refactor: put all modules in a common directory to remove redundancy

cce/modules/lens-compose.yml

@@ -1,33 +0,0 @@
-version: "3.7"
-services:
-  landing:
-    container_name: lens_federated-search
-    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.services.landing.loadbalancer.server.port=80"
-      - "traefik.http.routers.landing.tls=true"
-
-  spot:
-    image: docker.verbis.dkfz.de/ccp-private/central-spot
-    environment:
-      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
-      BEAM_URL: http://beam-proxy:8081
-      BEAM_PROXY_ID: ${SITE_ID}
-      BEAM_BROKER_ID: ${BROKER_ID}
-      BEAM_APP_ID: "focus"
-      PROJECT_METADATA: "cce_supervisors"
-    depends_on:
-      - "beam-proxy"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.spot.loadbalancer.server.port=8080"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
-      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
-      - "traefik.http.routers.spot.tls=true"
-      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"

cce/modules/lens-setup.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-if [ -n "$ENABLE_LENS" ];then
-  OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
-fi

cce/vars

@@ -7,7 +7,7 @@ SUPPORT_EMAIL=manoj.waikar@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 
-for module in $PROJECT/modules/*.sh
+for module in common/*.sh
 do
     log DEBUG "sourcing $module"
     source $module

ccp/modules/exporter-setup.sh

@@ -1,8 +0,0 @@
-#!/bin/bash -e
-
-if [ "$ENABLE_EXPORTER" == true ]; then
-  log INFO "Exporter setup detected -- will start Exporter service."
-  OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
-  EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
-  EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
-fi

ccp/modules/teiler-setup.sh

@@ -1,9 +0,0 @@
-#!/bin/bash -e
-
-if [ "$ENABLE_TEILER" == true ];then
-  log INFO "Teiler setup detected -- will start Teiler services."
-  OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
-  TEILER_DEFAULT_LANGUAGE=DE
-  TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
-  add_public_oidc_redirect_url "/ccp-teiler/*"
-fi

ccp/vars

@@ -20,7 +20,7 @@ OIDC_GROUP_CLAIM="groups"
 
 POSTGRES_TAG=15.6-alpine
 
-for module in $PROJECT/modules/*.sh
+for module in common/*.sh
 do
     log DEBUG "sourcing $module"
     source $module

common/blaze-secondary-setup.sh

@@ -3,7 +3,7 @@
 function blazeSecondarySetup() {
   if [ -n "$ENABLE_SECONDARY_BLAZE" ]; then
     log INFO "Secondary Blaze setup detected -- will start second blaze."
-    OVERRIDE+=" -f ./$PROJECT/modules/blaze-secondary-compose.yml"
+    OVERRIDE+=" -f ./common/blaze-secondary-compose.yml"
     #make oBDS2FHIR ignore ID-Management and replace target Blaze
     PATIENTLIST_URL=" "
     STORE_PATH="http://blaze-secondary:8080/fhir"

common/datashield-compose.yml

@@ -121,38 +121,42 @@ services:
   oauth2-proxy:
     image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
     container_name: bridgehead-oauth2proxy
-    environment:
+    command: >-
-      - http_proxy=http://forward_proxy:3128
+      --allowed-group=DataSHIELD
-      - https_proxy=http://forward_proxy:3128
+      --oidc-groups-claim=${OIDC_GROUP_CLAIM}
-      - OAUTH2_PROXY_ALLOWED_GROUPS=DataSHIELD
+      --auth-logging=true
-      - OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
+      --whitelist-domain=${HOST}
-      - OAUTH2_PROXY_WHITELIST_DOMAIN=${HOST}
+      --http-address="0.0.0.0:4180"
-      - OAUTH2_PROXY_HTTP_ADDRESS=:4180
+      --reverse-proxy=true
-      - OAUTH2_PROXY_REVERSE_PROXY=true
+      --upstream="static://202"
-      - OAUTH2_PROXY_UPSTREAMS=static://202
+      --email-domain="*"
-      - OAUTH2_PROXY_EMAIL_DOMAINS=*
+      --cookie-name="_BRIDGEHEAD_oauth2"
-      - OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2
+      --cookie-secret="${OAUTH2_PROXY_SECRET}"
-      - OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_SECRET}
+      --cookie-expire="12h"
-      - OAUTH2_PROXY_COOKIE_EXPIRE=12h
+      --cookie-secure="true"
+      --cookie-httponly="true"
       #OIDC settings
-      - OAUTH2_PROXY_PROVIDER=keycloak-oidc
+      --provider="keycloak-oidc"
-      - OAUTH2_PROXY_PROVIDER_DISPLAY_NAME="VerbIS Login"
+      --provider-display-name="VerbIS Login"
-      - OAUTH2_PROXY_CLIENT_ID=${OIDC_PRIVATE_CLIENT_ID}
+      --client-id="${OIDC_PRIVATE_CLIENT_ID}"
-      - OAUTH2_PROXY_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
+      --client-secret="${OIDC_CLIENT_SECRET}"
-      - OAUTH2_PROXY_REDIRECT_URL="https://${HOST}${OAUTH2_CALLBACK}"
+      --redirect-url="https://${HOST}${OAUTH2_CALLBACK}"
-      - OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_ISSUER_URL}
+      --oidc-issuer-url="${OIDC_ISSUER_URL}"
-      - OAUTH2_PROXY_SCOPE=openid profile email
+      --scope="openid email profile"
-      - OAUTH2_PROXY_CODE_CHALLENGE_METHOD=true
+      --code-challenge-method="S256"
-      - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
+      --skip-provider-button=true
       #X-Forwarded-Header settings - true/false depending on your needs
-      - OAUTH2_PROXY_PASS_BASIC_AUTH=true
+      --pass-basic-auth=true
-      - OAUTH2_PROXY_PASS_USER_HEADERS=false
+      --pass-user-headers=false
-      - OAUTH2_PROXY_ACCESS_TOKEN=false
+      --pass-access-token=false
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.oauth2_proxy.rule=PathPrefix(`/oauth2`)"
+      - "traefik.http.routers.oauth2_proxy.rule=Host(`${HOST}`) && PathPrefix(`/oauth2`)"
       - "traefik.http.services.oauth2_proxy.loadbalancer.server.port=4180"
       - "traefik.http.routers.oauth2_proxy.tls=true"
+    environment:
+      http_proxy: "http://forward_proxy:3128"
+      https_proxy: "http://forward_proxy:3128"
     depends_on:
       forward_proxy:
         condition: service_healthy

common/datashield-setup.sh

@@ -10,7 +10,7 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
   add_private_oidc_redirect_url "${OAUTH2_CALLBACK}"
 
   log INFO "DataSHIELD setup detected -- will start DataSHIELD services."
-  OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
+  OVERRIDE+=" -f ./common/datashield-compose.yml"
   EXPORTER_OPAL_PASSWORD="$(generate_password \"exporter in Opal\")"
   TOKEN_MANAGER_OPAL_PASSWORD="$(generate_password \"Token Manager in Opal\")"
   OPAL_DB_PASSWORD="$(echo \"Opal DB\" | generate_simple_password)"
@@ -23,7 +23,7 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
     openssl req -x509 -newkey rsa:4096 -nodes -keyout /tmp/bridgehead/opal-key.pem -out /tmp/bridgehead/opal-cert.pem -days 3650 -subj "/CN=opal/C=DE"
   fi
   mkdir -p /tmp/bridgehead/opal-map
-  sites="$(cat ./$PROJECT/modules/datashield-sites.json)"
+  sites="$(cat ./common/datashield-sites.json)"
   echo "$sites" | docker_jq -n --args '{"sites": input | map({
     "name": .,
     "id": .,

common/datashield-sites.json

@@ -0,0 +1,15 @@
+[
+    "berlin",
+    "muenchen-lmu",
+    "dresden",
+    "freiburg",
+    "muenchen-tum",
+    "tuebingen",
+    "mainz",
+    "frankfurt",
+    "essen",
+    "dktk-datashield-test",
+    "dktk-test",
+    "mannheim",
+    "central-ds-orchestrator"
+]

common/dnpm-node-setup.sh

@@ -2,7 +2,7 @@
 
 if [ -n "${ENABLE_DNPM_NODE}" ]; then
 	log INFO "DNPM setup detected (BwHC Node) -- will start BwHC node."
-	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-node-compose.yml"
+	OVERRIDE+=" -f ./common/dnpm-node-compose.yml"
 
 	# Set variables required for BwHC Node. ZPM_SITE is assumed to be set in /etc/bridgehead/<project>.conf
 	DNPM_APPLICATION_SECRET="$(echo \"This is a salt string to generate one consistent password for DNPM. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"

common/dnpm-setup.sh

@@ -2,7 +2,7 @@
 
 if [ -n "${ENABLE_DNPM}" ]; then
 	log INFO "DNPM setup detected (Beam.Connect) -- will start Beam.Connect for DNPM."
-	OVERRIDE+=" -f ./$PROJECT/modules/dnpm-compose.yml"
+	OVERRIDE+=" -f ./common/dnpm-compose.yml"
 
 	# Set variables required for Beam-Connect
 	DNPM_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"

common/exporter-setup.sh

@@ -2,7 +2,7 @@
 
 if [ "$ENABLE_EXPORTER" == true ]; then
   log INFO "Exporter setup detected -- will start Exporter service."
-  OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
+  OVERRIDE+=" -f ./common/exporter-compose.yml"
   EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
   EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
 fi

common/fhir2sql-setup.sh

@@ -2,6 +2,6 @@
 
 if [ "$ENABLE_FHIR2SQL" == true ]; then
   log INFO "Dashboard setup detected -- will start Dashboard backend and FHIR2SQL service."
-  OVERRIDE+=" -f ./$PROJECT/modules/fhir2sql-compose.yml"
+  OVERRIDE+=" -f ./common/fhir2sql-compose.yml"
   DASHBOARD_DB_PASSWORD="$(generate_simple_password 'fhir2sql')"
 fi

common/id-management-compose.yml

@@ -19,18 +19,10 @@ services:
       - traefik-forward-auth
     labels:
       - "traefik.enable=true"
-      # Router with Authentication
       - "traefik.http.routers.id-manager.rule=PathPrefix(`/id-manager`)"
+      - "traefik.http.services.id-manager.loadbalancer.server.port=8080"
       - "traefik.http.routers.id-manager.tls=true"
       - "traefik.http.routers.id-manager.middlewares=traefik-forward-auth-idm"
-      - "traefik.http.routers.id-manager.service=id-manager-service"
-      # Router without Authentication
-      - "traefik.http.routers.id-manager-compatibility.rule=PathPrefix(`/id-manager/paths/translator/getIds`)"
-      - "traefik.http.routers.id-manager-compatibility.tls=true"
-      - "traefik.http.routers.id-manager-compatibility.service=id-manager-service"
-      # Definition of Service
-      - "traefik.http.services.id-manager-service.loadbalancer.server.port=8080"
-      - "traefik.http.services.id-manager-service.loadbalancer.server.scheme=http"
 
   patientlist:
     image: docker.verbis.dkfz.de/bridgehead/mainzelliste
@@ -65,7 +57,7 @@ services:
       - "/tmp/bridgehead/patientlist/:/docker-entrypoint-initdb.d/"
 
   traefik-forward-auth:
-    image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:latest
+    image: docker.verbis.dkfz.de/cache/oauth2-proxy/oauth2-proxy:v7.6.0
     environment:
       - http_proxy=http://forward_proxy:3128
       - https_proxy=http://forward_proxy:3128
@@ -75,7 +67,6 @@ services:
       - OAUTH2_PROXY_CLIENT_ID=bridgehead-${SITE_ID}
       - OAUTH2_PROXY_CLIENT_SECRET=${IDMANAGER_AUTH_CLIENT_SECRET}
       - OAUTH2_PROXY_COOKIE_SECRET=${IDMANAGER_AUTH_COOKIE_SECRET}
-      - OAUTH2_PROXY_COOKIE_NAME=_BRIDGEHEAD_oauth2_idm
       - OAUTH2_PROXY_COOKIE_DOMAINS=.${HOST}
       - OAUTH2_PROXY_HTTP_ADDRESS=:4180
       - OAUTH2_PROXY_REVERSE_PROXY=true

common/id-management-setup.sh

@@ -3,7 +3,7 @@
 function idManagementSetup() {
 	if [ -n "$IDMANAGER_UPLOAD_APIKEY" ]; then
 		log INFO "id-management setup detected -- will start id-management (mainzelliste & magicpl)."
-		OVERRIDE+=" -f ./ccp/modules/id-management-compose.yml"
+		OVERRIDE+=" -f ./common/id-management-compose.yml"
 
 		# Auto Generate local Passwords
 		PATIENTLIST_POSTGRES_PASSWORD="$(echo \"id-management-module-db-password-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"

common/lens-setup.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+if [ -n "$ENABLE_LENS" ];then
+  OVERRIDE+=" -f ./common/lens-compose.yml"
+fi

common/mtba-setup.sh

@@ -6,7 +6,7 @@ function mtbaSetup() {
     if [ ! -n "$IDMANAGER_UPLOAD_APIKEY" ]; then
       log ERROR "Missing ID-Management Module! Fix this by setting up ID Management:"
     fi
-    OVERRIDE+=" -f ./$PROJECT/modules/mtba-compose.yml"
+    OVERRIDE+=" -f ./common/mtba-compose.yml"
     add_private_oidc_redirect_url "/mtba/*"
   fi
 }

common/nngm-setup.sh

@@ -2,5 +2,5 @@
 
 if [ -n "$NNGM_CTS_APIKEY" ]; then
   log INFO "nNGM setup detected -- will start nNGM Connector."
-  OVERRIDE+=" -f ./$PROJECT/modules/nngm-compose.yml"
+  OVERRIDE+=" -f ./common/nngm-compose.yml"
 fi

common/obds2fhir-rest-setup.sh

@@ -7,7 +7,7 @@ function obds2fhirRestSetup() {
       log ERROR "Missing ID-Management Module! Fix this by setting up ID Management:"
       PATIENTLIST_URL=" "
     fi
-    OVERRIDE+=" -f ./ccp/modules/obds2fhir-rest-compose.yml"
+    OVERRIDE+=" -f ./common/obds2fhir-rest-compose.yml"
     LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
   fi
 }

common/teiler-setup.sh

@@ -2,7 +2,7 @@
 
 if [ "$ENABLE_TEILER" == true ];then
   log INFO "Teiler setup detected -- will start Teiler services."
-  OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
+  OVERRIDE+=" -f ./common/teiler-compose.yml"
   TEILER_DEFAULT_LANGUAGE=DE
   TEILER_DEFAULT_LANGUAGE_LOWER_CASE=${TEILER_DEFAULT_LANGUAGE,,}
   add_public_oidc_redirect_url "/ccp-teiler/*"

dhki/vars

@@ -10,7 +10,7 @@ BROKER_URL_FOR_PREREQ=$BROKER_URL
 
 POSTGRES_TAG=15.6-alpine
 
-for module in ccp/modules/*.sh
+for module in common/*.sh
 do
     log DEBUG "sourcing $module"
     source $module

itcc/modules/lens-setup.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-if [ -n "$ENABLE_LENS" ];then
-  OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
-fi

itcc/vars

@@ -7,7 +7,7 @@ SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 
-for module in $PROJECT/modules/*.sh
+for module in common/*.sh
 do
     log DEBUG "sourcing $module"
     source $module

kr/modules/exporter-compose.yml

@@ -1,67 +0,0 @@
-version: "3.7"
-
-services:
-  exporter:
-    image: docker.verbis.dkfz.de/ccp/dktk-exporter:latest
-    container_name: bridgehead-ccp-exporter
-    environment:
-      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
-      LOG_LEVEL: "INFO"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
-      CROSS_ORIGINS: "https://${HOST}"
-      EXPORTER_DB_USER: "exporter"
-      EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
-      EXPORTER_DB_URL: "jdbc:postgresql://exporter-db:5432/exporter"
-      HTTP_RELATIVE_PATH: "/ccp-exporter"
-      SITE: "${SITE_ID}"
-      HTTP_SERVLET_REQUEST_SCHEME: "https"
-      OPAL_PASSWORD: "${EXPORTER_OPAL_PASSWORD}"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.exporter_ccp.rule=PathPrefix(`/ccp-exporter`)"
-      - "traefik.http.services.exporter_ccp.loadbalancer.server.port=8092"
-      - "traefik.http.routers.exporter_ccp.tls=true"
-      - "traefik.http.middlewares.exporter_ccp_strip.stripprefix.prefixes=/ccp-exporter"
-      - "traefik.http.routers.exporter_ccp.middlewares=exporter_ccp_strip"
-    volumes:
-      - "/var/cache/bridgehead/ccp/exporter-files:/app/exporter-files/output"
-
-  exporter-db:
-    image: docker.verbis.dkfz.de/cache/postgres:${POSTGRES_TAG}
-    container_name: bridgehead-ccp-exporter-db
-    environment:
-      POSTGRES_USER: "exporter"
-      POSTGRES_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
-      POSTGRES_DB: "exporter"
-    volumes:
-      # Consider removing this volume once we find a solution to save Lens-queries to be executed in the explorer.
-      - "/var/cache/bridgehead/ccp/exporter-db:/var/lib/postgresql/data"
-
-  reporter:
-    image: docker.verbis.dkfz.de/ccp/dktk-reporter:latest
-    container_name: bridgehead-ccp-reporter
-    environment:
-      JAVA_OPTS: "-Xms1G -Xmx8G -XX:+UseG1GC"
-      LOG_LEVEL: "INFO"
-      CROSS_ORIGINS: "https://${HOST}"
-      HTTP_RELATIVE_PATH: "/ccp-reporter"
-      SITE: "${SITE_ID}"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
-      EXPORTER_URL: "http://exporter:8092"
-      LOG_FHIR_VALIDATION: "false"
-      HTTP_SERVLET_REQUEST_SCHEME: "https"
-
-    # In this initial development state of the bridgehead, we are trying to have so many volumes as possible.
-    # However, in the first executions in the CCP sites, this volume seems to be very important. A report is
-    # a process that can take several hours, because it depends on the exporter.
-    # There is a risk that the bridgehead restarts, losing the already created export.
-
-    volumes:
-      - "/var/cache/bridgehead/ccp/reporter-files:/app/reports"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.reporter_ccp.rule=PathPrefix(`/ccp-reporter`)"
-      - "traefik.http.services.reporter_ccp.loadbalancer.server.port=8095"
-      - "traefik.http.routers.reporter_ccp.tls=true"
-      - "traefik.http.middlewares.reporter_ccp_strip.stripprefix.prefixes=/ccp-reporter"
-      - "traefik.http.routers.reporter_ccp.middlewares=reporter_ccp_strip"

kr/modules/exporter.md

@@ -1,15 +0,0 @@
-# Exporter and Reporter
-
-
-## Exporter
-The exporter is a REST API that exports the data of the different databases of the bridgehead in a set of tables.
-It can accept different output formats as CSV, Excel, JSON or XML. It can also export data into Opal.
-
-## Exporter-DB
-It is a database to save queries for its execution in the exporter. 
-The exporter manages also the different executions of the same query in through the database.
-
-## Reporter
-This component is a plugin of the exporter that allows to create more complex Excel reports described in templates.
-It is compatible with different template engines as Groovy, Thymeleaf,...
-It is perfect to generate a document as our traditional CCP quality report.

kr/modules/lens-compose.yml

@@ -1,33 +0,0 @@
-version: "3.7"
-services:
-  landing:
-    container_name: lens_federated-search
-    image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.landing.rule=PathPrefix(`/`)"
-      - "traefik.http.services.landing.loadbalancer.server.port=80"
-      - "traefik.http.routers.landing.tls=true"
-
-  spot:
-    image: docker.verbis.dkfz.de/ccp-private/central-spot
-    environment:
-      BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
-      BEAM_URL: http://beam-proxy:8081
-      BEAM_PROXY_ID: ${SITE_ID}
-      BEAM_BROKER_ID: ${BROKER_ID}
-      BEAM_APP_ID: "focus"
-      PROJECT_METADATA: "kr_supervisors"
-    depends_on:
-      - "beam-proxy"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.spot.loadbalancer.server.port=8080"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
-      - "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
-      - "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
-      - "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
-      - "traefik.http.routers.spot.tls=true"
-      - "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"

kr/modules/lens-setup.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-if [ -n "$ENABLE_LENS" ];then
-  OVERRIDE+=" -f ./$PROJECT/modules/lens-compose.yml"
-fi

kr/modules/obds2fhir-rest-compose.yml

@@ -1,20 +0,0 @@
-version: "3.7"
-
-services:
-  obds2fhir-rest:
-    container_name: bridgehead-obds2fhir-rest
-    image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main
-    environment:
-      IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
-      MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
-      SALT: ${LOCAL_SALT}
-      KEEP_INTERNAL_ID: ${KEEP_INTERNAL_ID:-false}
-      MAINZELLISTE_URL: ${PATIENTLIST_URL:-http://patientlist:8080/patientlist}
-    restart: always
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.obds2fhir-rest.rule=PathPrefix(`/obds2fhir-rest`) || PathPrefix(`/adt2fhir-rest`)"
-      - "traefik.http.middlewares.obds2fhir-rest_strip.stripprefix.prefixes=/obds2fhir-rest,/adt2fhir-rest"
-      - "traefik.http.services.obds2fhir-rest.loadbalancer.server.port=8080"
-      - "traefik.http.routers.obds2fhir-rest.tls=true"
-      - "traefik.http.routers.obds2fhir-rest.middlewares=obds2fhir-rest_strip,auth"

kr/modules/obds2fhir-rest-setup.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-function obds2fhirRestSetup() {
-  if [ -n "$ENABLE_OBDS2FHIR_REST" ]; then
-    log INFO "oBDS2FHIR-REST setup detected -- will start obds2fhir-rest module."
-    if [ ! -n "$IDMANAGER_UPLOAD_APIKEY" ]; then
-      log ERROR "Missing ID-Management Module! Fix this by setting up ID Management:"
-      PATIENTLIST_URL=" "
-    fi
-    OVERRIDE+=" -f ./$PROJECT/modules/obds2fhir-rest-compose.yml"
-    LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
-  fi
-}

kr/modules/teiler-compose.yml

@@ -1,81 +0,0 @@
-version: "3.7"
-
-services:
-
-  teiler-orchestrator:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-orchestrator:latest
-    container_name: bridgehead-teiler-orchestrator
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_orchestrator_ccp.rule=PathPrefix(`/ccp-teiler`)"
-      - "traefik.http.services.teiler_orchestrator_ccp.loadbalancer.server.port=9000"
-      - "traefik.http.routers.teiler_orchestrator_ccp.tls=true"
-      - "traefik.http.middlewares.teiler_orchestrator_ccp_strip.stripprefix.prefixes=/ccp-teiler"
-      - "traefik.http.routers.teiler_orchestrator_ccp.middlewares=teiler_orchestrator_ccp_strip"
-    environment:
-      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
-      TEILER_DASHBOARD_URL: "https://${HOST}/ccp-teiler-dashboard"
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE_LOWER_CASE}"
-      HTTP_RELATIVE_PATH: "/ccp-teiler"
-
-  teiler-dashboard:
-    image: docker.verbis.dkfz.de/cache/samply/teiler-dashboard:develop
-    container_name: bridgehead-teiler-dashboard
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_dashboard_ccp.rule=PathPrefix(`/ccp-teiler-dashboard`)"
-      - "traefik.http.services.teiler_dashboard_ccp.loadbalancer.server.port=80"
-      - "traefik.http.routers.teiler_dashboard_ccp.tls=true"
-      - "traefik.http.middlewares.teiler_dashboard_ccp_strip.stripprefix.prefixes=/ccp-teiler-dashboard"
-      - "traefik.http.routers.teiler_dashboard_ccp.middlewares=teiler_dashboard_ccp_strip"
-    environment:
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      TEILER_BACKEND_URL: "https://${HOST}/ccp-teiler-backend"
-      OIDC_URL: "${OIDC_URL}"
-      OIDC_REALM: "${OIDC_REALM}"
-      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
-      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
-      TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
-      TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
-      TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
-      TEILER_PROJECT: "${PROJECT}"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
-      TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
-      TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/ccp-teiler-dashboard"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
-      TEILER_USER: "${OIDC_USER_GROUP}"
-      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
-      REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
-      EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
-
-
-  teiler-backend:
-    image: docker.verbis.dkfz.de/ccp/dktk-teiler-backend:latest
-    container_name: bridgehead-teiler-backend
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.teiler_backend_ccp.rule=PathPrefix(`/ccp-teiler-backend`)"
-      - "traefik.http.services.teiler_backend_ccp.loadbalancer.server.port=8085"
-      - "traefik.http.routers.teiler_backend_ccp.tls=true"
-      - "traefik.http.middlewares.teiler_backend_ccp_strip.stripprefix.prefixes=/ccp-teiler-backend"
-      - "traefik.http.routers.teiler_backend_ccp.middlewares=teiler_backend_ccp_strip"
-    environment:
-      LOG_LEVEL: "INFO"
-      APPLICATION_PORT: "8085"
-      APPLICATION_ADDRESS: "${HOST}"
-      DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
-      CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
-      TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/ccp-teiler"
-      TEILER_ORCHESTRATOR_URL: "https://${HOST}/ccp-teiler"
-      TEILER_DASHBOARD_DE_URL: "https://${HOST}/ccp-teiler-dashboard/de"
-      TEILER_DASHBOARD_EN_URL: "https://${HOST}/ccp-teiler-dashboard/en"
-      CENTRAX_URL: "${CENTRAXX_URL}"
-      HTTP_PROXY: "http://forward_proxy:3128"
-      ENABLE_MTBA: "${ENABLE_MTBA}"
-      ENABLE_DATASHIELD: "${ENABLE_DATASHIELD}"
-    secrets:
-      - ccp.conf
-
-secrets:
-  ccp.conf:
-    file: /etc/bridgehead/ccp.conf

kr/modules/teiler.md

@@ -1,19 +0,0 @@
-# Teiler
-This module orchestrates the different microfrontends of the bridgehead as a single page application.  
-
-## Teiler Orchestrator
-Single SPA component that consists on the root HTML site of the single page application and a javascript code that
-gets the information about the microfrontend calling the teiler backend and is responsible for registering them. With the
-resulting mapping, it can initialize, mount and unmount the required microfrontends on the fly. 
-
-The microfrontends run independently in different containers and can be based on different frameworks (Angular, Vue, React,...)
-This microfrontends can run as single alone but need an extension with Single-SPA (https://single-spa.js.org/docs/ecosystem).
-There are also available three templates (Angular, Vue, React) to be directly extended to be used directly in the teiler.
-
-## Teiler Dashboard
-It consists on the main dashboard and a set of embedded services.
-### Login
-user and password in ccp.local.conf
-
-## Teiler Backend
-In this component, the microfrontends are configured.

kr/vars

@@ -7,7 +7,7 @@ SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 BROKER_URL_FOR_PREREQ=$BROKER_URL
 
-for module in $PROJECT/modules/*.sh
+for module in common/*.sh
 do
     log DEBUG "sourcing $module"
     source $module

lib/prerequisites.sh

@@ -3,16 +3,14 @@
 source lib/functions.sh
 
 detectCompose
-CONFIG_DIR="/etc/bridgehead/"
-COMPONENT_DIR="/srv/docker/bridgehead/"
 
 if ! id "bridgehead" &>/dev/null; then
   log ERROR "User bridgehead does not exist. Please run bridgehead install $PROJECT"
   exit 1
 fi
 
-checkOwner "${CONFIG_DIR}" bridgehead || exit 1
+checkOwner /srv/docker/bridgehead bridgehead || exit 1
-checkOwner "${COMPONENT_DIR}" bridgehead || exit 1
+checkOwner /etc/bridgehead bridgehead || exit 1
 
 ## Check if user is a su
 log INFO "Checking if all prerequisites are met ..."
@@ -34,31 +32,31 @@ fi
 log INFO "Checking configuration ..."
 
 ## Download submodule
-if [ ! -d "${CONFIG_DIR}" ]; then
+if [ ! -d "/etc/bridgehead/" ]; then
-  fail_and_report 1 "Please set up the config folder at ${CONFIG_DIR}. Instruction are in the readme."
+  fail_and_report 1 "Please set up the config folder at /etc/bridgehead. Instruction are in the readme."
 fi
 
 # TODO: Check all required variables here in a generic loop
 
 #check if project env is present
-if [ -d "${CONFIG_DIR}${PROJECT}.conf" ]; then
+if [ -d "/etc/bridgehead/${PROJECT}.conf" ]; then
-   fail_and_report 1 "Project config not found. Please copy the template from ${PROJECT} and put it under ${CONFIG_DIR}${PROJECT}.conf."
+   fail_and_report 1 "Project config not found. Please copy the template from ${PROJECT} and put it under /etc/bridgehead-config/${PROJECT}.conf."
 fi
 
 # TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
 
 log INFO "Checking ssl cert for accessing bridgehead via https"
 
-if [ ! -d "${CONFIG_DIR}traefik-tls" ]; then
+if [ ! -d "/etc/bridgehead/traefik-tls" ]; then
   log WARN "TLS certs for accessing bridgehead via https missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...) and put into /etc/bridgehead/traefik-tls"
   mkdir -p /etc/bridgehead/traefik-tls
 fi
 
-if [ ! -e "${CONFIG_DIR}traefik-tls/fullchain.pem" ]; then
+if [ ! -e "/etc/bridgehead/traefik-tls/fullchain.pem" ]; then
   openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/traefik-tls/privkey.pem -out /etc/bridgehead/traefik-tls/fullchain.pem -days 3650 -subj "/CN=$HOST"
 fi
 
-if [ -e "${CONFIG_DIR}"vault.conf ]; then
+if [ -e /etc/bridgehead/vault.conf ]; then
   if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then
     fail_and_report 1 "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."
   fi
@@ -66,7 +64,7 @@ fi
 
 log INFO "Checking network access ($BROKER_URL_FOR_PREREQ) ..."
 
-source "${CONFIG_DIR}${PROJECT}".conf
+source /etc/bridgehead/${PROJECT}.conf
 source ${PROJECT}/vars
 
 if [ "${PROJECT}" != "minimal" ]; then
@@ -94,10 +92,10 @@ if [ "${PROJECT}" != "minimal" ]; then
   fi
 fi
 checkPrivKey() {
-  if [ -e "${CONFIG_DIR}pki/${SITE_ID}.priv.pem" ]; then
+  if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
     log INFO "Success - private key found."
   else
-    log ERROR "Unable to find private key at ${CONFIG_DIR}pki/${SITE_ID}.priv.pem. To fix, please run\n  bridgehead enroll ${PROJECT}\nand follow the instructions."
+    log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n  bridgehead enroll ${PROJECT}\nand follow the instructions."
     return 1
   fi
   return 0
@@ -109,11 +107,6 @@ else
   checkPrivKey || exit 1
 fi
 
-for dir in  "${CONFIG_DIR}" "${COMPONENT_DIR}"; do
-  log INFO "Checking branch: $(cd $dir && echo "$dir $(git branch --show-current)")"
-  hc_send log "Checking branch: $(cd $dir && echo "$dir $(git branch --show-current)")"
-done
-
 log INFO "Success - all prerequisites are met!"
 hc_send log "Success - all prerequisites are met!"
 

minimal/docker-compose.yml

@@ -10,13 +10,13 @@ services:
       - --providers.docker=true
       - --providers.docker.exposedbydefault=false
       - --providers.file.directory=/configuration/
-      - --api.dashboard=false
+      - --api.dashboard=true
       - --accesslog=true
       - --entrypoints.web.http.redirections.entrypoint.to=websecure
       - --entrypoints.web.http.redirections.entrypoint.scheme=https
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard/`)"
+      - "traefik.http.routers.dashboard.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
       - "traefik.http.routers.dashboard.entrypoints=websecure"
       - "traefik.http.routers.dashboard.service=api@internal"
       - "traefik.http.routers.dashboard.tls=true"