fix: add nngm to prepare-system script

bridgehead

@@ -35,9 +35,6 @@ case "$PROJECT" in
 	cce)
 		#nothing extra to do
 		;;
-	pscc)
-		#nothing extra to do
-		;;
 	itcc)
 		#nothing extra to do
 		;;
@@ -47,6 +44,9 @@ case "$PROJECT" in
 	dhki)
 		#nothing extra to do
 		;;
+	nngm)
+		#nothing extra to do
+		;;
 	minimal)
 		#nothing extra to do
 		;;

ccp/modules/dnpm-node-compose.yml

@@ -58,7 +58,7 @@ services:
 
   dnpm-backend:
     container_name: bridgehead-dnpm-backend
-    image: ghcr.io/dnpm-dip/backend:${DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/api-gateway:latest
     environment:
       - LOCAL_SITE=${ZPM_SITE}:${SITE_NAME}   # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
       - RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}

dhki/vars

@@ -23,4 +23,5 @@ do
     source $module
 done
 
-transfairSetup
+transfairSetup
+scoutSetup

lib/functions.sh

@@ -54,7 +54,7 @@ checkOwner(){
 
 printUsage() {
 	echo "Usage: bridgehead start|stop|logs|docker-logs|is-running|update|install|uninstall|adduser|enroll PROJECTNAME"
-	echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki"
+	echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki|nngm"
 }
 
 checkRequirements() {

lib/prepare-system.sh

@@ -55,9 +55,6 @@ case "$PROJECT" in
 	cce)
 		site_configuration_repository_middle="git.verbis.dkfz.de/cce-sites/"
 		;;
-	pscc)
-		site_configuration_repository_middle="git.verbis.dkfz.de/pscc-sites/"
-		;;
 	itcc)
 		site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/"
         ;;
@@ -70,6 +67,9 @@ case "$PROJECT" in
 	dhki)
 		site_configuration_repository_middle="git.verbis.dkfz.de/dhki/"
 		;;
+	nngm)
+		site_configuration_repository_middle="git.verbis.dkfz.de/nngm/"
+		;;
 	minimal)
 		site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/"
 		;;

minimal/docker-compose.yml

@@ -59,4 +59,3 @@ services:
       PROJECT: ${PROJECT}
       SITE_NAME: ${SITE_NAME}
       ENVIRONMENT: ${ENVIRONMENT}
-    profiles: [deactivated]

minimal/modules/dnpm-node-compose.yml

@@ -58,7 +58,7 @@ services:
 
   dnpm-backend:
     container_name: bridgehead-dnpm-backend
-    image: ghcr.io/dnpm-dip/backend:${DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/api-gateway:latest
     environment:
       - LOCAL_SITE=${ZPM_SITE}:${SITE_NAME}   # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
       - RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}

modules/scout-compose.yml

@@ -0,0 +1,40 @@
+volumes:
+  scout-blaze-data:
+
+services:
+  traefik:
+    labels:
+      - "traefik.http.middlewares.additional-users-auth.basicauth.users=${SCOUT_BASIC_AUTH_USERS}"
+
+  scout-blaze:
+    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
+    container_name: bridgehead-scout-blaze
+    environment:
+      BASE_URL: "http://bridgehead-scout-blaze:8080"
+      ENFORCE_REFERENTIAL_INTEGRITY: "false"
+    volumes:
+      - "scout-blaze-data:/app/data"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.scout-blaze.rule=PathPrefix(`/scout-blaze`)"
+      - "traefik.http.middlewares.scout-blaze-stripprefix.stripprefix.prefixes=/scout-blaze"
+      - "traefik.http.services.scout-blaze.loadbalancer.server.port=8080"
+      - "traefik.http.routers.scout-blaze.middlewares=scout-blaze-stripprefix,additional-users-auth"
+      - "traefik.http.routers.scout-blaze.tls=true"
+
+  scout:
+    image: samply/scout:main
+    container_name: bridgehead-scout
+    configs:
+      - scout.toml
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.scout.rule=PathPrefix(`/scout`)"
+      - "traefik.http.services.scout.loadbalancer.server.port=8080"
+      - "traefik.http.routers.scout.middlewares=additional-users-auth"
+      - "traefik.http.routers.scout.tls=true"
+
+configs:
+  scout.toml:
+    content: |
+      fhir_base_url = "http://scout-blaze:8080/fhir"

modules/scout-setup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+function scoutSetup() {
+    if [[ -n "$ENABLE_SCOUT" && -n "$SCOUT_BASIC_AUTH_USERS" ]]; then
+        echo "Starting scout."
+	    OVERRIDE+=" -f ./modules/scout-compose.yml"
+    fi
+}

modules/transfair-compose.yml

@@ -10,7 +10,7 @@ services:
       - TTP_GW_SOURCE
       - TTP_GW_EPIX_DOMAIN
       - TTP_GW_GPAS_DOMAIN
-      - TTP_TYPE
+      - TTP_GW_GPAS_URL
       - TTP_AUTH
       - PROJECT_ID_SYSTEM
       - FHIR_REQUEST_URL=${FHIR_REQUEST_URL}
@@ -26,6 +26,7 @@ services:
       - TLS_DISABLE=${TRANSFAIR_TLS_DISABLE:-false}
       - NO_PROXY=${TRANSFAIR_NO_PROXIES}
       - ALL_PROXY=http://forward_proxy:3128
+    command: dic ${TTP_TYPE}
     volumes:
       - /var/cache/bridgehead/${PROJECT}/transfair:/transfair
       - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro

nngm/docker-compose.yml

@@ -3,9 +3,9 @@ version: "3.7"
 services:
   blaze:
     image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
-    container_name: bridgehead-pscc-blaze
+    container_name: bridgehead-nngm-blaze
     environment:
-      BASE_URL: "http://bridgehead-pscc-blaze:8080"
+      BASE_URL: "http://bridgehead-nngm-blaze:8080"
       JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
       DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
       DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
@@ -15,24 +15,27 @@ services:
       - "blaze-data:/app/data"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)"
-      - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement"
-      - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080"
-      - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip,auth"
-      - "traefik.http.routers.blaze_pscc.tls=true"
+      - "traefik.http.routers.blaze_nngm.rule=PathPrefix(`/nngm-localdatamanagement`)"
+      - "traefik.http.middlewares.nngm_b_strip.stripprefix.prefixes=/nngm-localdatamanagement"
+      - "traefik.http.services.blaze_nngm.loadbalancer.server.port=8080"
+      - "traefik.http.routers.blaze_nngm.middlewares=nngm_b_strip,auth"
+      - "traefik.http.routers.blaze_nngm.tls=true"
 
   focus:
-    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}-dktk
     container_name: bridgehead-focus
     environment:
       API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
       BEAM_APP_ID_LONG: focus.${PROXY_ID}
       PROXY_ID: ${PROXY_ID}
-      BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/"
+      BLAZE_URL: "http://bridgehead-nngm-blaze:8080/fhir/"
       BEAM_PROXY_URL: http://beam-proxy:8081
       RETRY_COUNT: ${FOCUS_RETRY_COUNT}
       EPSILON: 0.28
+      QUERIES_TO_CACHE: '/queries_to_cache.conf'
       ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
+    volumes:
+      - /srv/docker/bridgehead/nngm/queries_to_cache.conf:/queries_to_cache.conf:ro
     depends_on:
       - "beam-proxy"
       - "blaze"
@@ -54,8 +57,7 @@ services:
       - "forward_proxy"
     volumes:
       - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-      - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro
-
+      - /srv/docker/bridgehead/nngm/root.crt.pem:/conf/root.crt.pem:ro
 
 volumes:
   blaze-data:

nngm/modules/exporter-compose.yml

@@ -0,0 +1,72 @@
+version: "3.7"
+
+services:
+  exporter:
+    image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
+    container_name: bridgehead-nngm-exporter
+    environment:
+      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
+      LOG_LEVEL: "INFO"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
+      CROSS_ORIGINS: "https://${HOST}"
+      EXPORTER_DB_USER: "exporter"
+      EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
+      EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
+      HTTP_RELATIVE_PATH: "/nngm-exporter"
+      SITE: "${SITE_ID}"
+      HTTP_SERVLET_REQUEST_SCHEME: "https"
+      OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.exporter_nngm.rule=PathPrefix(`/nngm-exporter`)"
+      - "traefik.http.services.exporter_nngm.loadbalancer.server.port=8092"
+      - "traefik.http.routers.exporter_nngm.tls=true"
+      - "traefik.http.middlewares.exporter_nngm_strip.stripprefix.prefixes=/nngm-exporter"
+      - "traefik.http.routers.exporter_nngm.middlewares=exporter_nngm_strip"
+    volumes:
+      - "/var/cache/bridgehead/nngm/exporter-files:/app/exporter-files/output"
+
+  exporter-db:
+    image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
+    container_name: bridgehead-nngm-exporter-db
+    environment:
+      POSTGRES_USER: "exporter"
+      POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
+      POSTGRES_DB: "exporter"
+    volumes:
+      # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
+      - "/var/cache/bridgehead/nngm/exporter-db:/var/lib/postgresql/data"
+
+  reporter:
+    image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
+    container_name: bridgehead-nngm-reporter
+    environment:
+      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
+      LOG_LEVEL: "INFO"
+      CROSS_ORIGINS: "https://${HOST}"
+      HTTP_RELATIVE_PATH: "/nngm-reporter"
+      SITE: "${SITE_ID}"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
+      EXPORTER_URL: "http://exporter:8092"
+      LOG_FHIR_VALIDATION: "false"
+      HTTP_SERVLET_REQUEST_SCHEME: "https"
+
+    # In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
+    # However, in the first executions in the CCP sites, this volume seems to be very important. A report is
+    # a process that can take several hours, because it depends on the exporter.
+    # There is a risk that the bridgehead restarts, losing the already created export.
+
+    volumes:
+      - "/var/cache/bridgehead/nngm/reporter-files:/app/reports"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.reporter_nngm.rule=PathPrefix(`/nngm-reporter`)"
+      - "traefik.http.services.reporter_nngm.loadbalancer.server.port=8095"
+      - "traefik.http.routers.reporter_nngm.tls=true"
+      - "traefik.http.middlewares.reporter_nngm_strip.stripprefix.prefixes=/nngm-reporter"
+      - "traefik.http.routers.reporter_nngm.middlewares=reporter_nngm_strip"
+
+  focus:
+    environment:
+      EXPORTER_URL: "http://exporter:8092"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"

nngm/modules/exporter-setup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+if [ "$ENABLE_EXPORTER" == true ]; then
+  log INFO "Exporter setup detected -- will start Exporter service."
+  OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
+  EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+  EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
+fi

nngm/modules/teiler-compose.yml

@@ -0,0 +1,73 @@
+version: "3.7"
+
+services:
+
+  teiler-orchestrator:
+    image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest
+    container_name: bridgehead-teiler-orchestrator
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.teiler_orchestrator_nngm.rule=PathPrefix(`/nngm-teiler`)"
+      - "traefik.http.services.teiler_orchestrator_nngm.loadbalancer.server.port=9000"
+      - "traefik.http.routers.teiler_orchestrator_nngm.tls=true"
+      - "traefik.http.middlewares.teiler_orchestrator_nngm_strip.stripprefix.prefixes=/nngm-teiler"
+      - "traefik.http.routers.teiler_orchestrator_nngm.middlewares=teiler_orchestrator_nngm_strip"
+    environment:
+      TEILER_BACKEND_URL: "/nngm-teiler-backend"
+      TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard"
+      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
+      HTTP_RELATIVE_PATH: "/nngm-teiler"
+
+  teiler-dashboard:
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
+    container_name: bridgehead-teiler-dashboard
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.teiler_dashboard_nngm.rule=PathPrefix(`/nngm-teiler-dashboard`)"
+      - "traefik.http.services.teiler_dashboard_nngm.loadbalancer.server.port=80"
+      - "traefik.http.routers.teiler_dashboard_nngm.tls=true"
+      - "traefik.http.middlewares.teiler_dashboard_nngm_strip.stripprefix.prefixes=/nngm-teiler-dashboard"
+      - "traefik.http.routers.teiler_dashboard_nngm.middlewares=teiler_dashboard_nngm_strip"
+    environment:
+      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
+      TEILER_BACKEND_URL: "/nngm-teiler-backend"
+      TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard"
+      OIDC_URL: "${OIDC_URL}"
+      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
+      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
+      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
+      TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
+      TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
+      TEILER_PROJECT: "${PROJECT}"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
+      TEILER_ORCHESTRATOR_URL: "/nngm-teiler"
+      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler"
+      TEILER_USER: "${OIDC_USER_GROUP}"
+      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
+      REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
+      EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
+
+
+# TODO: Replace dktk-teiler-backend with nngm-teiler-backend
+  teiler-backend:
+    image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
+    container_name: bridgehead-teiler-backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.teiler_backend_nngm.rule=PathPrefix(`/nngm-teiler-backend`)"
+      - "traefik.http.services.teiler_backend_nngm.loadbalancer.server.port=8085"
+      - "traefik.http.routers.teiler_backend_nngm.tls=true"
+      - "traefik.http.middlewares.teiler_backend_nngm_strip.stripprefix.prefixes=/nngm-teiler-backend"
+      - "traefik.http.routers.teiler_backend_nngm.middlewares=teiler_backend_nngm_strip"
+    environment:
+      LOG_LEVEL: "INFO"
+      APPLICATION_PORT: "8085"
+      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
+      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler"
+      TEILER_ORCHESTRATOR_URL: "/nngm-teiler"
+      TEILER_DASHBOARD_DE_URL: "/nngm-teiler-dashboard/de"
+      TEILER_DASHBOARD_EN_URL: "/nngm-teiler-dashboard/en"
+      HTTP_PROXY: "http://forward_proxy:3128"
+      ENABLE_MTBA: "${ENABLE_MTBA}"
+      ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
+      IDMANAGER_UPLOAD_APIKEY: "${IDMANAGER_UPLOAD_APIKEY}" # Only used to check if the ID Manager is active

nngm/modules/teiler-setup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+if [ "$ENABLE_TEILER" == true ];then
+  log INFO "Teiler setup detected -- will start Teiler services."
+  OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
+  TEILER_DEFAULT_LANGUAGE=DE
+  TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
+fi

nngm/root.crt.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIUN7yzueIZzwpe8PaPEIMY8zoH+eMwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjMwNTIzMTAxNzIzWhcNMzMw
+NTIwMTAxNzUzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAN5JAj+HydSGaxvA0AOcrXVTZ9FfsH0cMVBlQb72
+bGZgrRvkqtB011TNXZfsHl7rPxCY61DcsDJfFq3+8VHT+S9HE0qV1bEwP+oA3xc4
+Opq77av77cNNOqDC7h+jyPhHcUaE33iddmrH9Zn2ofWTSkKHHu3PAe5udCrc2QnD
+4PLRF6gqiEY1mcGknJrXj1ff/X0nRY/m6cnHNXz0Cvh8oPOtbdfGgfZjID2/fJNP
+fNoNKqN+5oJAZ+ZZ9id9rBvKj1ivW3F2EoGjZF268SgZzc5QrM/D1OpSBQf5SF/V
+qUPcQTgt9ry3YR+SZYazLkfKMEOWEa0WsqJVgXdQ6FyergcCAwEAAaN7MHkwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEa70kcseqU5
+bHx2zSt4bG21HokhMB8GA1UdIwQYMBaAFEa70kcseqU5bHx2zSt4bG21HokhMBYG
+A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCGmE7NXW4T
+6J4mV3b132cGEMD7grx5JeiXK5EHMlswUS+Odz0NcBNzhUHdG4WVMbrilHbI5Ua+
+6jdKx5WwnqzjQvElP0MCw6sH/35gbokWgk1provOP99WOFRsQs+9Sm8M2XtMf9HZ
+m3wABwU/O+dhZZ1OT1PjSZD0OKWKqH/KvlsoF5R6P888KpeYFiIWiUNS5z21Jm8A
+ZcllJjiRJ60EmDwSUOQVJJSMOvtr6xTZDZLtAKSN8zN08lsNGzyrFwqjDwU0WTqp
+scMXEGBsWQjlvxqDnXyljepR0oqRIjOvgrWaIgbxcnu98tK/OdBGwlAPKNUW7Crr
+vO+eHxl9iqd4
+-----END CERTIFICATE-----

nngm/vars

@@ -0,0 +1,36 @@
+# TODO: Replace after getting FQDN from ITCF
+# BROKER_ID=broker.nngm.dktk.dkfz.de
+# BROKER_URL=https://${BROKER_ID}
+BROKER_ID=e260-nngm-lens.inet.dkfz-heidelberg.de
+BROKER_URL=http://${BROKER_ID}
+
+PROXY_ID=${SITE_ID}.${BROKER_ID}
+FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
+FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
+# TODO: Add real nNGM-Support email
+SUPPORT_EMAIL=support-nngm@dkfz-heidelberg.de
+PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
+
+BROKER_URL_FOR_PREREQ=$BROKER_URL
+
+# TODO: Replace with nNGM OIDC Server
+OIDC_USER_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})"
+OIDC_ADMIN_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_Verwalter"
+OIDC_PSP_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_PSP"
+OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
+OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
+OIDC_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PUBLIC_CLIENT_ID}/"
+OIDC_PRIVATE_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PRIVATE_CLIENT_ID}/"
+OIDC_GROUP_CLAIM="groups"
+
+for module in $PROJECT/modules/*.sh
+do
+    log DEBUG "sourcing $module"
+    source $module
+done
+
+for module in modules/*.sh
+do
+    log DEBUG "sourcing $module"
+    source $module
+done

pscc/modules/lens-compose.yml

@@ -1,34 +0,0 @@
-version: "3.7"
-services:
-  landing:
-    container_name: lens_federated-search
-    image: docker.verbis.dkfz.de/dashboard/pscc-explorer
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.services.landing.loadbalancer.server.port=5173"
-      - "traefik.http.routers.landing.middlewares=auth"
-      - "traefik.http.routers.landing.tls=true"
-
-#  spot:
-#    image: docker.verbis.dkfz.de/ccp-private/central-spot
-#    environment:
-#      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
-#      BEAM_URL: http://beam-proxy:8081
-#      BEAM_PROXY_ID: ${SITE_ID}
-#      BEAM_BROKER_ID: ${BROKER_ID}
-#      BEAM_APP_ID: "focus"
-#      PROJECT_METADATA: "cce_supervisors"
-#    depends_on:
-#      - "beam-proxy"
-#    labels:
-#      - "traefik.enable=true"
-#      - "traefik.http.services.spot.loadbalancer.server.port=8080"
-#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
-#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
-#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
-#      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-#      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
-#      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
-#      - "traefik.http.routers.spot.tls=true"
-#      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"

pscc/modules/lens-setup.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-if [ -n "$ENABLE_LENS" ];then
-  OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
-fi

pscc/root.crt.pem

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
-MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
-TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
-OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
-XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
-pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
-K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
-poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
-A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
-AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
-fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
-3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
-n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
-7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
-Rtup0MTxSJtN
------END CERTIFICATE-----

pscc/vars

@@ -1,14 +0,0 @@
-BROKER_ID=test-no-real-data.broker.samply.de
-BROKER_URL=https://${BROKER_ID}
-PROXY_ID=${SITE_ID}.${BROKER_ID}
-FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
-FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
-SUPPORT_EMAIL=denis.koether@dkfz-heidelberg.de
-PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
-BROKER_URL_FOR_PREREQ=$BROKER_URL
-
-for module in $PROJECT/modules/*.sh
-do
-    log DEBUG "sourcing $module"
-    source $module
-done