fix: add nngm to prepare-system script

fix: add nngm to bridgehead script
feat: nngm broker id and url
2025-09-13 05:10:25 +02:00 · 2025-09-12 15:09:02 +02:00 · 2025-09-12 15:06:46 +02:00 · 2025-09-12 14:51:55 +02:00 · 2025-09-12 14:32:45 +02:00 · 2025-09-02 13:23:34 +02:00
36 changed files with 312 additions and 182 deletions
--- a/README.md
+++ b/README.md
@@ -85,6 +85,8 @@ The following URLs need to be accessible (prefix with `https://`):
    * hub.docker.com
    * registry-1.docker.io
    * production.cloudflare.docker.com
  * GitHub Container Registry - (for use of DNPM:DIP)
    * ghcr.io
 * To report bridgeheads operational status
  * healthchecks.verbis.dkfz.de
 * only for DKTK/CCP
@@ -95,7 +97,7 @@ The following URLs need to be accessible (prefix with `https://`):
 * only for German Biobank Node
  * broker.bbmri.de
-> 📝 This URL list is subject to change. Instead of the individual names, we highly recommend whitelisting wildcard domains: *.dkfz.de, github.com, *.docker.com, *.docker.io, *.samply.de, *.bbmri.de.
+> 📝 This URL list is subject to change. Instead of the individual names, we highly recommend whitelisting wildcard domains: *.dkfz.de, github.com, *.docker.com, *.docker.io, *.ghcr.io, *.samply.de, *.bbmri.de.
 > 📝 Ubuntu's pre-installed uncomplicated firewall (ufw) is known to conflict with Docker, more info [here](https://github.com/chaifeng/ufw-docker).
--- a/bbmri/modules/teiler-compose.yml
+++ b/bbmri/modules/teiler-compose.yml
@@ -19,7 +19,7 @@ services:
      HTTP_RELATIVE_PATH: "/bbmri-teiler"
  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
--- a/6
+++ b/6
@@ -35,9 +35,6 @@ case "$PROJECT" in
 	cce)
 		#nothing extra to do
 		;;
 	pscc)
 		#nothing extra to do
 		;;
 	itcc)
 		#nothing extra to do
 		;;
@@ -47,6 +44,9 @@ case "$PROJECT" in
 	dhki)
 		#nothing extra to do
 		;;
 	nngm)
 		#nothing extra to do
 		;;
 	minimal)
 		#nothing extra to do
 		;;
--- a/cce/modules/pscc-compose.yml
+++ b/cce/modules/pscc-compose.yml
@@ -1,65 +0,0 @@
 version: "3.7"
 services:
  blaze-pscc:
    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
    container_name: bridgehead-pscc-blaze
    environment:
      BASE_URL: "http://bridgehead-pscc-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
      CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "blaze-data-pscc:/app/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)"
      - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement"
      - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080"
      - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip"
      - "traefik.http.routers.blaze_pscc.tls=true"
  focus-pscc:
    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
    container_name: bridgehead-pscc-focus
    environment:
      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      BEAM_APP_ID_LONG: focus.${PROXY_ID_PSCC}
      PROXY_ID: ${PROXY_ID_PSCC}
      BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/"
      BEAM_PROXY_URL: http://beam-proxy-pscc:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
      EPSILON: 0.28
      ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
    depends_on:
      - "beam-proxy"
      - "blaze"
  beam-proxy-pscc:
    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
    container_name: bridgehead-pscc-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL_PSCC}
      PROXY_ID: ${PROXY_ID_PSCC}
      APP_focus_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      PRIVKEY_FILE: /run/secrets/proxy.pem
      ALL_PROXY: http://forward_proxy:3128
      TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs
      ROOTCERT_FILE: /conf/root.crt.pem
    secrets:
      - proxy.pem
    depends_on:
      - "forward_proxy"
    volumes:
      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
      - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro
 volumes:
  blaze-data-pscc:
 secrets:
  proxy.pem:
    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem
--- a/cce/modules/pscc-setup.sh
+++ b/cce/modules/pscc-setup.sh
@@ -1,5 +0,0 @@
 #!/bin/bash
 if [ -n "$ENABLE_PSCC" ];then
  OVERRIDE+=" -f ./$PROJECT/modules/pscc-compose.yml"
 fi
--- a/cce/modules/teiler-compose.yml
+++ b/cce/modules/teiler-compose.yml
@@ -19,7 +19,7 @@ services:
      HTTP_RELATIVE_PATH: "/cce-teiler"
  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
--- a/cce/vars
+++ b/cce/vars
@@ -1,9 +1,6 @@
 BROKER_ID=test-no-real-data.broker.samply.de
 BROKER_ID_PSCC=test-no-real-data.broker.samply.de
 BROKER_URL=https://${BROKER_ID}
 BROKER_URL_PSCC=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 PROXY_ID_PSCC=${SITE_ID}.${BROKER_ID_PSCC}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=manoj.waikar@dkfz-heidelberg.de
--- a/ccp/modules/dnpm-node-compose.yml
+++ b/ccp/modules/dnpm-node-compose.yml
@@ -43,7 +43,7 @@ services:
      - "traefik.http.routers.dnpm-auth.tls=true"
  dnpm-portal:
-    image: ghcr.io/dnpm-dip/portal:{DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/portal:${DNPM_IMAGE_TAG:-latest}
    container_name: bridgehead-dnpm-portal
    environment:
      - NUXT_API_URL=http://dnpm-backend:9000/
@@ -58,7 +58,7 @@ services:
  dnpm-backend:
    container_name: bridgehead-dnpm-backend
-    image: ghcr.io/dnpm-dip/backend:{DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/api-gateway:latest
    environment:
      - LOCAL_SITE=${ZPM_SITE}:${SITE_NAME}   # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
      - RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
--- a/ccp/modules/mtba-compose.yml
+++ b/ccp/modules/mtba-compose.yml
@@ -2,7 +2,7 @@ version: "3.7"
 services:
  mtba:
-    image: docker.verbis.dkfz.de/cache/samply/mtba:develop
+    image: docker.verbis.dkfz.de/cache/samply/mtba:${MTBA_TAG}
    container_name: bridgehead-mtba
    environment:
      BLAZE_STORE_URL: http://blaze:8080
--- a/ccp/modules/teiler-compose.yml
+++ b/ccp/modules/teiler-compose.yml
@@ -19,7 +19,7 @@ services:
      HTTP_RELATIVE_PATH: "/ccp-teiler"
  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
--- a/dhki/docker-compose.yml
+++ b/dhki/docker-compose.yml
@@ -39,7 +39,7 @@ services:
      - "blaze"
  beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
--- a/dhki/vars
+++ b/dhki/vars
@@ -23,4 +23,5 @@ do
    source $module
 done
-transfairSetup
+transfairSetup
 scoutSetup
--- a/kr/docker-compose.yml
+++ b/kr/docker-compose.yml
@@ -40,7 +40,7 @@ services:
      - "blaze"
  beam-proxy:
-    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:develop
+    image: docker.verbis.dkfz.de/cache/samply/beam-proxy:${BEAM_TAG}
    container_name: bridgehead-beam-proxy
    environment:
      BROKER_URL: ${BROKER_URL}
--- a/kr/modules/teiler-compose.yml
+++ b/kr/modules/teiler-compose.yml
@@ -19,7 +19,7 @@ services:
      HTTP_RELATIVE_PATH: "/kr-teiler"
  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
+    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -54,7 +54,7 @@ checkOwner(){
 printUsage() {
 	echo "Usage: bridgehead start|stop|logs|docker-logs|is-running|update|install|uninstall|adduser|enroll PROJECTNAME"
-	echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki"
+	echo "PROJECTNAME should be one of ccp|bbmri|cce|itcc|kr|dhki|nngm"
 }
 checkRequirements() {
--- a/lib/prepare-system.sh
+++ b/lib/prepare-system.sh
@@ -55,9 +55,6 @@ case "$PROJECT" in
 	cce)
 		site_configuration_repository_middle="git.verbis.dkfz.de/cce-sites/"
 		;;
 	pscc)
 		site_configuration_repository_middle="git.verbis.dkfz.de/pscc-sites/"
 		;;
 	itcc)
 		site_configuration_repository_middle="git.verbis.dkfz.de/itcc-sites/"
        ;;
@@ -70,6 +67,9 @@ case "$PROJECT" in
 	dhki)
 		site_configuration_repository_middle="git.verbis.dkfz.de/dhki/"
 		;;
 	nngm)
 		site_configuration_repository_middle="git.verbis.dkfz.de/nngm/"
 		;;
 	minimal)
 		site_configuration_repository_middle="git.verbis.dkfz.de/minimal-bridgehead-configs/"
 		;;
--- a/minimal/docker-compose.yml
+++ b/minimal/docker-compose.yml
@@ -59,4 +59,3 @@ services:
      PROJECT: ${PROJECT}
      SITE_NAME: ${SITE_NAME}
      ENVIRONMENT: ${ENVIRONMENT}
    profiles: [deactivated]
--- a/minimal/modules/dnpm-node-compose.yml
+++ b/minimal/modules/dnpm-node-compose.yml
@@ -43,7 +43,7 @@ services:
      - "traefik.http.routers.dnpm-auth.tls=true"
  dnpm-portal:
-    image: ghcr.io/dnpm-dip/portal:{DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/portal:${DNPM_IMAGE_TAG:-latest}
    container_name: bridgehead-dnpm-portal
    environment:
      - NUXT_API_URL=http://dnpm-backend:9000/
@@ -58,7 +58,7 @@ services:
  dnpm-backend:
    container_name: bridgehead-dnpm-backend
-    image: ghcr.io/dnpm-dip/backend:{DNPM_IMAGE_TAG:-latest}
+    image: ghcr.io/dnpm-dip/api-gateway:latest
    environment:
      - LOCAL_SITE=${ZPM_SITE}:${SITE_NAME}   # Format: {Site-ID}:{Site-name}, e.g. UKT:Tübingen
      - RD_RANDOM_DATA=${DNPM_SYNTH_NUM:--1}
--- a/modules/scout-compose.yml
+++ b/modules/scout-compose.yml
@@ -0,0 +1,40 @@
 volumes:
  scout-blaze-data:
 services:
  traefik:
    labels:
      - "traefik.http.middlewares.additional-users-auth.basicauth.users=${SCOUT_BASIC_AUTH_USERS}"
  scout-blaze:
    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
    container_name: bridgehead-scout-blaze
    environment:
      BASE_URL: "http://bridgehead-scout-blaze:8080"
      ENFORCE_REFERENTIAL_INTEGRITY: "false"
    volumes:
      - "scout-blaze-data:/app/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.scout-blaze.rule=PathPrefix(`/scout-blaze`)"
      - "traefik.http.middlewares.scout-blaze-stripprefix.stripprefix.prefixes=/scout-blaze"
      - "traefik.http.services.scout-blaze.loadbalancer.server.port=8080"
      - "traefik.http.routers.scout-blaze.middlewares=scout-blaze-stripprefix,additional-users-auth"
      - "traefik.http.routers.scout-blaze.tls=true"
  scout:
    image: samply/scout:main
    container_name: bridgehead-scout
    configs:
      - scout.toml
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.scout.rule=PathPrefix(`/scout`)"
      - "traefik.http.services.scout.loadbalancer.server.port=8080"
      - "traefik.http.routers.scout.middlewares=additional-users-auth"
      - "traefik.http.routers.scout.tls=true"
 configs:
  scout.toml:
    content: |
      fhir_base_url = "http://scout-blaze:8080/fhir"
--- a/modules/scout-setup.sh
+++ b/modules/scout-setup.sh
@@ -0,0 +1,8 @@
 #!/bin/bash -e
 function scoutSetup() {
    if [[ -n "$ENABLE_SCOUT" && -n "$SCOUT_BASIC_AUTH_USERS" ]]; then
        echo "Starting scout."
 	    OVERRIDE+=" -f ./modules/scout-compose.yml"
    fi
 }
--- a/modules/transfair-compose.yml
+++ b/modules/transfair-compose.yml
@@ -10,7 +10,7 @@ services:
      - TTP_GW_SOURCE
      - TTP_GW_EPIX_DOMAIN
      - TTP_GW_GPAS_DOMAIN
-      - TTP_TYPE
+      - TTP_GW_GPAS_URL
      - TTP_AUTH
      - PROJECT_ID_SYSTEM
      - FHIR_REQUEST_URL=${FHIR_REQUEST_URL}
@@ -26,6 +26,7 @@ services:
      - TLS_DISABLE=${TRANSFAIR_TLS_DISABLE:-false}
      - NO_PROXY=${TRANSFAIR_NO_PROXIES}
      - ALL_PROXY=http://forward_proxy:3128
    command: dic ${TTP_TYPE}
    volumes:
      - /var/cache/bridgehead/${PROJECT}/transfair:/transfair
      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
--- a/nngm/docker-compose.yml
+++ b/nngm/docker-compose.yml
@@ -3,9 +3,9 @@ version: "3.7"
 services:
  blaze:
    image: docker.verbis.dkfz.de/cache/samply/blaze:${BLAZE_TAG}
-    container_name: bridgehead-pscc-blaze
+    container_name: bridgehead-nngm-blaze
    environment:
-      BASE_URL: "http://bridgehead-pscc-blaze:8080"
+      BASE_URL: "http://bridgehead-nngm-blaze:8080"
      JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
      DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
      DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
@@ -15,24 +15,27 @@ services:
      - "blaze-data:/app/data"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.blaze_pscc.rule=PathPrefix(`/pscc-localdatamanagement`)"
+      - "traefik.http.routers.blaze_nngm.rule=PathPrefix(`/nngm-localdatamanagement`)"
-      - "traefik.http.middlewares.pscc_b_strip.stripprefix.prefixes=/pscc-localdatamanagement"
+      - "traefik.http.middlewares.nngm_b_strip.stripprefix.prefixes=/nngm-localdatamanagement"
-      - "traefik.http.services.blaze_pscc.loadbalancer.server.port=8080"
+      - "traefik.http.services.blaze_nngm.loadbalancer.server.port=8080"
-      - "traefik.http.routers.blaze_pscc.middlewares=pscc_b_strip,auth"
+      - "traefik.http.routers.blaze_nngm.middlewares=nngm_b_strip,auth"
-      - "traefik.http.routers.blaze_pscc.tls=true"
+      - "traefik.http.routers.blaze_nngm.tls=true"
  focus:
-    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
+    image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}-dktk
    container_name: bridgehead-focus
    environment:
      API_KEY: ${FOCUS_BEAM_SECRET_SHORT}
      BEAM_APP_ID_LONG: focus.${PROXY_ID}
      PROXY_ID: ${PROXY_ID}
-      BLAZE_URL: "http://bridgehead-pscc-blaze:8080/fhir/"
+      BLAZE_URL: "http://bridgehead-nngm-blaze:8080/fhir/"
      BEAM_PROXY_URL: http://beam-proxy:8081
      RETRY_COUNT: ${FOCUS_RETRY_COUNT}
      EPSILON: 0.28
      QUERIES_TO_CACHE: '/queries_to_cache.conf'
      ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
    volumes:
      - /srv/docker/bridgehead/nngm/queries_to_cache.conf:/queries_to_cache.conf:ro
    depends_on:
      - "beam-proxy"
      - "blaze"
@@ -54,8 +57,7 @@ services:
      - "forward_proxy"
    volumes:
      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-      - /srv/docker/bridgehead/pscc/root.crt.pem:/conf/root.crt.pem:ro
+      - /srv/docker/bridgehead/nngm/root.crt.pem:/conf/root.crt.pem:ro
 volumes:
  blaze-data:
--- a/nngm/modules/exporter-compose.yml
+++ b/nngm/modules/exporter-compose.yml
@@ -0,0 +1,72 @@
 version: "3.7"
 services:
  exporter:
    image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
    container_name: bridgehead-nngm-exporter
    environment:
      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
      LOG_LEVEL: "INFO"
      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
      CROSS_ORIGINS: "https://${HOST}"
      EXPORTER_DB_USER: "exporter"
      EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
      EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
      HTTP_RELATIVE_PATH: "/nngm-exporter"
      SITE: "${SITE_ID}"
      HTTP_SERVLET_REQUEST_SCHEME: "https"
      OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.exporter_nngm.rule=PathPrefix(`/nngm-exporter`)"
      - "traefik.http.services.exporter_nngm.loadbalancer.server.port=8092"
      - "traefik.http.routers.exporter_nngm.tls=true"
      - "traefik.http.middlewares.exporter_nngm_strip.stripprefix.prefixes=/nngm-exporter"
      - "traefik.http.routers.exporter_nngm.middlewares=exporter_nngm_strip"
    volumes:
      - "/var/cache/bridgehead/nngm/exporter-files:/app/exporter-files/output"
  exporter-db:
    image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
    container_name: bridgehead-nngm-exporter-db
    environment:
      POSTGRES_USER: "exporter"
      POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
      POSTGRES_DB: "exporter"
    volumes:
      # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
      - "/var/cache/bridgehead/nngm/exporter-db:/var/lib/postgresql/data"
  reporter:
    image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
    container_name: bridgehead-nngm-reporter
    environment:
      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
      LOG_LEVEL: "INFO"
      CROSS_ORIGINS: "https://${HOST}"
      HTTP_RELATIVE_PATH: "/nngm-reporter"
      SITE: "${SITE_ID}"
      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
      EXPORTER_URL: "http://exporter:8092"
      LOG_FHIR_VALIDATION: "false"
      HTTP_SERVLET_REQUEST_SCHEME: "https"
    # In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
    # However, in the first executions in the CCP sites, this volume seems to be very important. A report is
    # a process that can take several hours, because it depends on the exporter.
    # There is a risk that the bridgehead restarts, losing the already created export.
    volumes:
      - "/var/cache/bridgehead/nngm/reporter-files:/app/reports"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.reporter_nngm.rule=PathPrefix(`/nngm-reporter`)"
      - "traefik.http.services.reporter_nngm.loadbalancer.server.port=8095"
      - "traefik.http.routers.reporter_nngm.tls=true"
      - "traefik.http.middlewares.reporter_nngm_strip.stripprefix.prefixes=/nngm-reporter"
      - "traefik.http.routers.reporter_nngm.middlewares=reporter_nngm_strip"
  focus:
    environment:
      EXPORTER_URL: "http://exporter:8092"
      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
--- a/nngm/modules/exporter-setup.sh
+++ b/nngm/modules/exporter-setup.sh
@@ -0,0 +1,8 @@
 #!/bin/bash -e
 if [ "$ENABLE_EXPORTER" == true ]; then
  log INFO "Exporter setup detected -- will start Exporter service."
  OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
  EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
  EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
 fi
--- a/nngm/modules/teiler-compose.yml
+++ b/nngm/modules/teiler-compose.yml
@@ -0,0 +1,73 @@
 version: "3.7"
 services:
  teiler-orchestrator:
    image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest
    container_name: bridgehead-teiler-orchestrator
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.teiler_orchestrator_nngm.rule=PathPrefix(`/nngm-teiler`)"
      - "traefik.http.services.teiler_orchestrator_nngm.loadbalancer.server.port=9000"
      - "traefik.http.routers.teiler_orchestrator_nngm.tls=true"
      - "traefik.http.middlewares.teiler_orchestrator_nngm_strip.stripprefix.prefixes=/nngm-teiler"
      - "traefik.http.routers.teiler_orchestrator_nngm.middlewares=teiler_orchestrator_nngm_strip"
    environment:
      TEILER_BACKEND_URL: "/nngm-teiler-backend"
      TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard"
      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
      HTTP_RELATIVE_PATH: "/nngm-teiler"
  teiler-dashboard:
    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:${TEILER_DASHBOARD_TAG}
    container_name: bridgehead-teiler-dashboard
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.teiler_dashboard_nngm.rule=PathPrefix(`/nngm-teiler-dashboard`)"
      - "traefik.http.services.teiler_dashboard_nngm.loadbalancer.server.port=80"
      - "traefik.http.routers.teiler_dashboard_nngm.tls=true"
      - "traefik.http.middlewares.teiler_dashboard_nngm_strip.stripprefix.prefixes=/nngm-teiler-dashboard"
      - "traefik.http.routers.teiler_dashboard_nngm.middlewares=teiler_dashboard_nngm_strip"
    environment:
      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
      TEILER_BACKEND_URL: "/nngm-teiler-backend"
      TEILER_DASHBOARD_URL: "/nngm-teiler-dashboard"
      OIDC_URL: "${OIDC_URL}"
      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
      TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
      TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
      TEILER_PROJECT: "${PROJECT}"
      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
      TEILER_ORCHESTRATOR_URL: "/nngm-teiler"
      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler"
      TEILER_USER: "${OIDC_USER_GROUP}"
      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
      REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
      EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
 # TODO: Replace dktk-teiler-backend with nngm-teiler-backend
  teiler-backend:
    image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
    container_name: bridgehead-teiler-backend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.teiler_backend_nngm.rule=PathPrefix(`/nngm-teiler-backend`)"
      - "traefik.http.services.teiler_backend_nngm.loadbalancer.server.port=8085"
      - "traefik.http.routers.teiler_backend_nngm.tls=true"
      - "traefik.http.middlewares.teiler_backend_nngm_strip.stripprefix.prefixes=/nngm-teiler-backend"
      - "traefik.http.routers.teiler_backend_nngm.middlewares=teiler_backend_nngm_strip"
    environment:
      LOG_LEVEL: "INFO"
      APPLICATION_PORT: "8085"
      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/nngm-teiler"
      TEILER_ORCHESTRATOR_URL: "/nngm-teiler"
      TEILER_DASHBOARD_DE_URL: "/nngm-teiler-dashboard/de"
      TEILER_DASHBOARD_EN_URL: "/nngm-teiler-dashboard/en"
      HTTP_PROXY: "http://forward_proxy:3128"
      ENABLE_MTBA: "${ENABLE_MTBA}"
      ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
      IDMANAGER_UPLOAD_APIKEY: "${IDMANAGER_UPLOAD_APIKEY}" # Only used to check if the ID Manager is active
--- a/nngm/modules/teiler-setup.sh
+++ b/nngm/modules/teiler-setup.sh
@@ -0,0 +1,8 @@
 #!/bin/bash -e
 if [ "$ENABLE_TEILER" == true ];then
  log INFO "Teiler setup detected -- will start Teiler services."
  OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
  TEILER_DEFAULT_LANGUAGE=DE
  TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
 fi
--- a/nngm/queries_to_cache.conf
+++ b/nngm/queries_to_cache.conf
--- a/nngm/root.crt.pem
+++ b/nngm/root.crt.pem
@@ -0,0 +1,20 @@
 -----BEGIN CERTIFICATE-----
 MIIDNTCCAh2gAwIBAgIUN7yzueIZzwpe8PaPEIMY8zoH+eMwDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjMwNTIzMTAxNzIzWhcNMzMw
 NTIwMTAxNzUzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAN5JAj+HydSGaxvA0AOcrXVTZ9FfsH0cMVBlQb72
 bGZgrRvkqtB011TNXZfsHl7rPxCY61DcsDJfFq3+8VHT+S9HE0qV1bEwP+oA3xc4
 Opq77av77cNNOqDC7h+jyPhHcUaE33iddmrH9Zn2ofWTSkKHHu3PAe5udCrc2QnD
 4PLRF6gqiEY1mcGknJrXj1ff/X0nRY/m6cnHNXz0Cvh8oPOtbdfGgfZjID2/fJNP
 fNoNKqN+5oJAZ+ZZ9id9rBvKj1ivW3F2EoGjZF268SgZzc5QrM/D1OpSBQf5SF/V
 qUPcQTgt9ry3YR+SZYazLkfKMEOWEa0WsqJVgXdQ6FyergcCAwEAAaN7MHkwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEa70kcseqU5
 bHx2zSt4bG21HokhMB8GA1UdIwQYMBaAFEa70kcseqU5bHx2zSt4bG21HokhMBYG
 A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCGmE7NXW4T
 6J4mV3b132cGEMD7grx5JeiXK5EHMlswUS+Odz0NcBNzhUHdG4WVMbrilHbI5Ua+
 6jdKx5WwnqzjQvElP0MCw6sH/35gbokWgk1provOP99WOFRsQs+9Sm8M2XtMf9HZ
 m3wABwU/O+dhZZ1OT1PjSZD0OKWKqH/KvlsoF5R6P888KpeYFiIWiUNS5z21Jm8A
 ZcllJjiRJ60EmDwSUOQVJJSMOvtr6xTZDZLtAKSN8zN08lsNGzyrFwqjDwU0WTqp
 scMXEGBsWQjlvxqDnXyljepR0oqRIjOvgrWaIgbxcnu98tK/OdBGwlAPKNUW7Crr
 vO+eHxl9iqd4
 -----END CERTIFICATE-----
--- a/nngm/vars
+++ b/nngm/vars
@@ -0,0 +1,36 @@
 # TODO: Replace after getting FQDN from ITCF
 # BROKER_ID=broker.nngm.dktk.dkfz.de
 # BROKER_URL=https://${BROKER_ID}
 BROKER_ID=e260-nngm-lens.inet.dkfz-heidelberg.de
 BROKER_URL=http://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 # TODO: Add real nNGM-Support email
 SUPPORT_EMAIL=support-nngm@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 # TODO: Replace with nNGM OIDC Server
 OIDC_USER_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})"
 OIDC_ADMIN_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_Verwalter"
 OIDC_PSP_GROUP="NNGM_$(capitalize_first_letter ${SITE_ID})_PSP"
 OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
 OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
 OIDC_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PUBLIC_CLIENT_ID}/"
 OIDC_PRIVATE_URL="https://sso.verbis.dkfz.de/application/o/${OIDC_PRIVATE_CLIENT_ID}/"
 OIDC_GROUP_CLAIM="groups"
 for module in $PROJECT/modules/*.sh
 do
    log DEBUG "sourcing $module"
    source $module
 done
 for module in modules/*.sh
 do
    log DEBUG "sourcing $module"
    source $module
 done
--- a/pscc/modules/lens-compose.yml
+++ b/pscc/modules/lens-compose.yml
@@ -1,34 +0,0 @@
 version: "3.7"
 services:
  landing:
    container_name: lens_federated-search
    image: docker.verbis.dkfz.de/dashboard/pscc-explorer
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
      - "traefik.http.services.landing.loadbalancer.server.port=5173"
      - "traefik.http.routers.landing.middlewares=auth"
      - "traefik.http.routers.landing.tls=true"
 #  spot:
 #    image: docker.verbis.dkfz.de/ccp-private/central-spot
 #    environment:
 #      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
 #      BEAM_URL: http://beam-proxy:8081
 #      BEAM_PROXY_ID: ${SITE_ID}
 #      BEAM_BROKER_ID: ${BROKER_ID}
 #      BEAM_APP_ID: "focus"
 #      PROJECT_METADATA: "cce_supervisors"
 #    depends_on:
 #      - "beam-proxy"
 #    labels:
 #      - "traefik.enable=true"
 #      - "traefik.http.services.spot.loadbalancer.server.port=8080"
 #      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
 #      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
 #      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
 #      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
 #      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
 #      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
 #      - "traefik.http.routers.spot.tls=true"
 #      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"
--- a/pscc/modules/lens-setup.sh
+++ b/pscc/modules/lens-setup.sh
@@ -1,5 +0,0 @@
 #!/bin/bash
 if [ -n "$ENABLE_LENS" ];then
  OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
 fi
--- a/pscc/root.crt.pem
+++ b/pscc/root.crt.pem
@@ -1,20 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
 BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
 MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
 TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
 OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
 XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
 pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
 K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
 poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
 A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
 AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
 fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
 3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
 n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
 7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
 Rtup0MTxSJtN
 -----END CERTIFICATE-----
--- a/pscc/vars
+++ b/pscc/vars
@@ -1,14 +0,0 @@
 BROKER_ID=test-no-real-data.broker.samply.de
 BROKER_URL=https://${BROKER_ID}
 PROXY_ID=${SITE_ID}.${BROKER_ID}
 FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 SUPPORT_EMAIL=denis.koether@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 for module in $PROJECT/modules/*.sh
 do
    log DEBUG "sourcing $module"
    source $module
 done
--- a/versions/acceptance
+++ b/versions/acceptance
@@ -1,4 +1,6 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
 BLAZE_TAG=main
-POSTGRES_TAG=15.13-alpine
+POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
 MTBA_TAG=develop
--- a/versions/prod
+++ b/versions/prod
@@ -1,4 +1,6 @@
 FOCUS_TAG=main
 BEAM_TAG=main
 BLAZE_TAG=0.32
-POSTGRES_TAG=15.13-alpine
+POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=main
 MTBA_TAG=main
--- a/versions/test
+++ b/versions/test
@@ -1,4 +1,6 @@
 FOCUS_TAG=develop
 BEAM_TAG=develop
 BLAZE_TAG=main
-POSTGRES_TAG=15.13-alpine
+POSTGRES_TAG=15.13-alpine
 TEILER_DASHBOARD_TAG=develop
 MTBA_TAG=develop
Author	SHA1	Message	Date
David Juarez	529f894dae	fix: add nngm to prepare-system script	2025-09-12 15:09:02 +02:00
David Juarez	30648a8fd6	fix: add nngm to bridgehead script	2025-09-12 15:06:46 +02:00
David Juarez	1a37930ec9	feat: nngm broker id and url	2025-09-12 14:51:55 +02:00
David Juarez	d643888157	feat: nNGM project	2025-09-12 14:32:45 +02:00
Tim Schumacher	8a35785a24	feat: add scout module (#339 )	2025-09-02 13:23:34 +02:00
Jan	e0754853d8	feat(dnpm): change to new `api-gateway` image (#337 )	2025-08-19 16:35:52 +02:00
Jan	4407a87644	chore: add more options to transfair (#325 )	2025-08-19 16:32:41 +02:00
Jan	d0851d80a0	fix: adapt to transfair cli changes (#319 )	2025-08-19 15:48:05 +02:00
djuarezgf	ada3226044	Replace hardcoded image: ...:develop references with version variables (#335 ) * added: Teiler Dashboard Version * added: MTBA Version * added: beam proxy tag version	2025-07-30 11:21:10 +02:00
Paul-Christian Volkmer	a2e7330cee	docs: Add ghcr.io to URL list (#321 )	2025-07-25 10:58:56 +02:00
Jan	9c8d0ee8f5	fix(dnpm): fix env subsitution (#333 )	2025-07-25 10:58:07 +02:00
djuarezgf	fcad7104f0	mtba: fallback to keycloak test server pending migration	2025-07-23 09:53:14 +02:00
djuarezgf	7e13e251f8	feat: migrate PSP to Authentik (#329 )	2025-07-22 11:34:49 +02:00
Jan	2cfdc3ac3e	feat(dnpm): allow setting custom dnpm image tag (#326 )	2025-07-07 15:36:14 +02:00
djuarezgf	43b24c2a62	Fixed: Authentik URL for Opal (#328 ) * Fixed: Authentik URL for Opal * Removed: Unnecessary OIDC config in CCE and BBMRI * KR with basic auth instead of OIDC	2025-07-07 15:35:54 +02:00
djuarezgf	8414604257	feat: migrate OIDC Configuration from Keycloak to Authentik (#327 ) * Change: Authentik instead of Keycloak in CCP Co-authored-by: Jan <59206115+Threated@users.noreply.github.com> --------- Co-authored-by: Jan <59206115+Threated@users.noreply.github.com>	2025-07-04 14:26:19 +02:00