/dnpm-compose-bwhc.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-version: "3.7"
-
-services:
-  dnpm-frontend:
-    depends_on: [ dnpm-backend ]
-    build:
-      context: ../../minimal/modules
-      dockerfile: dnpm-frontend.Dockerfile
-      args:
-        NUXT_HOST: 0.0.0.0
-        NUXT_PORT: 3000
-        BACKEND_PROTOCOL: http
-        BACKEND_HOSTNAME: dnpm-backend
-        BACKEND_PORT: 9000
-        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
-        HTTP_PROXY: ${http_proxy}
-        HTTPS_PROXY: ${https_proxy}
-    environment:
-        BACKEND_PROTOCOL: http
-        BACKEND_HOSTNAME: dnpm-backend
-        BACKEND_PORT: 9000
-        no_proxy: dnpm-backend
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/dnpm-frontend`)"
-      - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
-      - "traefik.http.routers.dnpm-frontend.tls=true"
-
-  dnpm-backend:
-    build:
-      context: ../../minimal/modules
-      dockerfile: dnpm-backend.Dockerfile
-      args:
-        BWHC_BASE_DIR: /bwhc-backend
-        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
-    environment:
-      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
-      ZPM_SITE: ${ZPM_SITE}
-      noproxy: dnpm-frontend,dnpm-beam-connect
-      # PLAY_HTTP_PORT: 9000
-      # PLAY_HTTP_ADDRESS: 0.0.0.0
-    volumes:
-      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
-      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
-      - bwhc_data:/bwhc-backend/data/
-      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
-
-volumes:
-  bwhc_data:
-  bwhc_hgnc_data:
diff --git a/ccp/modules/dnpm-compose-beamconnect.yml b/ccp/modules/dnpm-compose.yml
similarity index 100%
rename from ccp/modules/dnpm-compose-beamconnect.yml
rename to ccp/modules/dnpm-compose.yml
diff --git a/ccp/modules/dnpm-setup.sh b/ccp/modules/dnpm-setup.sh
index c6c2b29b..c9250cbd 100644
--- a/ccp/modules/dnpm-setup.sh
+++ b/ccp/modules/dnpm-setup.sh
@@ -2,25 +2,9 @@
 
 if [ -n "${ENABLE_DNPM}" ]; then
 	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
-	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-beamconnect.yml"
+	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
 
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-
-	# Optionally, start bwhc as well. This is currently only experimental
-	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
-		log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
-		OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml"
-
-		if [ -z "${DNPM_BWHC_FRONTEND_ZIP}" ]; then
-			fail_and_report 1 "Variable DNPM_BWHC_FRONTEND_ZIP is not set."
-		fi
-		if [ -z "${DNPM_BWHC_BACKEND_ZIP}" ]; then
-			fail_and_report 1 "Variable DNPM_BWHC_BACKEND_ZIP is not set."
-		fi
-		if [ -z "${ZPM_SITE}" ]; then
-			fail_and_report 1 "Variable ZPM_SITE is not set."
-		fi
-	fi
 fi
diff --git a/minimal/modules/dnpm-backend.Dockerfile b/minimal/modules/dnpm-backend.Dockerfile
deleted file mode 100644
index e37c008b..00000000
--- a/minimal/modules/dnpm-backend.Dockerfile
+++ /dev/null
@@ -1,66 +0,0 @@
-FROM openjdk:11-jre AS builder
-
-ARG DNPM_BWHC_BACKEND_ZIP
-
-# Change to latest release
-ARG VERSION=broker
-
-ARG BWHC_BASE_DIR=/bwhc-backend
-
-ENV BWHC_BASE_DIR=$BWHC_BASE_DIR
-ENV BWHC_USER_DB_DIR=$BWHC_BASE_DIR/data/user-db
-ENV BWHC_DATA_ENTRY_DIR=$BWHC_BASE_DIR/data/data-entry
-ENV BWHC_QUERY_DATA_DIR=$BWHC_BASE_DIR/data/query-data
-
-ADD ${DNPM_BWHC_BACKEND_ZIP} /
-RUN unzip $(basename ${DNPM_BWHC_BACKEND_ZIP}) && rm $(basename ${DNPM_BWHC_BACKEND_ZIP})
-
-WORKDIR $BWHC_BASE_DIR
-
-# Prepare config file to use environment variables from docker
-RUN sed -i -r "s/APPLICATION_SECRET(.*)/#APPLICATION_SECRET\1/" ./config
-RUN sed -i -r "s/ZPM_SITE(.*)/#ZPM_SITE\1/" ./config
-
-# Prepare config file to use fix environment variables for this image
-RUN sed -i -r "s~BWHC_DATA_ENTRY_DIR.*~BWHC_DATA_ENTRY_DIR=$BWHC_DATA_ENTRY_DIR~" ./config
-RUN sed -i -r "s~BWHC_QUERY_DATA_DIR.*~BWHC_QUERY_DATA_DIR=$BWHC_QUERY_DATA_DIR~" ./config
-RUN sed -i -r "s~BWHC_USER_DB_DIR.*~BWHC_USER_DB_DIR=$BWHC_USER_DB_DIR~" ./config
-
-RUN ./install.sh $BWHC_BASE_DIR
-
-RUN mv bwhc-rest-api-gateway-*/  bwhc-rest-api-gateway/
-
-FROM openjdk:11-jre
-
-ARG BWHC_BASE_DIR=/bwhc-backend
-
-ENV BWHC_BASE_DIR=$BWHC_BASE_DIR
-ENV BWHC_USER_DB_DIR=$BWHC_BASE_DIR/data/user-db
-ENV BWHC_DATA_ENTRY_DIR=$BWHC_BASE_DIR/data/data-entry
-ENV BWHC_QUERY_DATA_DIR=$BWHC_BASE_DIR/data/query-data
-ENV BWHC_CONNECTOR_CONFIG=$BWHC_BASE_DIR/bwhcConnectorConfig.xml
-
-COPY --from=builder $BWHC_BASE_DIR/config $BWHC_BASE_DIR/
-COPY --from=builder $BWHC_BASE_DIR/bwhcConnectorConfig.xml $BWHC_BASE_DIR/
-COPY --from=builder $BWHC_BASE_DIR/logback.xml $BWHC_BASE_DIR/
-COPY --from=builder $BWHC_BASE_DIR/production.conf $BWHC_BASE_DIR/
-COPY --from=builder $BWHC_BASE_DIR/bwhc-rest-api-gateway/ $BWHC_BASE_DIR/bwhc-rest-api-gateway/
-
-VOLUME $BWHC_BASE_DIR/data
-VOLUME $BWHC_BASE_DIR/hgnc_data
-
-EXPOSE ${BWHC_BACKEND_PORT}
-
-WORKDIR $BWHC_BASE_DIR
-
-CMD $BWHC_BASE_DIR/bwhc-rest-api-gateway/bin/bwhc-rest-api-gateway \
-    -Dplay.http.secret.key=$APPLICATION_SECRET \
-    -Dconfig.file=$BWHC_BASE_DIR/production.conf \
-    -Dlogger.file=$BWHC_BASE_DIR/logback.xml \
-    -Dpidfile.path=/dev/null \
-    -Dbwhc.zpm.site=$ZPM_SITE \
-    -Dbwhc.data.entry.dir=$BWHC_DATA_ENTRY_DIR \
-    -Dbwhc.query.data.dir=$BWHC_QUERY_DATA_DIR \
-    -Dbwhc.user.data.dir=$BWHC_USER_DB_DIR \
-    -Dbwhc.hgnc.dir=$BWHC_HGNC_DIR \
-    -Dbwhc.connector.configFile=$BWHC_CONNECTOR_CONFIG
diff --git a/minimal/modules/dnpm-compose-bwhc.yml b/minimal/modules/dnpm-compose-bwhc.yml
deleted file mode 100644
index a2647280..00000000
--- a/minimal/modules/dnpm-compose-bwhc.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-version: "3.7"
-
-services:
-  dnpm-frontend:
-    depends_on: [ dnpm-backend ]
-    build:
-      context: ../../minimal/modules
-      dockerfile: dnpm-frontend.Dockerfile
-      args:
-        NUXT_HOST: 0.0.0.0
-        NUXT_PORT: 3000
-        BACKEND_PROTOCOL: http
-        BACKEND_HOSTNAME: dnpm-backend
-        BACKEND_PORT: 9000
-        DNPM_BWHC_FRONTEND_ZIP: ${DNPM_BWHC_FRONTEND_ZIP}
-        HTTP_PROXY: ${http_proxy}
-        HTTPS_PROXY: ${https_proxy}
-    environment:
-        BACKEND_PROTOCOL: http
-        BACKEND_HOSTNAME: dnpm-backend
-        BACKEND_PORT: 9000
-        no_proxy: dnpm-backend
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.dnpm-frontend.rule=PathPrefix(`/dnpm-frontend`)"
-      - "traefik.http.services.dnpm-frontend.loadbalancer.server.port=3000"
-      - "traefik.http.routers.dnpm-frontend.tls=true"
-
-  dnpm-backend:
-    build:
-      context: ../../minimal/modules
-      dockerfile: dnpm-backend.Dockerfile
-      args:
-        BWHC_BASE_DIR: /bwhc-backend
-        DNPM_BWHC_BACKEND_ZIP: ${DNPM_BWHC_BACKEND_ZIP}
-    environment:
-      APPLICATION_SECRET: ${DNPM_APPLICATION_SECRET}
-      ZPM_SITE: ${ZPM_SITE}
-      noproxy: dnpm-frontend,dnpm-beam-connect
-      # PLAY_HTTP_PORT: 9000
-      # PLAY_HTTP_ADDRESS: 0.0.0.0
-    volumes:
-      - /etc/bridgehead/dnpm/bwhcConnectorConfig.xml:/bwhc-backend/bwhcConnectorConfig.xml:ro
-      - /etc/bridgehead/dnpm/production.conf:/bwhc-backend/production.conf:ro
-      - bwhc_data:/bwhc-backend/data/
-      - bwhc_hgnc_data:/bwhc-backend/hgnc_data/
-
-volumes:
-  bwhc_data:
-  bwhc_hgnc_data:
diff --git a/minimal/modules/dnpm-compose-beamconnect.yml b/minimal/modules/dnpm-compose.yml
similarity index 100%
rename from minimal/modules/dnpm-compose-beamconnect.yml
rename to minimal/modules/dnpm-compose.yml
diff --git a/minimal/modules/dnpm-frontend.Dockerfile b/minimal/modules/dnpm-frontend.Dockerfile
deleted file mode 100644
index 1d4bb307..00000000
--- a/minimal/modules/dnpm-frontend.Dockerfile
+++ /dev/null
@@ -1,42 +0,0 @@
-FROM node:10-alpine
-
-ARG DNPM_BWHC_FRONTEND_ZIP
-
-# Change to latest release
-# Required for image build using local copy of zip file
-ARG VERSION=2207
-
-# nuxt host and port to be replaced in package.json. (See 2.3 in bwHCPrototypeManual)
-# NUXT_HOST should have a value with public available IP address from within container.
-# If changing NUXT_PORT, also change exposed port.
-ARG NUXT_HOST=0.0.0.0
-ARG NUXT_PORT=3000
-
-# Backend access setup. (See 2.4 in bwHCPrototypeManual)
-ARG BACKEND_PROTOCOL=http
-ARG BACKEND_HOSTNAME=localhost
-ARG BACKEND_PORT=8080
-
-ARG HTTP_PROXY=""
-ARG HTTPS_PROXY=""
-
-ADD ${DNPM_BWHC_FRONTEND_ZIP} /
-RUN unzip $(basename ${DNPM_BWHC_FRONTEND_ZIP}) && rm $(basename ${DNPM_BWHC_FRONTEND_ZIP})
-
-WORKDIR /bwhc-frontend
-
-RUN npm install
-
-# Prepare package.json
-RUN sed -i -r "s/^(\s*)\"host\"[^,]*(,?)/\1\"host\": \"$NUXT_HOST\"\2/" ./package.json
-RUN sed -i -r "s/^(\s*)\"port\"[^,]*(,?)/\1\"port\": \"$NUXT_PORT\"\2/" ./package.json
-
-# Prepare nuxt.config.js
-RUN sed -i -r "s/^(\s*)baseUrl[^,]*(,?)/\1baseUrl: process.env.BASE_URL || '$BACKEND_PROTOCOL:\/\/$BACKEND_HOSTNAME'\2/" ./nuxt.config.js
-RUN sed -i -r "s/^(\s*)port[^,]*(,?)/\1port: process.env.port || ':$BACKEND_PORT'\2/" ./nuxt.config.js
-
-RUN npm run generate
-
-EXPOSE $NUXT_PORT
-
-CMD npm start
diff --git a/minimal/modules/dnpm-setup.sh b/minimal/modules/dnpm-setup.sh
index ca98542f..4ece1153 100644
--- a/minimal/modules/dnpm-setup.sh
+++ b/minimal/modules/dnpm-setup.sh
@@ -2,7 +2,7 @@
 
 if [ -n "${ENABLE_DNPM}" ]; then
 	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
-	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-beamconnect.yml"
+	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
 
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
@@ -10,20 +10,4 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	DNPM_BROKER_ID="broker.dev.ccp-it.dktk.dkfz.de"
 	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
 	DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}"
-
-	# Optionally, start bwhc as well. This is currently only experimental
-	if [ -n "${ENABLE_DNPM_BWHC}" ]; then
-		log INFO "DNPM setup detected (with Frontend/Backend) -- will start BWHC Frontend/Backend. This is highly experimental!"
-		OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose-bwhc.yml"
-
-		if [ -z "${DNPM_BWHC_FRONTEND_ZIP}" ]; then
-			fail_and_report 1 "Variable DNPM_BWHC_FRONTEND_ZIP is not set."
-		fi
-		if [ -z "${DNPM_BWHC_BACKEND_ZIP}" ]; then
-			fail_and_report 1 "Variable DNPM_BWHC_BACKEND_ZIP is not set."
-		fi
-		if [ -z "${ZPM_SITE}" ]; then
-			fail_and_report 1 "Variable ZPM_SITE is not set."
-		fi
-	fi
 fi

From a18b63e190a2ec26c5a666d8038e430f547e6d12 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Wed, 17 May 2023 10:04:35 +0000
Subject: [PATCH 16/20] Use cached beam-connect image for dnpm

---
 bbmri/modules/dnpm-compose.yml   | 3 ++-
 ccp/modules/dnpm-compose.yml     | 3 ++-
 minimal/modules/dnpm-compose.yml | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/bbmri/modules/dnpm-compose.yml b/bbmri/modules/dnpm-compose.yml
index 90f6cf1d..0175bf5b 100644
--- a/bbmri/modules/dnpm-compose.yml
+++ b/bbmri/modules/dnpm-compose.yml
@@ -23,7 +23,8 @@ services:
 
   dnpm-beam-connect:
     depends_on: [ dnpm-beam-proxy ]
-    image: samply/beam-connect:sites-without-auth
+    image: docker.verbis.dkfz.de/cache/samply/beam-connect:sites-without-auth
+    container_name: bridgehead-dnpm-beam-connect
     environment:
       PROXY_URL: http://dnpm-beam-proxy:8081
       PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
diff --git a/ccp/modules/dnpm-compose.yml b/ccp/modules/dnpm-compose.yml
index 2dce2513..2f523b9b 100644
--- a/ccp/modules/dnpm-compose.yml
+++ b/ccp/modules/dnpm-compose.yml
@@ -8,7 +8,8 @@ services:
 
   dnpm-beam-connect:
     depends_on: [ beam-proxy ]
-    image: samply/beam-connect:sites-without-auth
+    image: docker.verbis.dkfz.de/cache/samply/beam-connect:sites-without-auth
+    container_name: bridgehead-dnpm-beam-connect
     environment:
       PROXY_URL: http://beam-proxy:8081
       PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}
diff --git a/minimal/modules/dnpm-compose.yml b/minimal/modules/dnpm-compose.yml
index 16cfdb9f..a2eb0b06 100644
--- a/minimal/modules/dnpm-compose.yml
+++ b/minimal/modules/dnpm-compose.yml
@@ -23,7 +23,8 @@ services:
 
   dnpm-beam-connect:
     depends_on: [ dnpm-beam-proxy ]
-    image: samply/beam-connect:sites-without-auth
+    image: docker.verbis.dkfz.de/cache/samply/beam-connect:sites-without-auth
+    container_name: bridgehead-dnpm-beam-connect
     environment:
       PROXY_URL: http://dnpm-beam-proxy:8081
       PROXY_APIKEY: ${DNPM_BEAM_SECRET_SHORT}

From ff4fb06ad158c6ac86bee8461834f77f1e9f9105 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Fri, 19 May 2023 11:53:03 +0000
Subject: [PATCH 17/20] Address review comments

---
 README.md                        | 2 +-
 bbmri/modules/dnpm-compose.yml   | 2 +-
 bbmri/modules/dnpm-setup.sh      | 4 ++--
 bbmri/vars                       | 2 +-
 bridgehead                       | 4 ++--
 ccp/modules/dnpm-compose.yml     | 2 +-
 ccp/modules/dnpm-setup.sh        | 4 ++--
 ccp/vars                         | 2 +-
 minimal/modules/dnpm-compose.yml | 2 +-
 minimal/modules/dnpm-setup.sh    | 4 ++--
 minimal/vars                     | 2 +-
 11 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 550f563f..8daab1f7 100644
--- a/README.md
+++ b/README.md
@@ -85,7 +85,7 @@ To request a new repository, please contact your research network administration
 - For the ccp project: support-ccp@dkfz-heidelberg.de
 
 Mention:
-- which project you belong to, i.e. "bbmri", "ccp", or "minimal"
+- which project you belong to, i.e. "bbmri" or "ccp"
 - site name (According to conventions listed above)
 - operator name and email
 
diff --git a/bbmri/modules/dnpm-compose.yml b/bbmri/modules/dnpm-compose.yml
index 0175bf5b..48d58dee 100644
--- a/bbmri/modules/dnpm-compose.yml
+++ b/bbmri/modules/dnpm-compose.yml
@@ -23,7 +23,7 @@ services:
 
   dnpm-beam-connect:
     depends_on: [ dnpm-beam-proxy ]
-    image: docker.verbis.dkfz.de/cache/samply/beam-connect:sites-without-auth
+    image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm
     container_name: bridgehead-dnpm-beam-connect
     environment:
       PROXY_URL: http://dnpm-beam-proxy:8081
diff --git a/bbmri/modules/dnpm-setup.sh b/bbmri/modules/dnpm-setup.sh
index 4ece1153..c8b003e1 100644
--- a/bbmri/modules/dnpm-setup.sh
+++ b/bbmri/modules/dnpm-setup.sh
@@ -1,11 +1,11 @@
 #!/bin/bash
 
 if [ -n "${ENABLE_DNPM}" ]; then
-	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
+	log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam and Beam.Connect for DNPM."
 	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
 
 	# Set variables required for Beam-Connect
-	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 	DNPM_BROKER_ID="broker.dev.ccp-it.dktk.dkfz.de"
 	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
diff --git a/bbmri/vars b/bbmri/vars
index b5be6166..21aeaecf 100644
--- a/bbmri/vars
+++ b/bbmri/vars
@@ -8,7 +8,7 @@ PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 
 for module in $PROJECT/modules/*.sh
 do
-    log INFO "sourcing $module"
+    log DEBUG "sourcing $module"
     source $module
 done
 
diff --git a/bridgehead b/bridgehead
index 8d35708a..b14d1d32 100755
--- a/bridgehead
+++ b/bridgehead
@@ -56,7 +56,7 @@ loadVars() {
 	OVERRIDE=${OVERRIDE:=""}
 	# minimal contains shared components, so potential overrides must be applied in every project
 	if [ -f "minimal/docker-compose.override.yml" ]; then
-		log INFO "Applying minimal/docker-compose.override.yml"
+		log INFO "Applying Bridgehead common components override (minimal/docker-compose.override.yml)"
 		OVERRIDE+=" -f ./minimal/docker-compose.override.yml"
 	fi
 	if [ -f "$PROJECT/docker-compose.override.yml" ]; then
@@ -78,7 +78,7 @@ case "$ACTION" in
 		;;
 	stop)
 		loadVars
-		# HACK: This is tempoarily to properly shut down false bridgehead instances (bridgehead-ccp instead ccp)
+		# HACK: This is temporarily to properly shut down false bridgehead instances (bridgehead-ccp instead ccp)
 		$COMPOSE -p bridgehead-$PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down
 		exec $COMPOSE -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE down
 		;;
diff --git a/ccp/modules/dnpm-compose.yml b/ccp/modules/dnpm-compose.yml
index 2f523b9b..a4ef1aa2 100644
--- a/ccp/modules/dnpm-compose.yml
+++ b/ccp/modules/dnpm-compose.yml
@@ -8,7 +8,7 @@ services:
 
   dnpm-beam-connect:
     depends_on: [ beam-proxy ]
-    image: docker.verbis.dkfz.de/cache/samply/beam-connect:sites-without-auth
+    image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm
     container_name: bridgehead-dnpm-beam-connect
     environment:
       PROXY_URL: http://beam-proxy:8081
diff --git a/ccp/modules/dnpm-setup.sh b/ccp/modules/dnpm-setup.sh
index c9250cbd..04659ebe 100644
--- a/ccp/modules/dnpm-setup.sh
+++ b/ccp/modules/dnpm-setup.sh
@@ -1,10 +1,10 @@
 #!/bin/bash
 
 if [ -n "${ENABLE_DNPM}" ]; then
-	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
+	log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
 	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
 
 	# Set variables required for Beam-Connect
-	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 fi
diff --git a/ccp/vars b/ccp/vars
index 2a295f4d..a180d829 100644
--- a/ccp/vars
+++ b/ccp/vars
@@ -21,6 +21,6 @@ mtbaSetup
 
 for module in $PROJECT/modules/*.sh
 do
-    log INFO "sourcing $module"
+    log DEBUG "sourcing $module"
     source $module
 done
diff --git a/minimal/modules/dnpm-compose.yml b/minimal/modules/dnpm-compose.yml
index a2eb0b06..f320ead3 100644
--- a/minimal/modules/dnpm-compose.yml
+++ b/minimal/modules/dnpm-compose.yml
@@ -23,7 +23,7 @@ services:
 
   dnpm-beam-connect:
     depends_on: [ dnpm-beam-proxy ]
-    image: docker.verbis.dkfz.de/cache/samply/beam-connect:sites-without-auth
+    image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm
     container_name: bridgehead-dnpm-beam-connect
     environment:
       PROXY_URL: http://dnpm-beam-proxy:8081
diff --git a/minimal/modules/dnpm-setup.sh b/minimal/modules/dnpm-setup.sh
index 4ece1153..c8b003e1 100644
--- a/minimal/modules/dnpm-setup.sh
+++ b/minimal/modules/dnpm-setup.sh
@@ -1,11 +1,11 @@
 #!/bin/bash
 
 if [ -n "${ENABLE_DNPM}" ]; then
-	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
+	log DEBUG "DNPM setup detected (Beam.Connect) -- will start Beam and Beam.Connect for DNPM."
 	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
 
 	# Set variables required for Beam-Connect
-	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 	DNPM_BROKER_ID="broker.dev.ccp-it.dktk.dkfz.de"
 	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
diff --git a/minimal/vars b/minimal/vars
index acca503d..fe661ed7 100644
--- a/minimal/vars
+++ b/minimal/vars
@@ -1,5 +1,5 @@
 for module in $PROJECT/modules/*.sh
 do
-    log INFO "sourcing $module"
+    log DEBUG "sourcing $module"
     source $module
 done

From f02587d9fadb6e7349aacbaf64343022624e2dc3 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Thu, 25 May 2023 11:20:18 +0000
Subject: [PATCH 18/20] Change DNPM broker id

---
 bbmri/modules/dnpm-setup.sh   | 2 +-
 minimal/modules/dnpm-setup.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bbmri/modules/dnpm-setup.sh b/bbmri/modules/dnpm-setup.sh
index c8b003e1..7b3be9a2 100644
--- a/bbmri/modules/dnpm-setup.sh
+++ b/bbmri/modules/dnpm-setup.sh
@@ -7,7 +7,7 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-	DNPM_BROKER_ID="broker.dev.ccp-it.dktk.dkfz.de"
+	DNPM_BROKER_ID="broker.ccp-it.dktk.dkfz.de"
 	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
 	DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}"
 fi
diff --git a/minimal/modules/dnpm-setup.sh b/minimal/modules/dnpm-setup.sh
index c8b003e1..7b3be9a2 100644
--- a/minimal/modules/dnpm-setup.sh
+++ b/minimal/modules/dnpm-setup.sh
@@ -7,7 +7,7 @@ if [ -n "${ENABLE_DNPM}" ]; then
 	# Set variables required for Beam-Connect
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-	DNPM_BROKER_ID="broker.dev.ccp-it.dktk.dkfz.de"
+	DNPM_BROKER_ID="broker.ccp-it.dktk.dkfz.de"
 	DNPM_BROKER_URL="https://${DNPM_BROKER_ID}"
 	DNPM_PROXY_ID="${SITE_ID}.${DNPM_BROKER_ID}"
 fi

From 12991e4796320e127833ae319c54467273ac4c63 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Wed, 28 Jun 2023 11:16:15 +0200
Subject: [PATCH 19/20] Fix enrollment for minimal bh

---
 bridgehead   | 17 ++++++++++++++++-
 minimal/vars |  1 +
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/bridgehead b/bridgehead
index b14d1d32..9824e3b8 100755
--- a/bridgehead
+++ b/bridgehead
@@ -105,7 +105,22 @@ case "$ACTION" in
 		;;
 	enroll)
 		loadVars
-		docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL
+
+		MANUAL_PROXY_ID="${3:-$PROXY_ID}"
+		if [ -z "$MANUAL_PROXY_ID" ]; then
+			log ERROR "No Proxy ID set"
+			exit 1
+		else
+			log INFO "Enrolling Beam Proxy Id $MANUAL_PROXY_ID"
+		fi
+
+		if [ -z "$SUPPORT_EMAIL" ]; then
+			EMAIL_PARAM=""
+		else
+			EMAIL_PARAM="--admin-email $SUPPORT_EMAIL"
+		fi
+			
+		docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $MANUAL_PROXY_ID $EMAIL_PARAM
 		chmod 600 $PRIVATEKEYFILENAME
 		;;
 	preRun | preUpdate)
diff --git a/minimal/vars b/minimal/vars
index fe661ed7..11d07ff5 100644
--- a/minimal/vars
+++ b/minimal/vars
@@ -3,3 +3,4 @@ do
     log DEBUG "sourcing $module"
     source $module
 done
+PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem

From f0d423fcf7944525566460c49cf0ba1e27ce9392 Mon Sep 17 00:00:00 2001
From: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
Date: Wed, 28 Jun 2023 11:48:47 +0200
Subject: [PATCH 20/20] Adapt to new beam app syntax

---
 bbmri/modules/dnpm-compose.yml   | 3 +--
 ccp/modules/dnpm-compose.yml     | 4 +---
 minimal/modules/dnpm-compose.yml | 3 +--
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/bbmri/modules/dnpm-compose.yml b/bbmri/modules/dnpm-compose.yml
index 48d58dee..0cbc45f0 100644
--- a/bbmri/modules/dnpm-compose.yml
+++ b/bbmri/modules/dnpm-compose.yml
@@ -7,8 +7,7 @@ services:
     environment:
       BROKER_URL: ${DNPM_BROKER_URL}
       PROXY_ID: ${DNPM_PROXY_ID}
-      APP_0_ID: dnpm-connect
-      APP_0_KEY: ${DNPM_BEAM_SECRET_SHORT}
+      APP_dnpm-connect_KEY: ${DNPM_BEAM_SECRET_SHORT}
       PRIVKEY_FILE: /run/secrets/proxy.pem
       ALL_PROXY: http://forward_proxy:3128
       TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
diff --git a/ccp/modules/dnpm-compose.yml b/ccp/modules/dnpm-compose.yml
index a4ef1aa2..9286d329 100644
--- a/ccp/modules/dnpm-compose.yml
+++ b/ccp/modules/dnpm-compose.yml
@@ -3,9 +3,7 @@ version: "3.7"
 services:
   beam-proxy:
     environment:
-      APP_3_ID: dnpm-connect
-      APP_3_KEY: ${DNPM_BEAM_SECRET_SHORT}
-
+      APP_dnpm-connect_KEY: ${DNPM_BEAM_SECRET_SHORT}
   dnpm-beam-connect:
     depends_on: [ beam-proxy ]
     image: docker.verbis.dkfz.de/cache/samply/beam-connect:dnpm
diff --git a/minimal/modules/dnpm-compose.yml b/minimal/modules/dnpm-compose.yml
index f320ead3..276f5ff0 100644
--- a/minimal/modules/dnpm-compose.yml
+++ b/minimal/modules/dnpm-compose.yml
@@ -7,8 +7,7 @@ services:
     environment:
       BROKER_URL: ${DNPM_BROKER_URL}
       PROXY_ID: ${DNPM_PROXY_ID}
-      APP_0_ID: dnpm-connect
-      APP_0_KEY: ${DNPM_BEAM_SECRET_SHORT}
+      APP_dnpm-connect_KEY: ${DNPM_BEAM_SECRET_SHORT}
       PRIVKEY_FILE: /run/secrets/proxy.pem
       ALL_PROXY: http://forward_proxy:3128
       TLS_CA_CERTIFICATES_DIR: ./conf/trusted-ca-certs