From 03211d86709b01f7194ed708d003414a45c3abd5 Mon Sep 17 00:00:00 2001
From: Filiz Kluba <Filiz.Kluba@unimedizin-mainz.de>
Date: Wed, 20 May 2026 11:22:08 +0200
Subject: [PATCH 1/8] chore: move dev-setups in dev-setups/

---
 .../dsf-docker-dev-setup-3dic-ttp}/README.md  |  0
 .../db/init-db.sh                             |  0
 .../dic1/bpe/log/README.md                    |  0
 .../dic1/bpe/process/README.md                |  0
 .../dic1/fhir/log/README.md                   |  0
 .../dic1/ui/logo.svg                          |  0
 .../dic1/ui/logo_dark.svg                     |  0
 .../dic2/bpe/log/README.md                    |  0
 .../dic2/bpe/process/README.md                |  0
 .../dic2/fhir/log/README.md                   |  0
 .../dic2/ui/logo.svg                          |  0
 .../dic2/ui/logo_dark.svg                     |  0
 .../dic3/bpe/log/README.md                    |  0
 .../dic3/bpe/process/README.md                |  0
 .../dic3/fhir/log/README.md                   |  0
 .../dic3/ui/logo.svg                          |  0
 .../dic3/ui/logo_dark.svg                     |  0
 .../docker-build.bat                          |  4 +-
 .../docker-build.sh                           |  4 +-
 .../docker-compose.yml                        | 65 +++++++++----------
 .../forward-proxy/Dockerfile                  |  0
 .../forward-proxy/tinyproxy.conf              |  0
 .../keycloak/dic1.json                        |  0
 .../keycloak/dic2.json                        |  0
 .../keycloak/dic3.json                        |  0
 .../keycloak/ttp.json                         |  0
 .../proxy/conf.d/dic1.conf                    |  0
 .../proxy/conf.d/dic2.conf                    |  0
 .../proxy/conf.d/dic3.conf                    |  0
 .../proxy/conf.d/ttp.conf                     |  0
 .../proxy/nginx.conf                          |  0
 .../secrets/db_dic1_bpe_user.password         |  0
 .../secrets/db_dic1_bpe_user_engine.password  |  0
 .../secrets/db_dic1_fhir_user.password        |  0
 ...b_dic1_fhir_user_permanent_delete.password |  0
 .../secrets/db_dic2_bpe_user.password         |  0
 .../secrets/db_dic2_bpe_user_engine.password  |  0
 .../secrets/db_dic2_fhir_user.password        |  0
 ...b_dic2_fhir_user_permanent_delete.password |  0
 .../secrets/db_dic3_bpe_user.password         |  0
 .../secrets/db_dic3_bpe_user_engine.password  |  0
 .../secrets/db_dic3_fhir_user.password        |  0
 ...b_dic3_fhir_user_permanent_delete.password |  0
 .../secrets/db_liquibase.password             |  0
 .../secrets/db_ttp_bpe_user.password          |  0
 .../secrets/db_ttp_bpe_user_engine.password   |  0
 .../secrets/db_ttp_fhir_user.password         |  0
 ...db_ttp_fhir_user_permanent_delete.password |  0
 .../secrets/oidc_client_dic1_bpe.secret       |  0
 .../secrets/oidc_client_dic1_fhir.secret      |  0
 .../secrets/oidc_client_dic2_bpe.secret       |  0
 .../secrets/oidc_client_dic2_fhir.secret      |  0
 .../secrets/oidc_client_dic3_bpe.secret       |  0
 .../secrets/oidc_client_dic3_fhir.secret      |  0
 .../secrets/oidc_client_ttp_bpe.secret        |  0
 .../secrets/oidc_client_ttp_fhir.secret       |  0
 .../ttp/bpe/log/README.md                     |  0
 .../ttp/bpe/process/README.md                 |  0
 .../ttp/fhir/conf/bundle.xml                  |  0
 .../ttp/fhir/log/README.md                    |  0
 .../ttp/ui/logo.svg                           |  0
 .../ttp/ui/logo_dark.svg                      |  0
 .../ui/bpe_mod.css                            |  0
 .../ui/fhir_mod.css                           |  0
 .../bpe/docker-compose.yml                    |  0
 .../dsf-docker-dev-setup}/bpe/log/README.md   |  0
 .../bpe/process/README.md                     |  0
 .../bpe/secrets/db_liquibase.password         |  0
 .../bpe/secrets/db_user.password              |  0
 .../bpe/secrets/db_user_engine.password       |  0
 .../dsf-docker-dev-setup}/docker-build.bat    |  8 +--
 .../dsf-docker-dev-setup}/docker-build.sh     |  8 +--
 .../fhir/conf/bundle.xml                      |  0
 .../fhir/docker-compose.yml                   |  0
 .../dsf-docker-dev-setup}/fhir/log/README.md  |  0
 .../fhir/secrets/db_liquibase.password        |  0
 .../fhir/secrets/db_user.password             |  0
 .../secrets/db_user_permanent_delete.password |  0
 78 files changed, 41 insertions(+), 48 deletions(-)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/db/init-db.sh (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic1/bpe/log/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic1/bpe/process/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic1/fhir/log/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic1/ui/logo.svg (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic1/ui/logo_dark.svg (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic2/bpe/log/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic2/bpe/process/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic2/fhir/log/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic2/ui/logo.svg (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic2/ui/logo_dark.svg (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic3/bpe/log/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic3/bpe/process/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic3/fhir/log/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic3/ui/logo.svg (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/dic3/ui/logo_dark.svg (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/docker-build.bat (80%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/docker-build.sh (79%)
 mode change 100755 => 100644
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/docker-compose.yml (96%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/forward-proxy/Dockerfile (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/forward-proxy/tinyproxy.conf (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/keycloak/dic1.json (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/keycloak/dic2.json (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/keycloak/dic3.json (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/keycloak/ttp.json (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/dic1.conf (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/dic2.conf (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/dic3.conf (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/ttp.conf (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/proxy/nginx.conf (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_bpe_user.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_bpe_user_engine.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_fhir_user.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_fhir_user_permanent_delete.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_bpe_user.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_bpe_user_engine.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_fhir_user.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_fhir_user_permanent_delete.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_bpe_user.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_bpe_user_engine.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_fhir_user.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_fhir_user_permanent_delete.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_liquibase.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_bpe_user.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_bpe_user_engine.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_fhir_user.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_fhir_user_permanent_delete.password (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic1_bpe.secret (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic1_fhir.secret (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic2_bpe.secret (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic2_fhir.secret (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic3_bpe.secret (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic3_fhir.secret (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_ttp_bpe.secret (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_ttp_fhir.secret (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/bpe/log/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/bpe/process/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/fhir/conf/bundle.xml (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/fhir/log/README.md (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/ui/logo.svg (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ttp/ui/logo_dark.svg (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ui/bpe_mod.css (100%)
 rename {dsf-docker-dev-setup-3dic-ttp => dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp}/ui/fhir_mod.css (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/docker-compose.yml (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/log/README.md (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/process/README.md (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/secrets/db_liquibase.password (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/secrets/db_user.password (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/bpe/secrets/db_user_engine.password (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/docker-build.bat (70%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/docker-build.sh (69%)
 mode change 100755 => 100644
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/conf/bundle.xml (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/docker-compose.yml (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/log/README.md (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/secrets/db_liquibase.password (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/secrets/db_user.password (100%)
 rename {dsf-docker-dev-setup => dsf-dev-setups/dsf-docker-dev-setup}/fhir/secrets/db_user_permanent_delete.password (100%)

diff --git a/dsf-docker-dev-setup-3dic-ttp/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/db/init-db.sh b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/db/init-db.sh
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/db/init-db.sh
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/db/init-db.sh
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg
diff --git a/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg
diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-build.bat b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.bat
similarity index 80%
rename from dsf-docker-dev-setup-3dic-ttp/docker-build.bat
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.bat
index 1cbc373ce..c09d07424 100644
--- a/dsf-docker-dev-setup-3dic-ttp/docker-build.bat
+++ b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.bat
@@ -17,7 +17,7 @@
 @echo off
 
 echo datasharingframework/bpe ...
-docker build --pull -t datasharingframework/bpe ..\dsf-bpe\dsf-bpe-server-jetty\docker
+docker build --pull -t datasharingframework/bpe ..\..\dsf-bpe\dsf-bpe-server-jetty\docker
 
 echo datasharingframework/fhir ...
-docker build --pull -t datasharingframework/fhir ..\dsf-fhir\dsf-fhir-server-jetty\docker
\ No newline at end of file
+docker build --pull -t datasharingframework/fhir ..\..\dsf-fhir\dsf-fhir-server-jetty\docker
\ No newline at end of file
diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-build.sh b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.sh
old mode 100755
new mode 100644
similarity index 79%
rename from dsf-docker-dev-setup-3dic-ttp/docker-build.sh
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.sh
index ff0d46727..00eee485a
--- a/dsf-docker-dev-setup-3dic-ttp/docker-build.sh
+++ b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.sh
@@ -17,7 +17,7 @@
 
 
 echo datasharingframework/bpe ...
-docker build --pull -t datasharingframework/bpe ../dsf-bpe/dsf-bpe-server-jetty/docker
+docker build --pull -t datasharingframework/bpe ../../dsf-bpe/dsf-bpe-server-jetty/docker
 
 echo datasharingframework/fhir ...
-docker build --pull -t datasharingframework/fhir ../dsf-fhir/dsf-fhir-server-jetty/docker
\ No newline at end of file
+docker build --pull -t datasharingframework/fhir ../../dsf-fhir/dsf-fhir-server-jetty/docker
\ No newline at end of file
diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
similarity index 96%
rename from dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
index 7cbd9d76b..bc273102d 100644
--- a/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
+++ b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
@@ -113,14 +113,7 @@ services:
     networks:
       - internet
     command: >-
-      start
-      --db dev-file
-      --hostname keycloak
-      --import-realm
-      --https-certificate-file=/run/secrets/keycloak.chain.crt
-      --https-certificate-key-file=/run/secrets/keycloak.key.plain
-      --spi-truststore-file-file=/run/secrets/keycloak_trust_store.jks
-      --spi-truststore-file-password=password
+      start --db dev-file --hostname keycloak --import-realm --https-certificate-file=/run/secrets/keycloak.chain.crt --https-certificate-key-file=/run/secrets/keycloak.key.plain --spi-truststore-file-file=/run/secrets/keycloak_trust_store.jks --spi-truststore-file-password=password
 
   forward-proxy:
     build: ./forward-proxy
@@ -132,11 +125,11 @@ services:
       internet:
 
   dic1-fhir:
-    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
+    build: ../../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
-     - 127.0.0.1:5001:5001
+      - 127.0.0.1:5001:5001
     secrets:
       - db_liquibase.password
       - db_dic1_fhir_user.password
@@ -218,11 +211,11 @@ services:
       - keycloak
 
   dic2-fhir:
-    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
+    build: ../../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
-     - 127.0.0.1:5002:5002
+      - 127.0.0.1:5002:5002
     secrets:
       - db_liquibase.password
       - db_dic2_fhir_user.password
@@ -299,11 +292,11 @@ services:
       - keycloak
 
   dic3-fhir:
-    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
+    build: ../../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
-     - 127.0.0.1:5003:5003
+      - 127.0.0.1:5003:5003
     secrets:
       - db_liquibase.password
       - db_dic3_fhir_user.password
@@ -378,11 +371,11 @@ services:
       - keycloak
 
   ttp-fhir:
-    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
+    build: ../../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
-     - 127.0.0.1:5004:5004
+      - 127.0.0.1:5004:5004
     secrets:
       - db_liquibase.password
       - db_ttp_fhir_user.password
@@ -450,7 +443,7 @@ services:
       DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW: 'true'
       DEV_DSF_SERVER_AUTH_OIDC_BACK_CHANNEL_LOGOUT: 'true'
       DEV_DSF_SERVER_AUTH_OIDC_BEARER_TOKEN: 'true'
-      DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp 
+      DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp
       DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TRUST_SERVER_CERTIFICATE_CAS: /run/secrets/root_ca.crt
       DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID: ttp-fhir
       DEV_DSF_SERVER_AUTH_OIDC_CLIENT_SECRET_FILE: /run/secrets/oidc_client_ttp_fhir.secret
@@ -465,7 +458,7 @@ services:
       - keycloak
 
   dic1-bpe:
-    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
+    build: ../../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -585,7 +578,7 @@ services:
       - forward-proxy
 
   dic2-bpe:
-    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
+    build: ../../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -674,7 +667,7 @@ services:
       - keycloak
 
   dic3-bpe:
-    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
+    build: ../../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -763,7 +756,7 @@ services:
       - keycloak
 
   ttp-bpe:
-    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
+    build: ../../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -837,7 +830,7 @@ services:
       DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW: 'true'
       DEV_DSF_SERVER_AUTH_OIDC_BACK_CHANNEL_LOGOUT: 'true'
       DEV_DSF_SERVER_AUTH_OIDC_BEARER_TOKEN: 'true'
-      DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp 
+      DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp
       DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TRUST_SERVER_CERTIFICATE_CAS: /run/secrets/root_ca.crt
       DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID: ttp-bpe
       DEV_DSF_SERVER_AUTH_OIDC_CLIENT_SECRET_FILE: /run/secrets/oidc_client_ttp_bpe.secret
@@ -901,7 +894,7 @@ secrets:
 
   db_liquibase.password:
     file: ./secrets/db_liquibase.password
-    
+
   db_dic1_bpe_user.password:
     file: ./secrets/db_dic1_bpe_user.password
   db_dic1_bpe_user_engine.password:
@@ -910,7 +903,7 @@ secrets:
     file: ./secrets/db_dic1_fhir_user.password
   db_dic1_fhir_user_permanent_delete.password:
     file: ./secrets/db_dic1_fhir_user_permanent_delete.password
-    
+
   db_dic2_bpe_user.password:
     file: ./secrets/db_dic2_bpe_user.password
   db_dic2_bpe_user_engine.password:
@@ -919,7 +912,7 @@ secrets:
     file: ./secrets/db_dic2_fhir_user.password
   db_dic2_fhir_user_permanent_delete.password:
     file: ./secrets/db_dic2_fhir_user_permanent_delete.password
-    
+
   db_dic3_bpe_user.password:
     file: ./secrets/db_dic3_bpe_user.password
   db_dic3_bpe_user_engine.password:
@@ -928,7 +921,7 @@ secrets:
     file: ./secrets/db_dic3_fhir_user.password
   db_dic3_fhir_user_permanent_delete.password:
     file: ./secrets/db_dic3_fhir_user_permanent_delete.password
-    
+
   db_ttp_bpe_user.password:
     file: ./secrets/db_ttp_bpe_user.password
   db_ttp_bpe_user_engine.password:
@@ -955,67 +948,67 @@ secrets:
     file: ./secrets/oidc_client_dic3_bpe.secret
   oidc_client_ttp_bpe.secret:
     file: ./secrets/oidc_client_ttp_bpe.secret
-  
+
 networks:
   dic1-fhir-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-      - subnet: 172.20.0.0/29
+        - subnet: 172.20.0.0/29
   dic1-fhir-backend:
   dic2-fhir-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-      - subnet: 172.20.0.8/29
+        - subnet: 172.20.0.8/29
   dic2-fhir-backend:
   dic3-fhir-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-      - subnet: 172.20.0.16/29
+        - subnet: 172.20.0.16/29
   dic3-fhir-backend:
   ttp-fhir-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-      - subnet: 172.20.0.24/29
+        - subnet: 172.20.0.24/29
   ttp-fhir-backend:
   dic1-bpe-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-      - subnet: 172.20.0.32/29
+        - subnet: 172.20.0.32/29
   dic1-bpe-backend:
   dic2-bpe-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-      - subnet: 172.20.0.40/29
+        - subnet: 172.20.0.40/29
   dic2-bpe-backend:
   dic3-bpe-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-      - subnet: 172.20.0.48/29
+        - subnet: 172.20.0.48/29
   dic3-bpe-backend:
   ttp-bpe-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-      - subnet: 172.20.0.56/29
+        - subnet: 172.20.0.56/29
   ttp-bpe-backend:
   internet:
   forward-proxy:
 
 volumes:
   postgresql:
-    name: postgresql
\ No newline at end of file
+    name: postgresql
diff --git a/dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile
diff --git a/dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf
diff --git a/dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json
diff --git a/dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json
diff --git a/dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json
diff --git a/dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json
diff --git a/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf
diff --git a/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf
diff --git a/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf
diff --git a/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf
diff --git a/dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret
diff --git a/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret
diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml
diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md
diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg
diff --git a/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg
diff --git a/dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css
diff --git a/dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css b/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css
similarity index 100%
rename from dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css
rename to dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css
diff --git a/dsf-docker-dev-setup/bpe/docker-compose.yml b/dsf-dev-setups/dsf-docker-dev-setup/bpe/docker-compose.yml
similarity index 100%
rename from dsf-docker-dev-setup/bpe/docker-compose.yml
rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/docker-compose.yml
diff --git a/dsf-docker-dev-setup/bpe/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup/bpe/log/README.md
similarity index 100%
rename from dsf-docker-dev-setup/bpe/log/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/log/README.md
diff --git a/dsf-docker-dev-setup/bpe/process/README.md b/dsf-dev-setups/dsf-docker-dev-setup/bpe/process/README.md
similarity index 100%
rename from dsf-docker-dev-setup/bpe/process/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/process/README.md
diff --git a/dsf-docker-dev-setup/bpe/secrets/db_liquibase.password b/dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_liquibase.password
similarity index 100%
rename from dsf-docker-dev-setup/bpe/secrets/db_liquibase.password
rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_liquibase.password
diff --git a/dsf-docker-dev-setup/bpe/secrets/db_user.password b/dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user.password
similarity index 100%
rename from dsf-docker-dev-setup/bpe/secrets/db_user.password
rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user.password
diff --git a/dsf-docker-dev-setup/bpe/secrets/db_user_engine.password b/dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user_engine.password
similarity index 100%
rename from dsf-docker-dev-setup/bpe/secrets/db_user_engine.password
rename to dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user_engine.password
diff --git a/dsf-docker-dev-setup/docker-build.bat b/dsf-dev-setups/dsf-docker-dev-setup/docker-build.bat
similarity index 70%
rename from dsf-docker-dev-setup/docker-build.bat
rename to dsf-dev-setups/dsf-docker-dev-setup/docker-build.bat
index 5d797e7d1..b263e5ca5 100644
--- a/dsf-docker-dev-setup/docker-build.bat
+++ b/dsf-dev-setups/dsf-docker-dev-setup/docker-build.bat
@@ -17,13 +17,13 @@
 @echo off
 
 echo datasharingframework/bpe ...
-docker build --pull -t datasharingframework/bpe ..\dsf-bpe\dsf-bpe-server-jetty\docker
+docker build --pull -t datasharingframework/bpe ..\..\dsf-bpe\dsf-bpe-server-jetty\docker
 
 echo datasharingframework/fhir ...
-docker build --pull -t datasharingframework/fhir ..\dsf-fhir\dsf-fhir-server-jetty\docker
+docker build --pull -t datasharingframework/fhir ..\..\dsf-fhir\dsf-fhir-server-jetty\docker
 
 echo datasharingframework/bpe_proxy ...
-docker build --pull -t datasharingframework/bpe_proxy ..\dsf-docker\bpe_proxy
+docker build --pull -t datasharingframework/bpe_proxy ..\..\dsf-docker\bpe_proxy
 
 echo datasharingframework/fhir_proxy ...
-docker build --pull -t datasharingframework/fhir_proxy ..\dsf-docker\fhir_proxy
+docker build --pull -t datasharingframework/fhir_proxy ..\..\dsf-docker\fhir_proxy
diff --git a/dsf-docker-dev-setup/docker-build.sh b/dsf-dev-setups/dsf-docker-dev-setup/docker-build.sh
old mode 100755
new mode 100644
similarity index 69%
rename from dsf-docker-dev-setup/docker-build.sh
rename to dsf-dev-setups/dsf-docker-dev-setup/docker-build.sh
index 4fecada35..1f182d238
--- a/dsf-docker-dev-setup/docker-build.sh
+++ b/dsf-dev-setups/dsf-docker-dev-setup/docker-build.sh
@@ -17,13 +17,13 @@
 
 
 echo datasharingframework/bpe ...
-docker build --pull -t datasharingframework/bpe ../dsf-bpe/dsf-bpe-server-jetty/docker
+docker build --pull -t datasharingframework/bpe ../../dsf-bpe/dsf-bpe-server-jetty/docker
 
 echo datasharingframework/fhir ...
-docker build --pull -t datasharingframework/fhir ../dsf-fhir/dsf-fhir-server-jetty/docker
+docker build --pull -t datasharingframework/fhir ../../dsf-fhir/dsf-fhir-server-jetty/docker
 
 echo datasharingframework/bpe_proxy ...
-docker build --pull -t datasharingframework/bpe_proxy ../dsf-docker/bpe_proxy
+docker build --pull -t datasharingframework/bpe_proxy ../../dsf-docker/bpe_proxy
 
 echo datasharingframework/fhir_proxy ...
-docker build --pull -t datasharingframework/fhir_proxy ../dsf-docker/fhir_proxy
+docker build --pull -t datasharingframework/fhir_proxy ../../dsf-docker/fhir_proxy
diff --git a/dsf-docker-dev-setup/fhir/conf/bundle.xml b/dsf-dev-setups/dsf-docker-dev-setup/fhir/conf/bundle.xml
similarity index 100%
rename from dsf-docker-dev-setup/fhir/conf/bundle.xml
rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/conf/bundle.xml
diff --git a/dsf-docker-dev-setup/fhir/docker-compose.yml b/dsf-dev-setups/dsf-docker-dev-setup/fhir/docker-compose.yml
similarity index 100%
rename from dsf-docker-dev-setup/fhir/docker-compose.yml
rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/docker-compose.yml
diff --git a/dsf-docker-dev-setup/fhir/log/README.md b/dsf-dev-setups/dsf-docker-dev-setup/fhir/log/README.md
similarity index 100%
rename from dsf-docker-dev-setup/fhir/log/README.md
rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/log/README.md
diff --git a/dsf-docker-dev-setup/fhir/secrets/db_liquibase.password b/dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_liquibase.password
similarity index 100%
rename from dsf-docker-dev-setup/fhir/secrets/db_liquibase.password
rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_liquibase.password
diff --git a/dsf-docker-dev-setup/fhir/secrets/db_user.password b/dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user.password
similarity index 100%
rename from dsf-docker-dev-setup/fhir/secrets/db_user.password
rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user.password
diff --git a/dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password b/dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password
similarity index 100%
rename from dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password
rename to dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password

From 979bddb51ca646bb0bb917608890e5bbdc0d1039 Mon Sep 17 00:00:00 2001
From: Filiz Kluba <Filiz.Kluba@unimedizin-mainz.de>
Date: Wed, 20 May 2026 11:25:56 +0200
Subject: [PATCH 2/8] chore(dev-setup): add development environment for
 podman/quadlet

- create readme with setup instructions
- configuration does not affect production environment
---
 dsf-dev-setups/dsf-podman-dev-setup/README.md | 302 ++++++++++++++++++
 .../dsf-bpe-passwords.yaml.tpl                |   8 +
 .../dsf-podman-dev-setup/dsf-bpe.target       |   7 +
 .../dsf-bpe/dsf-backend.network               |   2 +
 .../dsf-bpe/dsf-bpe-app.kube                  |  16 +
 .../dsf-bpe/dsf-bpe-app.yaml                  |  80 +++++
 .../dsf-bpe/dsf-bpe-db.kube                   |  13 +
 .../dsf-bpe/dsf-bpe-db.yaml                   |  63 ++++
 .../dsf-bpe/dsf-client-cert.yaml              |  15 +
 .../dsf-fhir-passwords.yaml.tpl               |   8 +
 .../dsf-podman-dev-setup/dsf-fhir.target      |   7 +
 .../dsf-fhir/dsf-app.kube                     |  16 +
 .../dsf-fhir/dsf-app.yaml                     |  60 ++++
 .../dsf-fhir/dsf-backend.network              |   2 +
 .../dsf-fhir/dsf-client-cert.yaml             |  15 +
 .../dsf-podman-dev-setup/dsf-fhir/dsf-db.kube |  13 +
 .../dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml |  62 ++++
 .../dsf-fhir/dsf-frontend.network             |   2 +
 .../dsf-fhir/dsf-proxy.kube                   |  16 +
 .../dsf-fhir/dsf-proxy.yaml                   |  40 +++
 .../dsf-fhir/dsf-ssl-cert.yaml                |  18 ++
 21 files changed, 765 insertions(+)
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/README.md
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe.target
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir.target
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml
 create mode 100644 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml

diff --git a/dsf-dev-setups/dsf-podman-dev-setup/README.md b/dsf-dev-setups/dsf-podman-dev-setup/README.md
new file mode 100644
index 000000000..835c4311a
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/README.md
@@ -0,0 +1,302 @@
+# DSF Kube
+
+A rootless Podman setup for the Data Sharing Framework (DSF), designed as an intermediate step towards Kubernetes. It uses native Quadlet integration into systemd and Kubernetes-compatible YAML manifests.
+
+## Improvements over the original Docker Compose setup
+
+- Explicit registry prefix (e.g. `docker.io`) to avoid ambiguity
+- More descriptive image tags (e.g. `postgres:18.3-alpine3.23`)
+- Rootless Podman with user namespace isolation
+- Engine-managed volumes instead of bind-mounts
+- Fixed sysctl settings for the proxy container
+- Official enterprise Linux support (SLES, RHEL, Ubuntu)
+- Native init system integration via Quadlet instead of a central daemon
+
+## Additional requirements compared to the original setup
+
+- Podman >= 5.0 (Ubuntu 24+, SLES 16, RHEL 9+)
+- `passt` (any version)
+- Rootless service account with configured SubUIDs and SubGIDs
+
+## Preparation
+
+### Install dependencies
+
+```bash
+# Ubuntu
+apt install podman passt
+
+# SLES
+zypper install podman passt
+
+# Alma Linux / RHEL
+dnf install podman passt
+```
+
+### Allow unprivileged ports (required for the FHIR proxy on port 443)
+
+```bash
+echo "net.ipv4.ip_unprivileged_port_start=80" > /etc/sysctl.d/99-user_priv_ports.conf
+sysctl --system
+```
+
+### Create a service account
+
+To use a separate partition for application data, mount that partition on `/home` before creating the user.
+
+```bash
+useradd -r -m -s /bin/bash podman
+
+# Add to systemd-journal group for log access
+usermod -a -G systemd-journal podman
+
+# Configure SubUIDs and SubGIDs (adjust ranges for additional accounts)
+usermod --add-subgids 100000-165536 --add-subuids 100000-165536 podman
+
+# Enable persistent user session (services survive logout)
+loginctl enable-linger podman
+
+# Configure XDG_RUNTIME_DIR for rootless podman and systemd --user
+cat >> /home/podman/.bashrc << 'EOF'
+export XDG_RUNTIME_DIR=/run/user/$(id -u)
+EOF
+
+# Switch into the service account context
+sudo --login -u podman
+```
+
+---
+
+## FHIR-Deployment
+
+### Secrets und Zertifikate
+
+Edit the certificate YAML files and insert the PEM contents:
+
+```bash
+# Server certificate (Certificate A): SSL cert, key and chain
+vi ./dsf-fhir/dsf-ssl-cert.yaml
+
+# Client certificate (Certificate B): used by the FHIR app to authenticate
+vi ./dsf-fhir/dsf-client-cert.yaml
+```
+
+Generate and apply database passwords:
+
+```bash
+# For using own passwords encode them as base64 and set them as env
+export DB_LIQUIBASE_PASSWORD=$(openssl rand -base64 30 | tr -d '\n')
+export DB_USER_PASSWORD=$(openssl rand -base64 16 | tr -d '\n')
+export DB_USER_PERMANENT_DELETE_PASSWORD=$(openssl rand -base64 16 | tr -d '\n')
+
+envsubst < dsf-fhir/dsf-fhir-passwords.yaml.tpl > dsf-fhir-passwords.yaml
+podman kube play dsf-fhir-passwords.yaml
+rm dsf-fhir-passwords.yaml
+```
+
+### Install Quadlet units and create directories
+
+```bash
+# Install Quadlet units
+podman quadlet install ./dsf-fhir
+
+# Install systemd target
+install -m 640 ./dsf-fhir.target ~/.config/systemd/user/dsf-fhir.target
+
+# Create log directory with correct permissions
+mkdir -p ~/.local/state/dsf/fhir/log
+podman unshare chown root:2101 ~/.local/state/dsf/fhir/log
+podman unshare chmod 770 ~/.local/state/dsf/fhir/log
+```
+
+### Configuration
+
+Edit the Kubernetes YAML and set the required environment variables:
+
+| Variable                                            | Description                                                           |
+| --------------------------------------------------- | --------------------------------------------------------------------- |
+| `DEV_DSF_FHIR_SERVER_BASE_URL`                      | External FQDN of the FHIR server, e.g. `https://dsf.example.com/fhir` |
+| `DEV_DSF_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE` | Organization identifier, e.g. `dsf.example.com`                       |
+| `DEV_DSF_FHIR_SERVER_ROLECONFIG`                    | Role configuration for browser and API access                         |
+| `HTTPS_SERVER_NAME_PORT`                            | FQDN and port of the FHIR server, e.g. `dsf.example.com:443`          |
+
+See the [FHIR server configuration reference](https://dsf.dev/operations/latest/fhir/configuration) for all available parameters.
+
+### Start and stop
+
+```bash
+# Start
+systemctl --user daemon-reload
+systemctl --user enable --now dsf-fhir.target
+
+# Restart (e.g. after configuration changes or certificate renewal)
+systemctl --user restart dsf-fhir.target
+
+# Stop
+systemctl --user disable --now dsf-fhir.target
+```
+
+### Verify startup
+
+Check the logs for successful startup:
+
+```bash
+journalctl --user -u dsf-app.service -f
+```
+
+Expected on successful startup:
+- FHIR server is reachable and responding on port 443
+- Proxy presents the correct server certificate (Certificate A)
+
+Test TLS from a remote host:
+
+```bash
+openssl s_client -connect dsf.example.com:443
+# Expected: server certificate shown, connection ends with:
+# tlsv13 alert certificate required
+```
+
+---
+
+## BPE Server Deployment
+
+### Secrets and certificates
+
+Edit the certificate YAML file:
+
+```bash
+# Client certificate (Certificate B): same certificate as used by the FHIR server
+vi ./dsf-bpe/dsf-client-cert.yaml
+```
+
+Generate and apply database passwords:
+
+```bash
+# For using own passwords encode them as base64 and set them as env
+export DB_LIQUIBASE_PASSWORD=$(openssl rand -base64 30 | tr -d '\n')
+export DB_USER_PASSWORD=$(openssl rand -base64 16 | tr -d '\n')
+export DB_USER_CAMUNDA=$(openssl rand -base64 16 | tr -d '\n')
+
+envsubst < dsf-bpe/dsf-bpe-passwords.yaml.tpl > dsf-bpe-passwords.yaml
+podman kube play dsf-bpe-passwords.yaml
+rm dsf-bpe-passwords.yaml
+```
+
+### Install Quadlet units and create directories
+
+```bash
+# Install Quadlet units
+podman quadlet install ./dsf-bpe
+
+# Install systemd target
+install -m 640 ./dsf-bpe.target ~/.config/systemd/user/dsf-bpe.target
+
+# Create log directory with correct permissions
+mkdir -p ~/.local/state/dsf/bpe/log
+podman unshare chown root:2202 ~/.local/state/dsf/bpe/log
+podman unshare chmod 770 ~/.local/state/dsf/bpe/log
+
+# Create process plugin directory
+mkdir -p ~/.config/dsf-bpe/process
+podman unshare chown root:2202 ~/.config/dsf-bpe/process
+podman unshare chmod 650 ~/.config/dsf-bpe/process
+```
+
+### Configuration
+
+Edit the Kubernetes YAML and set the required environment variables:
+
+| Variable                           | Description                                                                       |
+| ---------------------------------- | --------------------------------------------------------------------------------- |
+| `DEV_DSF_BPE_FHIR_SERVER_BASE_URL` | Base URL of the corresponding FHIR server, e.g. `https://dsf.example.com/fhir`    |
+| `DEV_DSF_BPE_PROCESS_EXCLUDED`     | Pipe-separated list of process IDs to exclude, e.g. `dsfdev_updateAllowList\|1.0` |
+
+See the [BPE server configuration reference](https://dsf.dev/operations/latest/bpe/configuration) for all available parameters.
+
+### Start and stop
+
+```bash
+# Start
+systemctl --user daemon-reload
+systemctl --user enable --now dsf-bpe.target
+
+# Restart (e.g. after configuration changes or plugin updates)
+systemctl --user restart dsf-bpe.target
+
+# Stop
+systemctl --user disable --now dsf-bpe.target
+```
+
+### Verify startup
+
+```bash
+journalctl --user -u dsf-bpe-app.service -f
+```
+
+Expected on successful startup:
+- BPE downloaded Task resources from the DSF FHIR server
+- BPE downloaded a Subscription resource from the DSF FHIR server
+- BPE established a WebSocket connection to the DSF FHIR server
+
+If TLS issues occur, test the connection manually:
+
+```bash
+podman run -it --rm alpine/openssl s_client dsf.example.com:443
+# Expected: server certificate shown, ends with tlsv13 alert certificate required
+```
+
+---
+
+## Certificate renewal
+
+Both FHIR and BPE use certificate YAML files (`dsf-ssl-cert.yaml`, `dsf-client-cert.yaml`) that can be updated in place. After updating the PEM contents, restart the affected service:
+
+```bash
+# FHIR proxy (server certificate)
+systemctl --user restart dsf-proxy.service
+
+# FHIR app or BPE app (client certificate)
+systemctl --user restart dsf-app.service
+systemctl --user restart dsf-bpe-app.service
+```
+
+---
+
+## Roadmap
+
+1. **Multiline config as mounted YAML** — Load Spring Boot configuration as a mounted `config.yaml` instead of environment variables for better readability of multiline values such as role configurations:
+   ```yaml
+   - name: spring-application-config
+     mountPath: /config
+   ```
+
+2. **Unified naming** — Avoid duplicate names between BPE and FHIR to support single-instance dev setups.
+
+3. **Migrate to Deployments** — Replace `kind: Pod` with `kind: Deployment` (replicas: 1) for a smoother migration path to Kubernetes.
+
+4. **One secret per password** — Currently all DB passwords are bundled in a single Kubernetes Secret. Splitting them improves least-privilege access.
+
+5. **Unprivileged proxy port** — Find a solution that avoids the `net.ipv4.ip_unprivileged_port_start=80` sysctl requirement, e.g. by using a higher container port with host port mapping or a setcap-based approach.
+
+---
+
+### Kubernetes Migration Notes
+
+The Kubernetes YAML files under `dsf-fhir` and `dsf-bpe` can be used as a starting point for a Kubernetes deployment with minor additions:
+
+- Add `namespace` to each resource
+- Replace ConfigMap-based private keys with proper `kind: Secret` resources
+- Replace `hostPath` volumes with appropriate `PersistentVolumeClaim` resources
+  For this we need a different solution for managing logs then the log-directory.
+- Replace `hostPort` with a proper `Service` of type `LoadBalancer` or `NodePort`
+- Consider a sidecar or init container approach for process plugins
+- Instead of deploying plugins as jar files via bind-mount, publish them as OCI images and mount them into the container.
+
+### Notes on certificate handling
+
+In this setup, certificate keys are provided as ConfigMaps. This has the following advantages in the Podman/Quadlet context:
+
+- Editable as plain text (PEM format)
+- Reusable across multiple pods via the `--configmap` option in `podman kube play`
+
+In a production Kubernetes deployment, private keys should be stored as `kind: Secret` instead of ConfigMap to benefit from Kubernetes secret management, RBAC, and optional encryption at rest.
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl
new file mode 100644
index 000000000..4e1b12258
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dsf-bpe-passwords
+stringData:
+  db_liquibase.password: "${DB_LIQUIBASE_PASSWORD}"
+  db_user.password: "${DB_USER_PASSWORD}"
+  db_user_camunda.password: "${DB_USER_CAMUNDA}"
\ No newline at end of file
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe.target b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe.target
new file mode 100644
index 000000000..8e27441bb
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe.target
@@ -0,0 +1,7 @@
+[Unit]
+Description=DSF FHIR Server
+Wants=dsf-bpe-app.service
+After=dsf-bpe-app.service
+
+[Install]
+WantedBy=default.target
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network
new file mode 100644
index 000000000..dc672fa89
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network
@@ -0,0 +1,2 @@
+[Network]
+NetworkName=dsf-backend
\ No newline at end of file
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube
new file mode 100644
index 000000000..9297ce780
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube
@@ -0,0 +1,16 @@
+[Unit]
+Description=DSF BPE Application
+PartOf=dsf-bpe.target
+After=dsf-bpe-db.service
+Wants=dsf-db.service
+
+[Kube]
+Yaml=%h/.config/containers/systemd/dsf-bpe-app.yaml
+ConfigMap=%h/.config/containers/systemd/dsf-client-cert.yaml
+Network=dsf-bpe-backend.network
+
+[Service]
+Restart=on-failure
+
+[Install]
+WantedBy=dsf-bpe.target
\ No newline at end of file
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
new file mode 100644
index 000000000..c73a33514
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
@@ -0,0 +1,80 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dsf-bpe-cache
+  annotations:
+    volume.podman.io/uid: "0"
+    volume.podman.io/gid: "2202"
+    volume.podman.io/mount-options: "uid=0,gid=2202,mode=0770"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsf-bpe-config
+data:
+  TZ: "Europe/Berlin"
+  DEV_DSF_BPE_DB_URL: "jdbc:postgresql://dsf-bpe-db/bpe"
+  DEV_DSF_BPE_DB_LIQUIBASE_PASSWORD_FILE: "/run/secrets/db/db_liquibase.password"
+  DEV_DSF_BPE_DB_USER_PASSWORD_FILE: "/run/secrets/db/db_user.password"
+  DEV_DSF_BPE_DB_USER_ENGINE_PASSWORD_FILE: "/run/secrets/db/db_user_camunda.password"
+  DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE: "/run/secrets/cert/client_certificate.pem"
+  DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: "/run/secrets/cert/client_certificate_private_key.pem"
+  DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE: "/run/secrets/cert/client_certificate_private_key.pem.password"
+  # TODO specify the base url of this DSF FHIR server
+  DEV_DSF_BPE_FHIR_SERVER_BASE_URL: "https://dsf.todo.organization.com/fhir"
+  # DEV_DSF_BPE_PROCESS_EXCLUDED: |
+  #   dsfdev_updateAllowList|1.0
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dsf-bpe-app
+  labels:
+    app: dsf-bpe-app
+spec:
+  restartPolicy: OnFailure
+  containers:
+    - name: dsf-bpe-app
+      image: ghcr.io/datasharingframework/bpe:2.1.0
+      envFrom:
+        - configMapRef:
+            name: dsf-bpe-config
+      volumeMounts:
+        - name: db-passwords
+          mountPath: /run/secrets/db
+          readOnly: true
+        - name: client-cert
+          mountPath: /run/secrets/cert
+          readOnly: true
+        - name: bpe-log
+          mountPath: /opt/bpe/log
+        - name: bpe-process
+          mountPath: /opt/bpe/process
+          readOnly: true
+        - name: bpe-cache
+          mountPath: /opt/bpe/cache
+  volumes:
+    - name: bpe-log
+      hostPath:
+        path: /home/podman/.local/state/dsf/bpe/log
+        type: Directory
+    - name: bpe-process
+      hostPath:
+        path: /home/podman/.config/dsf-bpe/process
+        type: Directory
+    - name: db-passwords
+      secret:
+        secretName: dsf-bpe-passwords
+    - name: client-cert
+      configMap:
+        name: dsf-client-cert
+    - name: bpe-cache
+      persistentVolumeClaim:
+        claimName: dsf-bpe-cache
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube
new file mode 100644
index 000000000..1ff6aefb3
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube
@@ -0,0 +1,13 @@
+[Unit]
+Description=DSF BPE Database
+PartOf=dsf-bpe.target
+
+[Kube]
+Yaml=%h/.config/containers/systemd/dsf-bpe-db.yaml
+Network=dsf-backend.network
+
+[Service]
+Restart=on-failure
+
+[Install]
+WantedBy=dsf-bpe.target
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
new file mode 100644
index 000000000..a11fb68f3
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
@@ -0,0 +1,63 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dsf-bpe-db-data
+  annotations:
+    volume.podman.io/driver: local
+    volume.podman.io/uid: "70"
+    volume.podman.io/gid: "70"
+    volume.podman.io/mount-options: "uid=70,gid=70,mode=0770"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dsf-bpe-db
+  labels:
+    app: dsf-bpe-db
+spec:
+  restartPolicy: OnFailure
+  containers:
+    - name: dsf-bpe-db
+      image: docker.io/library/postgres:18.3-alpine3.23
+      env:
+        - name: TZ
+          value: Europe/Berlin
+        - name: POSTGRES_USER
+          value: liquibase_user
+        - name: POSTGRES_DB
+          value: bpe
+        - name: POSTGRES_PASSWORD_FILE
+          value: /run/secrets/db_liquibase.password
+      livenessProbe:
+        exec:
+          command:
+            - pg_isready
+            - -U
+            - liquibase_user
+            - -d
+            - bpe
+        initialDelaySeconds: 10
+        periodSeconds: 10
+        timeoutSeconds: 5
+        failureThreshold: 5
+      volumeMounts:
+        - name: db-data
+          mountPath: /var/lib/postgresql
+        - name: db-passwords
+          mountPath: /run/secrets/db_liquibase.password
+          subPath: db_liquibase.password
+          readOnly: true
+  volumes:
+    - name: db-data
+      persistentVolumeClaim:
+        claimName: dsf-bpe-db-data
+    - name: db-passwords
+      secret:
+        secretName: dsf-bpe-passwords
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml
new file mode 100644
index 000000000..edbaad91e
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsf-client-cert
+data:
+  client_certificate.pem: |
+    -----BEGIN CERTIFICATE-----
+    MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+    ...
+    -----END CERTIFICATE-----
+  client_certificate_private_key.pem: |
+    -----BEGIN CERTIFICATE-----
+    ...
+    -----END CERTIFICATE-----
+  client_certificate_private_key.pem.password: "dein-passwort"
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl
new file mode 100644
index 000000000..40afe8167
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dsf-fhir-passwords
+stringData:
+  db_liquibase.password: "${DB_LIQUIBASE_PASSWORD}"
+  db_user.password: "${DB_USER_PASSWORD}"
+  db_user_permanent_delete.password: "${DB_USER_PERMANENT_DELETE_PASSWORD}"
\ No newline at end of file
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir.target b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir.target
new file mode 100644
index 000000000..2903ded98
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir.target
@@ -0,0 +1,7 @@
+[Unit]
+Description=DSF FHIR Server
+Wants=dsf-proxy.service
+After=dsf-proxy.service
+
+[Install]
+WantedBy=default.target
\ No newline at end of file
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube
new file mode 100644
index 000000000..0af71d7b9
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube
@@ -0,0 +1,16 @@
+[Unit]
+Description=DSF FHIR App
+After=dsf-db.service
+Wants=dsf-db.service
+PartOf=dsf-fhir.target
+
+[Kube]
+Yaml=%h/.config/containers/systemd/dsf-app.yaml
+ConfigMap=%h/.config/containers/systemd/dsf-client-cert.yaml
+Network=dsf-backend.network
+
+[Service]
+Restart=on-failure
+
+[Install]
+WantedBy=dsf-fhir.target
\ No newline at end of file
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
new file mode 100644
index 000000000..c2d1947e3
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsf-fhir-config
+data:
+  TZ: "Europe/Berlin"
+  DEV_DSF_FHIR_DB_URL: "jdbc:postgresql://dsf-db/fhir"
+  DEV_DSF_FHIR_DB_LIQUIBASE_PASSWORD_FILE: "/run/secrets/db/db_liquibase.password"
+  DEV_DSF_FHIR_DB_USER_PASSWORD_FILE: "/run/secrets/db/db_user.password"
+  DEV_DSF_FHIR_DB_USER_PERMANENT_DELETE_PASSWORD_FILE: "/run/secrets/db/db_user_permanent_delete.password"
+  DEV_DSF_FHIR_CLIENT_CERTIFICATE: "/run/secrets/cert/client_certificate.pem"
+  DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: "/run/secrets/cert/client_certificate_private_key.pem"
+  DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE: "/run/secrets/cert/client_certificate_private_key.pem.password"
+  DEV_DSF_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE: "todo.organization.com"
+  # TODO specify the base url of this DSF FHIR server
+  DEV_DSF_FHIR_SERVER_BASE_URL: "https://dsf.todo.organization.com/fhir"
+  # TODO specify the SHA-512 thumbprint of the Client-Certificate as lower case HEX (Regex: ^[a-f0-9]{128}$)
+  # certtool --fingerprint --hash=sha512 --infile=client_certificate.pem
+  # or simply get it from allowlist management tool
+  DEV_DSF_FHIR_SERVER_ORGANIZATION_THUMBPRINT: ""
+  # TODO specify role configuration to allow access to the UI via web-browser or REST API for specific users, see documentation at dsf.dev
+  DEV_DSF_FHIR_SERVER_ROLECONFIG: |
+    ""
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dsf-app
+  labels:
+    app: dsf-app-pod
+spec:
+  restartPolicy: OnFailure
+  containers:
+    - name: dsf-app
+      image: ghcr.io/datasharingframework/fhir:2.1.0
+      envFrom:
+        - configMapRef:
+            name: dsf-fhir-config
+      volumeMounts:
+        - mountPath: /opt/fhir/log
+          name: fhir-log
+        - name: db-passwords
+          mountPath: /run/secrets/db
+          readOnly: true
+        - name: client-cert
+          mountPath: /run/secrets/cert
+          readOnly: true
+
+  volumes:
+    - name: fhir-log
+      hostPath:
+        path: /home/podman/.local/state/dsf/fhir/log
+        type: Directory
+    - name: db-passwords
+      secret:
+        secretName: dsf-fhir-passwords
+    - name: client-cert
+      configMap:
+        name: dsf-client-cert
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network
new file mode 100644
index 000000000..dc672fa89
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network
@@ -0,0 +1,2 @@
+[Network]
+NetworkName=dsf-backend
\ No newline at end of file
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml
new file mode 100644
index 000000000..edbaad91e
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsf-client-cert
+data:
+  client_certificate.pem: |
+    -----BEGIN CERTIFICATE-----
+    MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+    ...
+    -----END CERTIFICATE-----
+  client_certificate_private_key.pem: |
+    -----BEGIN CERTIFICATE-----
+    ...
+    -----END CERTIFICATE-----
+  client_certificate_private_key.pem.password: "dein-passwort"
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube
new file mode 100644
index 000000000..460405bfa
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube
@@ -0,0 +1,13 @@
+[Unit]
+Description=DSF FHIR DB
+PartOf=dsf-fhir.target
+
+[Kube]
+Yaml=%h/.config/containers/systemd/dsf-db.yaml
+Network=dsf-backend.network
+
+[Service]
+Restart=on-failure
+
+[Install]
+WantedBy=dsf-fhir.target
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
new file mode 100644
index 000000000..69cb365c8
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
@@ -0,0 +1,62 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dsf-db-data
+  annotations:
+    volume.podman.io/driver: local
+    volume.podman.io/gid: "70"
+    volume.podman.io/uid: "70"
+    volume.podman.io/mount-options: "uid=70,gid=70,mode=0770"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app: dsf-db
+  name: dsf-db
+spec:
+  containers:
+  - image: docker.io/library/postgres:18.3-alpine3.23
+    name: dsf-db
+    livenessProbe:
+      exec:
+        command:
+          - pg_isready
+          - -U
+          - liquibase_user
+          - -d
+          - fhir
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 5
+      failureThreshold: 5
+    env:
+    - name: POSTGRES_DB
+      value: fhir
+    - name: POSTGRES_PASSWORD_FILE
+      value: /run/secrets/db_liquibase.password
+    - name: POSTGRES_USER
+      value: liquibase_user
+    - name: TZ
+      value: Europe/Berlin
+    volumeMounts:
+    - mountPath: /var/lib/postgresql
+      name: postgres-data-pvc
+    - name: db-passwords
+      mountPath: /run/secrets/db_liquibase.password
+      subPath: db_liquibase.password
+      readOnly: true
+  volumes:
+  - name: postgres-data-pvc
+    persistentVolumeClaim:
+      claimName: dsf-db-data
+  - name: db-passwords
+    secret:
+      secretName: dsf-fhir-passwords
\ No newline at end of file
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network
new file mode 100644
index 000000000..8bf0a4829
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network
@@ -0,0 +1,2 @@
+[Network]
+NetworkName=dsf-frontend
\ No newline at end of file
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube
new file mode 100644
index 000000000..d0227e3d8
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube
@@ -0,0 +1,16 @@
+[Unit]
+Description=DSF FHIR Proxy
+PartOf=dsf-fhir.target
+After=dsf-app.service
+
+[Kube]
+Yaml=%h/.config/containers/systemd/dsf-proxy.yaml
+ConfigMap=%h/.config/containers/systemd/dsf-ssl-cert.yaml
+Network=dsf-frontend.network
+Network=dsf-backend.network
+
+[Service]
+Restart=on-failure
+
+[Install]
+WantedBy=dsf-fhir.target
\ No newline at end of file
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml
new file mode 100644
index 000000000..1e7bad633
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml
@@ -0,0 +1,40 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dsf-proxy
+  labels:
+    app: dsf-proxy
+spec:
+  restartPolicy: OnFailure
+  securityContext:
+    sysctls:
+      - name: net.ipv4.ip_unprivileged_port_start
+        value: "80"
+  containers:
+    - name: dsf-proxy
+      image: ghcr.io/datasharingframework/fhir_proxy:2.1.0
+      env:
+        - name: TZ
+          value: Europe/Berlin
+        - name: APP_SERVER_IP
+          value: dsf-app
+        - name: HTTPS_SERVER_NAME_PORT
+          value: "dsf.todo.organization.com:443"
+        - name: SSL_CERTIFICATE_FILE
+          value: /run/secrets/ssl_certificate_file.pem
+        - name: SSL_CERTIFICATE_KEY_FILE
+          value: /run/secrets/ssl_certificate_key_file.pem
+        - name: SSL_CERTIFICATE_CHAIN_FILE
+          value: /run/secrets/ssl_certificate_chain_file.pem
+      ports:
+        - containerPort: 443
+          hostPort: 443
+      volumeMounts:
+        - name: ssl-cert
+          mountPath: /run/secrets
+          readOnly: true
+  volumes:
+    - name: ssl-cert
+      configMap:
+        name: dsf-ssl-cert
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml
new file mode 100644
index 000000000..0c0500497
--- /dev/null
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsf-ssl-cert
+data:
+  ssl_certificate_file.pem: |
+    -----BEGIN CERTIFICATE-----
+    MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+    ...
+    -----END CERTIFICATE-----
+  ssl_certificate_chain_file.pem: |
+    -----BEGIN CERTIFICATE-----
+    ...
+    -----END CERTIFICATE-----
+  ssl_certificate_key_file.pem: |
+    -----BEGIN CERTIFICATE-----
+    ...
+    -----END CERTIFICATE-----

From 11815c84193e9c8b4029cba2eacd73de94e15b7f Mon Sep 17 00:00:00 2001
From: Filiz Kluba <Filiz.Kluba@unimedizin-mainz.de>
Date: Wed, 20 May 2026 11:41:26 +0200
Subject: [PATCH 3/8] chore(fix-dev): update postgres version for
 podman-dev-setup

---
 dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml | 2 +-
 dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
index a11fb68f3..8a0fe07eb 100644
--- a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
@@ -25,7 +25,7 @@ spec:
   restartPolicy: OnFailure
   containers:
     - name: dsf-bpe-db
-      image: docker.io/library/postgres:18.3-alpine3.23
+      image: docker.io/library/postgres:18.4-alpine3.23
       env:
         - name: TZ
           value: Europe/Berlin
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
index 69cb365c8..35030b000 100644
--- a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
@@ -23,7 +23,7 @@ metadata:
   name: dsf-db
 spec:
   containers:
-  - image: docker.io/library/postgres:18.3-alpine3.23
+  - image: docker.io/library/postgres:18.4-alpine3.23
     name: dsf-db
     livenessProbe:
       exec:

From 08cc4159b441af39a94a4bd667b48ded02c92692 Mon Sep 17 00:00:00 2001
From: Filiz Kluba <Filiz.Kluba@unimedizin-mainz.de>
Date: Wed, 20 May 2026 11:53:38 +0200
Subject: [PATCH 4/8] chore(dev-setup): remove log bind-mount on dev-quadlet

- is already managed by the journalctl
---
 dsf-dev-setups/dsf-podman-dev-setup/README.md        | 12 ------------
 .../dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml    |  6 ------
 .../dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml       |  6 ------
 3 files changed, 24 deletions(-)

diff --git a/dsf-dev-setups/dsf-podman-dev-setup/README.md b/dsf-dev-setups/dsf-podman-dev-setup/README.md
index 835c4311a..41bca1b09 100644
--- a/dsf-dev-setups/dsf-podman-dev-setup/README.md
+++ b/dsf-dev-setups/dsf-podman-dev-setup/README.md
@@ -102,11 +102,6 @@ podman quadlet install ./dsf-fhir
 
 # Install systemd target
 install -m 640 ./dsf-fhir.target ~/.config/systemd/user/dsf-fhir.target
-
-# Create log directory with correct permissions
-mkdir -p ~/.local/state/dsf/fhir/log
-podman unshare chown root:2101 ~/.local/state/dsf/fhir/log
-podman unshare chmod 770 ~/.local/state/dsf/fhir/log
 ```
 
 ### Configuration
@@ -191,11 +186,6 @@ podman quadlet install ./dsf-bpe
 # Install systemd target
 install -m 640 ./dsf-bpe.target ~/.config/systemd/user/dsf-bpe.target
 
-# Create log directory with correct permissions
-mkdir -p ~/.local/state/dsf/bpe/log
-podman unshare chown root:2202 ~/.local/state/dsf/bpe/log
-podman unshare chmod 770 ~/.local/state/dsf/bpe/log
-
 # Create process plugin directory
 mkdir -p ~/.config/dsf-bpe/process
 podman unshare chown root:2202 ~/.config/dsf-bpe/process
@@ -286,8 +276,6 @@ The Kubernetes YAML files under `dsf-fhir` and `dsf-bpe` can be used as a starti
 
 - Add `namespace` to each resource
 - Replace ConfigMap-based private keys with proper `kind: Secret` resources
-- Replace `hostPath` volumes with appropriate `PersistentVolumeClaim` resources
-  For this we need a different solution for managing logs then the log-directory.
 - Replace `hostPort` with a proper `Service` of type `LoadBalancer` or `NodePort`
 - Consider a sidecar or init container approach for process plugins
 - Instead of deploying plugins as jar files via bind-mount, publish them as OCI images and mount them into the container.
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
index c73a33514..062eed9b9 100644
--- a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
@@ -53,18 +53,12 @@ spec:
         - name: client-cert
           mountPath: /run/secrets/cert
           readOnly: true
-        - name: bpe-log
-          mountPath: /opt/bpe/log
         - name: bpe-process
           mountPath: /opt/bpe/process
           readOnly: true
         - name: bpe-cache
           mountPath: /opt/bpe/cache
   volumes:
-    - name: bpe-log
-      hostPath:
-        path: /home/podman/.local/state/dsf/bpe/log
-        type: Directory
     - name: bpe-process
       hostPath:
         path: /home/podman/.config/dsf-bpe/process
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
index c2d1947e3..3cdb46e8c 100644
--- a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
+++ b/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
@@ -38,8 +38,6 @@ spec:
         - configMapRef:
             name: dsf-fhir-config
       volumeMounts:
-        - mountPath: /opt/fhir/log
-          name: fhir-log
         - name: db-passwords
           mountPath: /run/secrets/db
           readOnly: true
@@ -48,10 +46,6 @@ spec:
           readOnly: true
 
   volumes:
-    - name: fhir-log
-      hostPath:
-        path: /home/podman/.local/state/dsf/fhir/log
-        type: Directory
     - name: db-passwords
       secret:
         secretName: dsf-fhir-passwords

From 99cb4591c549c845f4bb7f2164abd9783951b69a Mon Sep 17 00:00:00 2001
From: Filiz Kluba <Filiz.Kluba@unimedizin-mainz.de>
Date: Tue, 2 Jun 2026 09:01:55 +0200
Subject: [PATCH 5/8] changed paths

---
 .../README.md                                                     | 0
 .../db/init-db.sh                                                 | 0
 .../dic1/bpe/log/README.md                                        | 0
 .../dic1/bpe/process/README.md                                    | 0
 .../dic1/fhir/log/README.md                                       | 0
 .../dic1/ui/logo.svg                                              | 0
 .../dic1/ui/logo_dark.svg                                         | 0
 .../dic2/bpe/log/README.md                                        | 0
 .../dic2/bpe/process/README.md                                    | 0
 .../dic2/fhir/log/README.md                                       | 0
 .../dic2/ui/logo.svg                                              | 0
 .../dic2/ui/logo_dark.svg                                         | 0
 .../dic3/bpe/log/README.md                                        | 0
 .../dic3/bpe/process/README.md                                    | 0
 .../dic3/fhir/log/README.md                                       | 0
 .../dic3/ui/logo.svg                                              | 0
 .../dic3/ui/logo_dark.svg                                         | 0
 .../docker-build.bat                                              | 0
 .../docker-build.sh                                               | 0
 .../docker-compose.yml                                            | 0
 .../forward-proxy/Dockerfile                                      | 0
 .../forward-proxy/tinyproxy.conf                                  | 0
 .../keycloak/dic1.json                                            | 0
 .../keycloak/dic2.json                                            | 0
 .../keycloak/dic3.json                                            | 0
 .../keycloak/ttp.json                                             | 0
 .../proxy/conf.d/dic1.conf                                        | 0
 .../proxy/conf.d/dic2.conf                                        | 0
 .../proxy/conf.d/dic3.conf                                        | 0
 .../proxy/conf.d/ttp.conf                                         | 0
 .../proxy/nginx.conf                                              | 0
 .../secrets/db_dic1_bpe_user.password                             | 0
 .../secrets/db_dic1_bpe_user_engine.password                      | 0
 .../secrets/db_dic1_fhir_user.password                            | 0
 .../secrets/db_dic1_fhir_user_permanent_delete.password           | 0
 .../secrets/db_dic2_bpe_user.password                             | 0
 .../secrets/db_dic2_bpe_user_engine.password                      | 0
 .../secrets/db_dic2_fhir_user.password                            | 0
 .../secrets/db_dic2_fhir_user_permanent_delete.password           | 0
 .../secrets/db_dic3_bpe_user.password                             | 0
 .../secrets/db_dic3_bpe_user_engine.password                      | 0
 .../secrets/db_dic3_fhir_user.password                            | 0
 .../secrets/db_dic3_fhir_user_permanent_delete.password           | 0
 .../secrets/db_liquibase.password                                 | 0
 .../secrets/db_ttp_bpe_user.password                              | 0
 .../secrets/db_ttp_bpe_user_engine.password                       | 0
 .../secrets/db_ttp_fhir_user.password                             | 0
 .../secrets/db_ttp_fhir_user_permanent_delete.password            | 0
 .../secrets/oidc_client_dic1_bpe.secret                           | 0
 .../secrets/oidc_client_dic1_fhir.secret                          | 0
 .../secrets/oidc_client_dic2_bpe.secret                           | 0
 .../secrets/oidc_client_dic2_fhir.secret                          | 0
 .../secrets/oidc_client_dic3_bpe.secret                           | 0
 .../secrets/oidc_client_dic3_fhir.secret                          | 0
 .../secrets/oidc_client_ttp_bpe.secret                            | 0
 .../secrets/oidc_client_ttp_fhir.secret                           | 0
 .../ttp/bpe/log/README.md                                         | 0
 .../ttp/bpe/process/README.md                                     | 0
 .../ttp/fhir/conf/bundle.xml                                      | 0
 .../ttp/fhir/log/README.md                                        | 0
 .../ttp/ui/logo.svg                                               | 0
 .../ttp/ui/logo_dark.svg                                          | 0
 .../ui/bpe_mod.css                                                | 0
 .../ui/fhir_mod.css                                               | 0
 .../bpe/docker-compose.yml                                        | 0
 .../bpe/log/README.md                                             | 0
 .../bpe/process/README.md                                         | 0
 .../bpe/secrets/db_liquibase.password                             | 0
 .../bpe/secrets/db_user.password                                  | 0
 .../bpe/secrets/db_user_engine.password                           | 0
 .../docker-build.bat                                              | 0
 .../dsf-docker-dev-setup => dsf-docker-dev-setup}/docker-build.sh | 0
 .../fhir/conf/bundle.xml                                          | 0
 .../fhir/docker-compose.yml                                       | 0
 .../fhir/log/README.md                                            | 0
 .../fhir/secrets/db_liquibase.password                            | 0
 .../fhir/secrets/db_user.password                                 | 0
 .../fhir/secrets/db_user_permanent_delete.password                | 0
 .../dsf-podman-dev-setup => dsf-podman-dev-setup}/README.md       | 0
 .../dsf-bpe-passwords.yaml.tpl                                    | 0
 .../dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-bpe.target  | 0
 .../dsf-bpe/dsf-backend.network                                   | 0
 .../dsf-bpe/dsf-bpe-app.kube                                      | 0
 .../dsf-bpe/dsf-bpe-app.yaml                                      | 0
 .../dsf-bpe/dsf-bpe-db.kube                                       | 0
 .../dsf-bpe/dsf-bpe-db.yaml                                       | 0
 .../dsf-bpe/dsf-client-cert.yaml                                  | 0
 .../dsf-fhir-passwords.yaml.tpl                                   | 0
 .../dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir.target | 0
 .../dsf-fhir/dsf-app.kube                                         | 0
 .../dsf-fhir/dsf-app.yaml                                         | 0
 .../dsf-fhir/dsf-backend.network                                  | 0
 .../dsf-fhir/dsf-client-cert.yaml                                 | 0
 .../dsf-fhir/dsf-db.kube                                          | 0
 .../dsf-fhir/dsf-db.yaml                                          | 0
 .../dsf-fhir/dsf-frontend.network                                 | 0
 .../dsf-fhir/dsf-proxy.kube                                       | 0
 .../dsf-fhir/dsf-proxy.yaml                                       | 0
 .../dsf-fhir/dsf-ssl-cert.yaml                                    | 0
 99 files changed, 0 insertions(+), 0 deletions(-)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/db/init-db.sh (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic1/bpe/log/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic1/bpe/process/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic1/fhir/log/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic1/ui/logo.svg (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic1/ui/logo_dark.svg (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic2/bpe/log/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic2/bpe/process/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic2/fhir/log/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic2/ui/logo.svg (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic2/ui/logo_dark.svg (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic3/bpe/log/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic3/bpe/process/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic3/fhir/log/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic3/ui/logo.svg (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/dic3/ui/logo_dark.svg (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/docker-build.bat (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/docker-build.sh (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/docker-compose.yml (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/forward-proxy/Dockerfile (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/forward-proxy/tinyproxy.conf (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/keycloak/dic1.json (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/keycloak/dic2.json (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/keycloak/dic3.json (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/keycloak/ttp.json (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/dic1.conf (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/dic2.conf (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/dic3.conf (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/proxy/conf.d/ttp.conf (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/proxy/nginx.conf (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_bpe_user.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_bpe_user_engine.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_fhir_user.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic1_fhir_user_permanent_delete.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_bpe_user.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_bpe_user_engine.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_fhir_user.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic2_fhir_user_permanent_delete.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_bpe_user.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_bpe_user_engine.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_fhir_user.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_dic3_fhir_user_permanent_delete.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_liquibase.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_bpe_user.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_bpe_user_engine.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_fhir_user.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/db_ttp_fhir_user_permanent_delete.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic1_bpe.secret (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic1_fhir.secret (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic2_bpe.secret (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic2_fhir.secret (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic3_bpe.secret (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_dic3_fhir.secret (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_ttp_bpe.secret (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/secrets/oidc_client_ttp_fhir.secret (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/ttp/bpe/log/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/ttp/bpe/process/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/ttp/fhir/conf/bundle.xml (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/ttp/fhir/log/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/ttp/ui/logo.svg (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/ttp/ui/logo_dark.svg (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/ui/bpe_mod.css (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp => dsf-docker-dev-setup-3dic-ttp}/ui/fhir_mod.css (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/bpe/docker-compose.yml (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/bpe/log/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/bpe/process/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/bpe/secrets/db_liquibase.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/bpe/secrets/db_user.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/bpe/secrets/db_user_engine.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/docker-build.bat (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/docker-build.sh (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/fhir/conf/bundle.xml (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/fhir/docker-compose.yml (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/fhir/log/README.md (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/fhir/secrets/db_liquibase.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/fhir/secrets/db_user.password (100%)
 rename {dsf-dev-setups/dsf-docker-dev-setup => dsf-docker-dev-setup}/fhir/secrets/db_user_permanent_delete.password (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/README.md (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-bpe-passwords.yaml.tpl (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-bpe.target (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-bpe/dsf-backend.network (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-bpe/dsf-bpe-app.kube (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-bpe/dsf-bpe-app.yaml (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-bpe/dsf-bpe-db.kube (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-bpe/dsf-bpe-db.yaml (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-bpe/dsf-client-cert.yaml (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir-passwords.yaml.tpl (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir.target (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir/dsf-app.kube (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir/dsf-app.yaml (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir/dsf-backend.network (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir/dsf-client-cert.yaml (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir/dsf-db.kube (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir/dsf-db.yaml (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir/dsf-frontend.network (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir/dsf-proxy.kube (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir/dsf-proxy.yaml (100%)
 rename {dsf-dev-setups/dsf-podman-dev-setup => dsf-podman-dev-setup}/dsf-fhir/dsf-ssl-cert.yaml (100%)

diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/README.md b/dsf-docker-dev-setup-3dic-ttp/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/README.md
rename to dsf-docker-dev-setup-3dic-ttp/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/db/init-db.sh b/dsf-docker-dev-setup-3dic-ttp/db/init-db.sh
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/db/init-db.sh
rename to dsf-docker-dev-setup-3dic-ttp/db/init-db.sh
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md b/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md
rename to dsf-docker-dev-setup-3dic-ttp/dic1/bpe/log/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md b/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md
rename to dsf-docker-dev-setup-3dic-ttp/dic1/bpe/process/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md b/dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md
rename to dsf-docker-dev-setup-3dic-ttp/dic1/fhir/log/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg b/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg
rename to dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo.svg
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg b/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg
rename to dsf-docker-dev-setup-3dic-ttp/dic1/ui/logo_dark.svg
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md b/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md
rename to dsf-docker-dev-setup-3dic-ttp/dic2/bpe/log/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md b/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md
rename to dsf-docker-dev-setup-3dic-ttp/dic2/bpe/process/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md b/dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md
rename to dsf-docker-dev-setup-3dic-ttp/dic2/fhir/log/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg b/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg
rename to dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo.svg
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg b/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg
rename to dsf-docker-dev-setup-3dic-ttp/dic2/ui/logo_dark.svg
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md b/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md
rename to dsf-docker-dev-setup-3dic-ttp/dic3/bpe/log/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md b/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md
rename to dsf-docker-dev-setup-3dic-ttp/dic3/bpe/process/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md b/dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md
rename to dsf-docker-dev-setup-3dic-ttp/dic3/fhir/log/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg b/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg
rename to dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo.svg
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg b/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg
rename to dsf-docker-dev-setup-3dic-ttp/dic3/ui/logo_dark.svg
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.bat b/dsf-docker-dev-setup-3dic-ttp/docker-build.bat
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.bat
rename to dsf-docker-dev-setup-3dic-ttp/docker-build.bat
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.sh b/dsf-docker-dev-setup-3dic-ttp/docker-build.sh
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-build.sh
rename to dsf-docker-dev-setup-3dic-ttp/docker-build.sh
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml b/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
rename to dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile b/dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile
rename to dsf-docker-dev-setup-3dic-ttp/forward-proxy/Dockerfile
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf b/dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf
rename to dsf-docker-dev-setup-3dic-ttp/forward-proxy/tinyproxy.conf
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json b/dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json
rename to dsf-docker-dev-setup-3dic-ttp/keycloak/dic1.json
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json b/dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json
rename to dsf-docker-dev-setup-3dic-ttp/keycloak/dic2.json
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json b/dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json
rename to dsf-docker-dev-setup-3dic-ttp/keycloak/dic3.json
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json b/dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json
rename to dsf-docker-dev-setup-3dic-ttp/keycloak/ttp.json
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf b/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf
rename to dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic1.conf
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf b/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf
rename to dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic2.conf
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf b/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf
rename to dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/dic3.conf
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf b/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf
rename to dsf-docker-dev-setup-3dic-ttp/proxy/conf.d/ttp.conf
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf b/dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf
rename to dsf-docker-dev-setup-3dic-ttp/proxy/nginx.conf
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_bpe_user_engine.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic1_fhir_user_permanent_delete.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_bpe_user_engine.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic2_fhir_user_permanent_delete.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_bpe_user_engine.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_dic3_fhir_user_permanent_delete.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_liquibase.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_bpe_user_engine.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password b/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password
rename to dsf-docker-dev-setup-3dic-ttp/secrets/db_ttp_fhir_user_permanent_delete.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret b/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret
rename to dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret b/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret
rename to dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret b/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret
rename to dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret b/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret
rename to dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret b/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret
rename to dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret b/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret
rename to dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret b/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret
rename to dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret b/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret
rename to dsf-docker-dev-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md b/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md
rename to dsf-docker-dev-setup-3dic-ttp/ttp/bpe/log/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md b/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md
rename to dsf-docker-dev-setup-3dic-ttp/ttp/bpe/process/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml b/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml
rename to dsf-docker-dev-setup-3dic-ttp/ttp/fhir/conf/bundle.xml
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md b/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md
rename to dsf-docker-dev-setup-3dic-ttp/ttp/fhir/log/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg b/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg
rename to dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo.svg
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg b/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg
rename to dsf-docker-dev-setup-3dic-ttp/ttp/ui/logo_dark.svg
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css b/dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css
rename to dsf-docker-dev-setup-3dic-ttp/ui/bpe_mod.css
diff --git a/dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css b/dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css
rename to dsf-docker-dev-setup-3dic-ttp/ui/fhir_mod.css
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/bpe/docker-compose.yml b/dsf-docker-dev-setup/bpe/docker-compose.yml
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/bpe/docker-compose.yml
rename to dsf-docker-dev-setup/bpe/docker-compose.yml
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/bpe/log/README.md b/dsf-docker-dev-setup/bpe/log/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/bpe/log/README.md
rename to dsf-docker-dev-setup/bpe/log/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/bpe/process/README.md b/dsf-docker-dev-setup/bpe/process/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/bpe/process/README.md
rename to dsf-docker-dev-setup/bpe/process/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_liquibase.password b/dsf-docker-dev-setup/bpe/secrets/db_liquibase.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_liquibase.password
rename to dsf-docker-dev-setup/bpe/secrets/db_liquibase.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user.password b/dsf-docker-dev-setup/bpe/secrets/db_user.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user.password
rename to dsf-docker-dev-setup/bpe/secrets/db_user.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user_engine.password b/dsf-docker-dev-setup/bpe/secrets/db_user_engine.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/bpe/secrets/db_user_engine.password
rename to dsf-docker-dev-setup/bpe/secrets/db_user_engine.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/docker-build.bat b/dsf-docker-dev-setup/docker-build.bat
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/docker-build.bat
rename to dsf-docker-dev-setup/docker-build.bat
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/docker-build.sh b/dsf-docker-dev-setup/docker-build.sh
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/docker-build.sh
rename to dsf-docker-dev-setup/docker-build.sh
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/fhir/conf/bundle.xml b/dsf-docker-dev-setup/fhir/conf/bundle.xml
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/fhir/conf/bundle.xml
rename to dsf-docker-dev-setup/fhir/conf/bundle.xml
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/fhir/docker-compose.yml b/dsf-docker-dev-setup/fhir/docker-compose.yml
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/fhir/docker-compose.yml
rename to dsf-docker-dev-setup/fhir/docker-compose.yml
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/fhir/log/README.md b/dsf-docker-dev-setup/fhir/log/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/fhir/log/README.md
rename to dsf-docker-dev-setup/fhir/log/README.md
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_liquibase.password b/dsf-docker-dev-setup/fhir/secrets/db_liquibase.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_liquibase.password
rename to dsf-docker-dev-setup/fhir/secrets/db_liquibase.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user.password b/dsf-docker-dev-setup/fhir/secrets/db_user.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user.password
rename to dsf-docker-dev-setup/fhir/secrets/db_user.password
diff --git a/dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password b/dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password
similarity index 100%
rename from dsf-dev-setups/dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password
rename to dsf-docker-dev-setup/fhir/secrets/db_user_permanent_delete.password
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/README.md b/dsf-podman-dev-setup/README.md
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/README.md
rename to dsf-podman-dev-setup/README.md
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl b/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl
rename to dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe.target b/dsf-podman-dev-setup/dsf-bpe.target
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe.target
rename to dsf-podman-dev-setup/dsf-bpe.target
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network b/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network
rename to dsf-podman-dev-setup/dsf-bpe/dsf-backend.network
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube b/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube
rename to dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml b/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
rename to dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube b/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube
rename to dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml b/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
rename to dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml b/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml
rename to dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl b/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl
rename to dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir.target b/dsf-podman-dev-setup/dsf-fhir.target
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir.target
rename to dsf-podman-dev-setup/dsf-fhir.target
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube b/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube
rename to dsf-podman-dev-setup/dsf-fhir/dsf-app.kube
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml b/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
rename to dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network b/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network
rename to dsf-podman-dev-setup/dsf-fhir/dsf-backend.network
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml b/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml
rename to dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube b/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube
rename to dsf-podman-dev-setup/dsf-fhir/dsf-db.kube
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml b/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
rename to dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network b/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network
rename to dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube b/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube
rename to dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml b/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml
rename to dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml
diff --git a/dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml b/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml
similarity index 100%
rename from dsf-dev-setups/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml
rename to dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml

From e0a895e4b733e5207f6ec9bc89c517f01f3bc351 Mon Sep 17 00:00:00 2001
From: Filiz Kluba <Filiz.Kluba@unimedizin-mainz.de>
Date: Tue, 2 Jun 2026 09:09:36 +0200
Subject: [PATCH 6/8] revert previos changes

---
 .../docker-build.bat                          |  4 +-
 dsf-docker-dev-setup-3dic-ttp/docker-build.sh |  4 +-
 .../docker-compose.yml                        | 67 ++++++++++---------
 dsf-docker-dev-setup/docker-build.bat         |  8 +--
 dsf-docker-dev-setup/docker-build.sh          |  8 +--
 5 files changed, 49 insertions(+), 42 deletions(-)

diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-build.bat b/dsf-docker-dev-setup-3dic-ttp/docker-build.bat
index c09d07424..1cbc373ce 100644
--- a/dsf-docker-dev-setup-3dic-ttp/docker-build.bat
+++ b/dsf-docker-dev-setup-3dic-ttp/docker-build.bat
@@ -17,7 +17,7 @@
 @echo off
 
 echo datasharingframework/bpe ...
-docker build --pull -t datasharingframework/bpe ..\..\dsf-bpe\dsf-bpe-server-jetty\docker
+docker build --pull -t datasharingframework/bpe ..\dsf-bpe\dsf-bpe-server-jetty\docker
 
 echo datasharingframework/fhir ...
-docker build --pull -t datasharingframework/fhir ..\..\dsf-fhir\dsf-fhir-server-jetty\docker
\ No newline at end of file
+docker build --pull -t datasharingframework/fhir ..\dsf-fhir\dsf-fhir-server-jetty\docker
\ No newline at end of file
diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-build.sh b/dsf-docker-dev-setup-3dic-ttp/docker-build.sh
index 00eee485a..ff0d46727 100644
--- a/dsf-docker-dev-setup-3dic-ttp/docker-build.sh
+++ b/dsf-docker-dev-setup-3dic-ttp/docker-build.sh
@@ -17,7 +17,7 @@
 
 
 echo datasharingframework/bpe ...
-docker build --pull -t datasharingframework/bpe ../../dsf-bpe/dsf-bpe-server-jetty/docker
+docker build --pull -t datasharingframework/bpe ../dsf-bpe/dsf-bpe-server-jetty/docker
 
 echo datasharingframework/fhir ...
-docker build --pull -t datasharingframework/fhir ../../dsf-fhir/dsf-fhir-server-jetty/docker
\ No newline at end of file
+docker build --pull -t datasharingframework/fhir ../dsf-fhir/dsf-fhir-server-jetty/docker
\ No newline at end of file
diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml b/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
index bc273102d..3cd1ac2b8 100644
--- a/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
+++ b/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
@@ -94,7 +94,7 @@ services:
         read_only: true
 
   keycloak:
-    image: quay.io/keycloak/keycloak:26.6
+    image: quay.io/keycloak/keycloak:26.3
     restart: "no"
     ports:
       - 127.0.0.1:8443:8443
@@ -113,7 +113,14 @@ services:
     networks:
       - internet
     command: >-
-      start --db dev-file --hostname keycloak --import-realm --https-certificate-file=/run/secrets/keycloak.chain.crt --https-certificate-key-file=/run/secrets/keycloak.key.plain --spi-truststore-file-file=/run/secrets/keycloak_trust_store.jks --spi-truststore-file-password=password
+      start
+      --db dev-file
+      --hostname keycloak
+      --import-realm
+      --https-certificate-file=/run/secrets/keycloak.chain.crt
+      --https-certificate-key-file=/run/secrets/keycloak.key.plain
+      --spi-truststore-file-file=/run/secrets/keycloak_trust_store.jks
+      --spi-truststore-file-password=password
 
   forward-proxy:
     build: ./forward-proxy
@@ -125,11 +132,11 @@ services:
       internet:
 
   dic1-fhir:
-    build: ../../dsf-fhir/dsf-fhir-server-jetty/docker
+    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
-      - 127.0.0.1:5001:5001
+     - 127.0.0.1:5001:5001
     secrets:
       - db_liquibase.password
       - db_dic1_fhir_user.password
@@ -211,11 +218,11 @@ services:
       - keycloak
 
   dic2-fhir:
-    build: ../../dsf-fhir/dsf-fhir-server-jetty/docker
+    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
-      - 127.0.0.1:5002:5002
+     - 127.0.0.1:5002:5002
     secrets:
       - db_liquibase.password
       - db_dic2_fhir_user.password
@@ -292,11 +299,11 @@ services:
       - keycloak
 
   dic3-fhir:
-    build: ../../dsf-fhir/dsf-fhir-server-jetty/docker
+    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
-      - 127.0.0.1:5003:5003
+     - 127.0.0.1:5003:5003
     secrets:
       - db_liquibase.password
       - db_dic3_fhir_user.password
@@ -371,11 +378,11 @@ services:
       - keycloak
 
   ttp-fhir:
-    build: ../../dsf-fhir/dsf-fhir-server-jetty/docker
+    build: ../dsf-fhir/dsf-fhir-server-jetty/docker
     image: datasharingframework/fhir
     restart: "no"
     ports:
-      - 127.0.0.1:5004:5004
+     - 127.0.0.1:5004:5004
     secrets:
       - db_liquibase.password
       - db_ttp_fhir_user.password
@@ -443,7 +450,7 @@ services:
       DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW: 'true'
       DEV_DSF_SERVER_AUTH_OIDC_BACK_CHANNEL_LOGOUT: 'true'
       DEV_DSF_SERVER_AUTH_OIDC_BEARER_TOKEN: 'true'
-      DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp
+      DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp 
       DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TRUST_SERVER_CERTIFICATE_CAS: /run/secrets/root_ca.crt
       DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID: ttp-fhir
       DEV_DSF_SERVER_AUTH_OIDC_CLIENT_SECRET_FILE: /run/secrets/oidc_client_ttp_fhir.secret
@@ -458,7 +465,7 @@ services:
       - keycloak
 
   dic1-bpe:
-    build: ../../dsf-bpe/dsf-bpe-server-jetty/docker
+    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -578,7 +585,7 @@ services:
       - forward-proxy
 
   dic2-bpe:
-    build: ../../dsf-bpe/dsf-bpe-server-jetty/docker
+    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -667,7 +674,7 @@ services:
       - keycloak
 
   dic3-bpe:
-    build: ../../dsf-bpe/dsf-bpe-server-jetty/docker
+    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -756,7 +763,7 @@ services:
       - keycloak
 
   ttp-bpe:
-    build: ../../dsf-bpe/dsf-bpe-server-jetty/docker
+    build: ../dsf-bpe/dsf-bpe-server-jetty/docker
     image: datasharingframework/bpe
     restart: "no"
     ports:
@@ -830,7 +837,7 @@ services:
       DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW: 'true'
       DEV_DSF_SERVER_AUTH_OIDC_BACK_CHANNEL_LOGOUT: 'true'
       DEV_DSF_SERVER_AUTH_OIDC_BEARER_TOKEN: 'true'
-      DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp
+      DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL: https://keycloak:8443/realms/ttp 
       DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TRUST_SERVER_CERTIFICATE_CAS: /run/secrets/root_ca.crt
       DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID: ttp-bpe
       DEV_DSF_SERVER_AUTH_OIDC_CLIENT_SECRET_FILE: /run/secrets/oidc_client_ttp_bpe.secret
@@ -894,7 +901,7 @@ secrets:
 
   db_liquibase.password:
     file: ./secrets/db_liquibase.password
-
+    
   db_dic1_bpe_user.password:
     file: ./secrets/db_dic1_bpe_user.password
   db_dic1_bpe_user_engine.password:
@@ -903,7 +910,7 @@ secrets:
     file: ./secrets/db_dic1_fhir_user.password
   db_dic1_fhir_user_permanent_delete.password:
     file: ./secrets/db_dic1_fhir_user_permanent_delete.password
-
+    
   db_dic2_bpe_user.password:
     file: ./secrets/db_dic2_bpe_user.password
   db_dic2_bpe_user_engine.password:
@@ -912,7 +919,7 @@ secrets:
     file: ./secrets/db_dic2_fhir_user.password
   db_dic2_fhir_user_permanent_delete.password:
     file: ./secrets/db_dic2_fhir_user_permanent_delete.password
-
+    
   db_dic3_bpe_user.password:
     file: ./secrets/db_dic3_bpe_user.password
   db_dic3_bpe_user_engine.password:
@@ -921,7 +928,7 @@ secrets:
     file: ./secrets/db_dic3_fhir_user.password
   db_dic3_fhir_user_permanent_delete.password:
     file: ./secrets/db_dic3_fhir_user_permanent_delete.password
-
+    
   db_ttp_bpe_user.password:
     file: ./secrets/db_ttp_bpe_user.password
   db_ttp_bpe_user_engine.password:
@@ -948,67 +955,67 @@ secrets:
     file: ./secrets/oidc_client_dic3_bpe.secret
   oidc_client_ttp_bpe.secret:
     file: ./secrets/oidc_client_ttp_bpe.secret
-
+  
 networks:
   dic1-fhir-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-        - subnet: 172.20.0.0/29
+      - subnet: 172.20.0.0/29
   dic1-fhir-backend:
   dic2-fhir-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-        - subnet: 172.20.0.8/29
+      - subnet: 172.20.0.8/29
   dic2-fhir-backend:
   dic3-fhir-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-        - subnet: 172.20.0.16/29
+      - subnet: 172.20.0.16/29
   dic3-fhir-backend:
   ttp-fhir-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-        - subnet: 172.20.0.24/29
+      - subnet: 172.20.0.24/29
   ttp-fhir-backend:
   dic1-bpe-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-        - subnet: 172.20.0.32/29
+      - subnet: 172.20.0.32/29
   dic1-bpe-backend:
   dic2-bpe-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-        - subnet: 172.20.0.40/29
+      - subnet: 172.20.0.40/29
   dic2-bpe-backend:
   dic3-bpe-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-        - subnet: 172.20.0.48/29
+      - subnet: 172.20.0.48/29
   dic3-bpe-backend:
   ttp-bpe-frontend:
     driver: bridge
     ipam:
       driver: default
       config:
-        - subnet: 172.20.0.56/29
+      - subnet: 172.20.0.56/29
   ttp-bpe-backend:
   internet:
   forward-proxy:
 
 volumes:
   postgresql:
-    name: postgresql
+    name: postgresql
\ No newline at end of file
diff --git a/dsf-docker-dev-setup/docker-build.bat b/dsf-docker-dev-setup/docker-build.bat
index b263e5ca5..5d797e7d1 100644
--- a/dsf-docker-dev-setup/docker-build.bat
+++ b/dsf-docker-dev-setup/docker-build.bat
@@ -17,13 +17,13 @@
 @echo off
 
 echo datasharingframework/bpe ...
-docker build --pull -t datasharingframework/bpe ..\..\dsf-bpe\dsf-bpe-server-jetty\docker
+docker build --pull -t datasharingframework/bpe ..\dsf-bpe\dsf-bpe-server-jetty\docker
 
 echo datasharingframework/fhir ...
-docker build --pull -t datasharingframework/fhir ..\..\dsf-fhir\dsf-fhir-server-jetty\docker
+docker build --pull -t datasharingframework/fhir ..\dsf-fhir\dsf-fhir-server-jetty\docker
 
 echo datasharingframework/bpe_proxy ...
-docker build --pull -t datasharingframework/bpe_proxy ..\..\dsf-docker\bpe_proxy
+docker build --pull -t datasharingframework/bpe_proxy ..\dsf-docker\bpe_proxy
 
 echo datasharingframework/fhir_proxy ...
-docker build --pull -t datasharingframework/fhir_proxy ..\..\dsf-docker\fhir_proxy
+docker build --pull -t datasharingframework/fhir_proxy ..\dsf-docker\fhir_proxy
diff --git a/dsf-docker-dev-setup/docker-build.sh b/dsf-docker-dev-setup/docker-build.sh
index 1f182d238..4fecada35 100644
--- a/dsf-docker-dev-setup/docker-build.sh
+++ b/dsf-docker-dev-setup/docker-build.sh
@@ -17,13 +17,13 @@
 
 
 echo datasharingframework/bpe ...
-docker build --pull -t datasharingframework/bpe ../../dsf-bpe/dsf-bpe-server-jetty/docker
+docker build --pull -t datasharingframework/bpe ../dsf-bpe/dsf-bpe-server-jetty/docker
 
 echo datasharingframework/fhir ...
-docker build --pull -t datasharingframework/fhir ../../dsf-fhir/dsf-fhir-server-jetty/docker
+docker build --pull -t datasharingframework/fhir ../dsf-fhir/dsf-fhir-server-jetty/docker
 
 echo datasharingframework/bpe_proxy ...
-docker build --pull -t datasharingframework/bpe_proxy ../../dsf-docker/bpe_proxy
+docker build --pull -t datasharingframework/bpe_proxy ../dsf-docker/bpe_proxy
 
 echo datasharingframework/fhir_proxy ...
-docker build --pull -t datasharingframework/fhir_proxy ../../dsf-docker/fhir_proxy
+docker build --pull -t datasharingframework/fhir_proxy ../dsf-docker/fhir_proxy

From 8c305f1d3729e443a6f4a164f67f486d1fe73895 Mon Sep 17 00:00:00 2001
From: Filiz Kluba <Filiz.Kluba@unimedizin-mainz.de>
Date: Tue, 2 Jun 2026 09:18:50 +0200
Subject: [PATCH 7/8] revert file mode changes

---
 dsf-docker-dev-setup-3dic-ttp/docker-build.sh    | 0
 dsf-docker-dev-setup-3dic-ttp/docker-compose.yml | 2 +-
 dsf-docker-dev-setup/docker-build.sh             | 0
 3 files changed, 1 insertion(+), 1 deletion(-)
 mode change 100644 => 100755 dsf-docker-dev-setup-3dic-ttp/docker-build.sh
 mode change 100644 => 100755 dsf-docker-dev-setup/docker-build.sh

diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-build.sh b/dsf-docker-dev-setup-3dic-ttp/docker-build.sh
old mode 100644
new mode 100755
diff --git a/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml b/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
index 3cd1ac2b8..7cbd9d76b 100644
--- a/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
+++ b/dsf-docker-dev-setup-3dic-ttp/docker-compose.yml
@@ -94,7 +94,7 @@ services:
         read_only: true
 
   keycloak:
-    image: quay.io/keycloak/keycloak:26.3
+    image: quay.io/keycloak/keycloak:26.6
     restart: "no"
     ports:
       - 127.0.0.1:8443:8443
diff --git a/dsf-docker-dev-setup/docker-build.sh b/dsf-docker-dev-setup/docker-build.sh
old mode 100644
new mode 100755

From 3f489bdd366a2cab6bfbe412473adc4eafca6684 Mon Sep 17 00:00:00 2001
From: Filiz Kluba <Filiz.Kluba@unimedizin-mainz.de>
Date: Thu, 11 Jun 2026 14:20:39 +0200
Subject: [PATCH 8/8] add a more minimalistic dev-setup and move the previous
 setup in a separate subfolder

---
 dsf-podman-dev-setup/bpe/kube.yaml            | 300 +++++++++++++++++
 dsf-podman-dev-setup/bpe/log/README.md        |   1 +
 dsf-podman-dev-setup/bpe/process/README.md    |   1 +
 .../bpe/secrets/db_liquibase.password         |   1 +
 .../bpe/secrets/db_user.password              |   1 +
 .../bpe/secrets/db_user_engine.password       |   1 +
 dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml |  74 -----
 dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml  |  63 ----
 dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml    |  54 ----
 dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml     |  62 ----
 dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml  |  40 ---
 dsf-podman-dev-setup/fhir/conf/bundle.xml     | 159 +++++++++
 dsf-podman-dev-setup/fhir/docker-compose.yml  | 168 ++++++++++
 dsf-podman-dev-setup/fhir/kube.yaml           | 302 ++++++++++++++++++
 dsf-podman-dev-setup/fhir/log/README.md       |   1 +
 .../fhir/secrets/db_liquibase.password        |   1 +
 .../fhir/secrets/db_user.password             |   1 +
 .../secrets/db_user_permanent_delete.password |   1 +
 dsf-podman-dev-setup/podman-build.bat         |  29 ++
 dsf-podman-dev-setup/podman-build.sh          |  29 ++
 dsf-podman-dev-setup/{ => prod}/README.md     |  24 +-
 .../{ => prod}/dsf-bpe-passwords.yaml.tpl     |   0
 .../{ => prod}/dsf-bpe.target                 |   0
 .../{ => prod}/dsf-bpe/dsf-backend.network    |   0
 .../{ => prod}/dsf-bpe/dsf-bpe-app.kube       |   0
 .../prod/dsf-bpe/dsf-bpe-app.yaml             | 109 +++++++
 .../{ => prod}/dsf-bpe/dsf-bpe-db.kube        |   0
 .../prod/dsf-bpe/dsf-bpe-db.yaml              |  72 +++++
 .../{ => prod}/dsf-bpe/dsf-client-cert.yaml   |   0
 .../{ => prod}/dsf-fhir-passwords.yaml.tpl    |   0
 .../{ => prod}/dsf-fhir.target                |   0
 .../{ => prod}/dsf-fhir/dsf-app.kube          |   0
 .../prod/dsf-fhir/dsf-app.yaml                |  83 +++++
 .../{ => prod}/dsf-fhir/dsf-backend.network   |   0
 .../{ => prod}/dsf-fhir/dsf-client-cert.yaml  |   0
 .../{ => prod}/dsf-fhir/dsf-db.kube           |   0
 .../prod/dsf-fhir/dsf-db.yaml                 |  71 ++++
 .../{ => prod}/dsf-fhir/dsf-frontend.network  |   0
 .../{ => prod}/dsf-fhir/dsf-proxy.kube        |   0
 .../prod/dsf-fhir/dsf-proxy.yaml              |  49 +++
 .../{ => prod}/dsf-fhir/dsf-ssl-cert.yaml     |   1 +
 41 files changed, 1386 insertions(+), 312 deletions(-)
 create mode 100644 dsf-podman-dev-setup/bpe/kube.yaml
 create mode 100644 dsf-podman-dev-setup/bpe/log/README.md
 create mode 100644 dsf-podman-dev-setup/bpe/process/README.md
 create mode 100644 dsf-podman-dev-setup/bpe/secrets/db_liquibase.password
 create mode 100644 dsf-podman-dev-setup/bpe/secrets/db_user.password
 create mode 100644 dsf-podman-dev-setup/bpe/secrets/db_user_engine.password
 delete mode 100644 dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
 delete mode 100644 dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
 delete mode 100644 dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
 delete mode 100644 dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
 delete mode 100644 dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml
 create mode 100644 dsf-podman-dev-setup/fhir/conf/bundle.xml
 create mode 100644 dsf-podman-dev-setup/fhir/docker-compose.yml
 create mode 100644 dsf-podman-dev-setup/fhir/kube.yaml
 create mode 100644 dsf-podman-dev-setup/fhir/log/README.md
 create mode 100644 dsf-podman-dev-setup/fhir/secrets/db_liquibase.password
 create mode 100644 dsf-podman-dev-setup/fhir/secrets/db_user.password
 create mode 100644 dsf-podman-dev-setup/fhir/secrets/db_user_permanent_delete.password
 create mode 100644 dsf-podman-dev-setup/podman-build.bat
 create mode 100644 dsf-podman-dev-setup/podman-build.sh
 rename dsf-podman-dev-setup/{ => prod}/README.md (90%)
 rename dsf-podman-dev-setup/{ => prod}/dsf-bpe-passwords.yaml.tpl (100%)
 rename dsf-podman-dev-setup/{ => prod}/dsf-bpe.target (100%)
 rename dsf-podman-dev-setup/{ => prod}/dsf-bpe/dsf-backend.network (100%)
 rename dsf-podman-dev-setup/{ => prod}/dsf-bpe/dsf-bpe-app.kube (100%)
 create mode 100644 dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-app.yaml
 rename dsf-podman-dev-setup/{ => prod}/dsf-bpe/dsf-bpe-db.kube (100%)
 create mode 100644 dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-db.yaml
 rename dsf-podman-dev-setup/{ => prod}/dsf-bpe/dsf-client-cert.yaml (100%)
 rename dsf-podman-dev-setup/{ => prod}/dsf-fhir-passwords.yaml.tpl (100%)
 rename dsf-podman-dev-setup/{ => prod}/dsf-fhir.target (100%)
 rename dsf-podman-dev-setup/{ => prod}/dsf-fhir/dsf-app.kube (100%)
 create mode 100644 dsf-podman-dev-setup/prod/dsf-fhir/dsf-app.yaml
 rename dsf-podman-dev-setup/{ => prod}/dsf-fhir/dsf-backend.network (100%)
 rename dsf-podman-dev-setup/{ => prod}/dsf-fhir/dsf-client-cert.yaml (100%)
 rename dsf-podman-dev-setup/{ => prod}/dsf-fhir/dsf-db.kube (100%)
 create mode 100644 dsf-podman-dev-setup/prod/dsf-fhir/dsf-db.yaml
 rename dsf-podman-dev-setup/{ => prod}/dsf-fhir/dsf-frontend.network (100%)
 rename dsf-podman-dev-setup/{ => prod}/dsf-fhir/dsf-proxy.kube (100%)
 create mode 100644 dsf-podman-dev-setup/prod/dsf-fhir/dsf-proxy.yaml
 rename dsf-podman-dev-setup/{ => prod}/dsf-fhir/dsf-ssl-cert.yaml (99%)

diff --git a/dsf-podman-dev-setup/bpe/kube.yaml b/dsf-podman-dev-setup/bpe/kube.yaml
new file mode 100644
index 000000000..3cf412639
--- /dev/null
+++ b/dsf-podman-dev-setup/bpe/kube.yaml
@@ -0,0 +1,300 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dsf-fhir-db-passwords
+type: Opaque
+stringData:
+  db_liquibase.password: "PW99vXYyTbBTGzemQbCnVb4Bce7xuzcU77W5BUCVjYTjbwleVfpTXkQWtGFHYrT8"
+  db_user_engine.password: "dcPa7a9wTCaTxFk7BdjmCuQp8k29e2eL"
+  db_user.password: "8s4cGYqY41mrWqTmwhZ3beVQcz6wc3Yr"
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-bpe-proxy
+  labels:
+    app: dsf-bpe-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-bpe-proxy
+  template:
+    metadata:
+      labels:
+        app: dsf-bpe-proxy
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: proxy
+          image: datasharingframework/bpe_proxy
+          env:
+            - name: TZ
+              value: "Europe/Berlin"
+            - name: HTTPS_SERVER_NAME_PORT
+              value: "localhost:443"
+            - name: APP_SERVER_IP
+              value: "dsf-bpe-app"
+            - name: SSL_CERTIFICATE_FILE
+              value: "/run/secrets/bpe.crt"
+            - name: SSL_CERTIFICATE_KEY_FILE
+              value: "/run/secrets/bpe.key.plain"
+            - name: SSL_CERTIFICATE_CHAIN_FILE
+              value: "/run/secrets/issuing_ca.crt"
+            - name: SSL_CA_CERTIFICATE_FILE
+              value: "/run/secrets/ca_chain.crt"
+            - name: SSL_CA_DN_REQUEST_FILE
+              value: "/run/secrets/issuing_ca.crt"
+            - name: SSL_EXPECTED_CLIENT_I_DN_CN_VALUES
+              value: "'DSF Dev Issuing CA'"
+          ports:
+            - containerPort: 80
+              hostPort: 8080
+              hostIP: 127.0.0.1
+            - containerPort: 443
+              hostPort: 8443
+              hostIP: 127.0.0.1
+          volumeMounts:
+            - name: bpe-crt
+              mountPath: /run/secrets/bpe.crt
+              subPath: bpe.crt
+              readOnly: true
+            - name: bpe-key-plain
+              mountPath: /run/secrets/bpe.key.plain
+              subPath: bpe.key.plain
+              readOnly: true
+            - name: issuing-ca-crt
+              mountPath: /run/secrets/issuing_ca.crt
+              subPath: issuing_ca.crt
+              readOnly: true
+            - name: ca-chain-crt
+              mountPath: /run/secrets/ca_chain.crt
+              subPath: ca_chain.crt
+              readOnly: true
+      volumes:
+        - name: bpe-crt
+          hostPath:
+            path: ./secrets/bpe.crt
+            type: File
+        - name: bpe-key-plain
+          hostPath:
+            path: ./secrets/bpe.key.plain
+            type: File
+        - name: issuing-ca-crt
+          hostPath:
+            path: ./secrets/issuing_ca.crt
+            type: File
+        - name: ca-chain-crt
+          hostPath:
+            path: ./secrets/ca_chain.crt
+            type: File
+---
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsf-bpe-app-config
+data:
+  application.yml: |
+    dev:
+      dsf:
+        log:
+          data:
+            file:
+              enabled: true
+        bpe:
+          db:
+            url: jdbc:postgresql://dsf-bpe-db/bpe
+            liquibase:
+              password:
+                file: /run/secrets/db_liquibase.password
+            user:
+              password:
+                file: /run/secrets/db_user.password
+              engine:
+                password:
+                  file: /run/secrets/db_user_engine.password
+          fhir:
+            client:
+              trust:
+                server:
+                  certificate:
+                    cas: /run/secrets/root_ca.crt
+            server:
+              base:
+                url: https://dsf-bpe-proxy:8443/bpe
+          server:
+            ui:
+              theme: dev
+            base:
+              url: https://dsf-bpe-proxy:8443/bpe
+            roleconfig: |
+              - webbrowser_test_user:
+                  thumbprint: ${WEBBROWSER_TEST_USER_THUMBPRINT}
+                  dsf-role:
+                    - ADMIN
+        server:
+          auth:
+            trust:
+              client:
+                certificate:
+                  cas: /run/secrets/ca_chain.crt
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-bpe-app
+  labels:
+    app: dsf-bpe-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-bpe-app
+  template:
+    metadata:
+      labels:
+        app: dsf-bpe-app
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: app
+          image: datasharingframework/bpe
+          ports:
+            - containerPort: 5002
+              hostPort: 5002
+              hostIP: 127.0.0.1
+          env:
+            - name: TZ
+              value: "Europe/Berlin"
+            - name: EXTRA_JVM_ARGS
+              value: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5002"
+            - name: SPRING_CONFIG_ADDITIONAL_LOCATION
+              value: "file:/config/application.yml"
+            # conflict with dev.dsf.bpe.fhir.client.certificate.private.*
+            # (Scalar vs. nested key under the same parent) and therefore remain as ENV
+            - name: DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE
+              value: "/run/secrets/bpe.crt"
+            - name: DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY
+              value: "/run/secrets/bpe.key"
+            - name: DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD
+              value: "password"
+          volumeMounts:
+            - name: spring-application-config
+              mountPath: /config
+              readOnly: true
+            - name: bpe-process
+              mountPath: /opt/bpe/process
+              readOnly: true
+            - name: bpe-log
+              mountPath: /opt/bpe/log
+            - name: db-passwords
+              mountPath: /run/secrets/db_liquibase.password
+              subPath: db_liquibase.password
+              readOnly: true
+            - name: db-passwords
+              mountPath: /run/secrets/db_user.password
+              subPath: db_user.password
+              readOnly: true
+            - name: db-passwords
+              mountPath: /run/secrets/db_user_engine.password
+              subPath: db_user_engine.password
+              readOnly: true
+            - name: root-ca-crt
+              mountPath: /run/secrets/root_ca.crt
+              subPath: root_ca.crt
+              readOnly: true
+            - name: bpe-crt
+              mountPath: /run/secrets/bpe.crt
+              subPath: bpe.crt
+              readOnly: true
+            - name: bpe-key
+              mountPath: /run/secrets/bpe.key
+              subPath: bpe.key
+              readOnly: true
+            - name: ca-chain-crt
+              mountPath: /run/secrets/ca_chain.crt
+              subPath: ca_chain.crt
+              readOnly: true
+      volumes:
+        - name: spring-application-config
+          configMap:
+            name: dsf-bpe-app-config
+        - name: bpe-process
+          hostPath:
+            path: ./process
+            type: Directory
+        - name: bpe-log
+          hostPath:
+            path: ./log
+            type: Directory
+        - name: db-passwords
+          secret:
+            secretName: dsf-fhir-db-passwords
+        - name: root-ca-crt
+          hostPath:
+            path: ./secrets/root_ca.crt
+            type: File
+        - name: bpe-crt
+          hostPath:
+            path: ./secrets/bpe.crt
+            type: File
+        - name: bpe-key
+          hostPath:
+            path: ./secrets/bpe.key
+            type: File
+        - name: ca-chain-crt
+          hostPath:
+            path: ./secrets/ca_chain.crt
+            type: File
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-bpe-db
+  labels:
+    app: dsf-bpe-db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-bpe-db
+  template:
+    metadata:
+      labels:
+        app: dsf-bpe-db
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: db
+          image: docker.io/library/postgres:18
+          env:
+            - name: TZ
+              value: "Europe/Berlin"
+            - name: POSTGRES_PASSWORD_FILE
+              value: "/run/secrets/db_liquibase.password"
+            - name: POSTGRES_USER
+              value: "liquibase_user"
+            - name: POSTGRES_DB
+              value: "bpe"
+          livenessProbe:
+            exec:
+              command:
+                - pg_isready
+                - -U
+                - liquibase_user
+                - -d
+                - bpe
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 5
+          volumeMounts:
+            - name: db-passwords
+              mountPath: /run/secrets/db_liquibase.password
+              subPath: db_liquibase.password
+              readOnly: true
+      volumes:
+        - name: db-passwords
+          secret:
+            secretName: dsf-fhir-db-passwords
diff --git a/dsf-podman-dev-setup/bpe/log/README.md b/dsf-podman-dev-setup/bpe/log/README.md
new file mode 100644
index 000000000..2fd366f72
--- /dev/null
+++ b/dsf-podman-dev-setup/bpe/log/README.md
@@ -0,0 +1 @@
+Empty folder for log files
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/bpe/process/README.md b/dsf-podman-dev-setup/bpe/process/README.md
new file mode 100644
index 000000000..47c7890cc
--- /dev/null
+++ b/dsf-podman-dev-setup/bpe/process/README.md
@@ -0,0 +1 @@
+Empty folder for process jars
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/bpe/secrets/db_liquibase.password b/dsf-podman-dev-setup/bpe/secrets/db_liquibase.password
new file mode 100644
index 000000000..f4256802f
--- /dev/null
+++ b/dsf-podman-dev-setup/bpe/secrets/db_liquibase.password
@@ -0,0 +1 @@
+PW99vXYyTbBTGzemQbCnVb4Bce7xuzcU77W5BUCVjYTjbwleVfpTXkQWtGFHYrT8
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/bpe/secrets/db_user.password b/dsf-podman-dev-setup/bpe/secrets/db_user.password
new file mode 100644
index 000000000..5bb40f708
--- /dev/null
+++ b/dsf-podman-dev-setup/bpe/secrets/db_user.password
@@ -0,0 +1 @@
+8s4cGYqY41mrWqTmwhZ3beVQcz6wc3Yr
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/bpe/secrets/db_user_engine.password b/dsf-podman-dev-setup/bpe/secrets/db_user_engine.password
new file mode 100644
index 000000000..0e271e87f
--- /dev/null
+++ b/dsf-podman-dev-setup/bpe/secrets/db_user_engine.password
@@ -0,0 +1 @@
+dcPa7a9wTCaTxFk7BdjmCuQp8k29e2eL
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml b/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
deleted file mode 100644
index 062eed9b9..000000000
--- a/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: dsf-bpe-cache
-  annotations:
-    volume.podman.io/uid: "0"
-    volume.podman.io/gid: "2202"
-    volume.podman.io/mount-options: "uid=0,gid=2202,mode=0770"
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: dsf-bpe-config
-data:
-  TZ: "Europe/Berlin"
-  DEV_DSF_BPE_DB_URL: "jdbc:postgresql://dsf-bpe-db/bpe"
-  DEV_DSF_BPE_DB_LIQUIBASE_PASSWORD_FILE: "/run/secrets/db/db_liquibase.password"
-  DEV_DSF_BPE_DB_USER_PASSWORD_FILE: "/run/secrets/db/db_user.password"
-  DEV_DSF_BPE_DB_USER_ENGINE_PASSWORD_FILE: "/run/secrets/db/db_user_camunda.password"
-  DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE: "/run/secrets/cert/client_certificate.pem"
-  DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: "/run/secrets/cert/client_certificate_private_key.pem"
-  DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE: "/run/secrets/cert/client_certificate_private_key.pem.password"
-  # TODO specify the base url of this DSF FHIR server
-  DEV_DSF_BPE_FHIR_SERVER_BASE_URL: "https://dsf.todo.organization.com/fhir"
-  # DEV_DSF_BPE_PROCESS_EXCLUDED: |
-  #   dsfdev_updateAllowList|1.0
----
-apiVersion: v1
-kind: Pod
-metadata:
-  name: dsf-bpe-app
-  labels:
-    app: dsf-bpe-app
-spec:
-  restartPolicy: OnFailure
-  containers:
-    - name: dsf-bpe-app
-      image: ghcr.io/datasharingframework/bpe:2.1.0
-      envFrom:
-        - configMapRef:
-            name: dsf-bpe-config
-      volumeMounts:
-        - name: db-passwords
-          mountPath: /run/secrets/db
-          readOnly: true
-        - name: client-cert
-          mountPath: /run/secrets/cert
-          readOnly: true
-        - name: bpe-process
-          mountPath: /opt/bpe/process
-          readOnly: true
-        - name: bpe-cache
-          mountPath: /opt/bpe/cache
-  volumes:
-    - name: bpe-process
-      hostPath:
-        path: /home/podman/.config/dsf-bpe/process
-        type: Directory
-    - name: db-passwords
-      secret:
-        secretName: dsf-bpe-passwords
-    - name: client-cert
-      configMap:
-        name: dsf-client-cert
-    - name: bpe-cache
-      persistentVolumeClaim:
-        claimName: dsf-bpe-cache
diff --git a/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml b/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
deleted file mode 100644
index 8a0fe07eb..000000000
--- a/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: dsf-bpe-db-data
-  annotations:
-    volume.podman.io/driver: local
-    volume.podman.io/uid: "70"
-    volume.podman.io/gid: "70"
-    volume.podman.io/mount-options: "uid=70,gid=70,mode=0770"
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
----
-apiVersion: v1
-kind: Pod
-metadata:
-  name: dsf-bpe-db
-  labels:
-    app: dsf-bpe-db
-spec:
-  restartPolicy: OnFailure
-  containers:
-    - name: dsf-bpe-db
-      image: docker.io/library/postgres:18.4-alpine3.23
-      env:
-        - name: TZ
-          value: Europe/Berlin
-        - name: POSTGRES_USER
-          value: liquibase_user
-        - name: POSTGRES_DB
-          value: bpe
-        - name: POSTGRES_PASSWORD_FILE
-          value: /run/secrets/db_liquibase.password
-      livenessProbe:
-        exec:
-          command:
-            - pg_isready
-            - -U
-            - liquibase_user
-            - -d
-            - bpe
-        initialDelaySeconds: 10
-        periodSeconds: 10
-        timeoutSeconds: 5
-        failureThreshold: 5
-      volumeMounts:
-        - name: db-data
-          mountPath: /var/lib/postgresql
-        - name: db-passwords
-          mountPath: /run/secrets/db_liquibase.password
-          subPath: db_liquibase.password
-          readOnly: true
-  volumes:
-    - name: db-data
-      persistentVolumeClaim:
-        claimName: dsf-bpe-db-data
-    - name: db-passwords
-      secret:
-        secretName: dsf-bpe-passwords
diff --git a/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml b/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
deleted file mode 100644
index 3cdb46e8c..000000000
--- a/dsf-podman-dev-setup/dsf-fhir/dsf-app.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: dsf-fhir-config
-data:
-  TZ: "Europe/Berlin"
-  DEV_DSF_FHIR_DB_URL: "jdbc:postgresql://dsf-db/fhir"
-  DEV_DSF_FHIR_DB_LIQUIBASE_PASSWORD_FILE: "/run/secrets/db/db_liquibase.password"
-  DEV_DSF_FHIR_DB_USER_PASSWORD_FILE: "/run/secrets/db/db_user.password"
-  DEV_DSF_FHIR_DB_USER_PERMANENT_DELETE_PASSWORD_FILE: "/run/secrets/db/db_user_permanent_delete.password"
-  DEV_DSF_FHIR_CLIENT_CERTIFICATE: "/run/secrets/cert/client_certificate.pem"
-  DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: "/run/secrets/cert/client_certificate_private_key.pem"
-  DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD_FILE: "/run/secrets/cert/client_certificate_private_key.pem.password"
-  DEV_DSF_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE: "todo.organization.com"
-  # TODO specify the base url of this DSF FHIR server
-  DEV_DSF_FHIR_SERVER_BASE_URL: "https://dsf.todo.organization.com/fhir"
-  # TODO specify the SHA-512 thumbprint of the Client-Certificate as lower case HEX (Regex: ^[a-f0-9]{128}$)
-  # certtool --fingerprint --hash=sha512 --infile=client_certificate.pem
-  # or simply get it from allowlist management tool
-  DEV_DSF_FHIR_SERVER_ORGANIZATION_THUMBPRINT: ""
-  # TODO specify role configuration to allow access to the UI via web-browser or REST API for specific users, see documentation at dsf.dev
-  DEV_DSF_FHIR_SERVER_ROLECONFIG: |
-    ""
----
-apiVersion: v1
-kind: Pod
-metadata:
-  name: dsf-app
-  labels:
-    app: dsf-app-pod
-spec:
-  restartPolicy: OnFailure
-  containers:
-    - name: dsf-app
-      image: ghcr.io/datasharingframework/fhir:2.1.0
-      envFrom:
-        - configMapRef:
-            name: dsf-fhir-config
-      volumeMounts:
-        - name: db-passwords
-          mountPath: /run/secrets/db
-          readOnly: true
-        - name: client-cert
-          mountPath: /run/secrets/cert
-          readOnly: true
-
-  volumes:
-    - name: db-passwords
-      secret:
-        secretName: dsf-fhir-passwords
-    - name: client-cert
-      configMap:
-        name: dsf-client-cert
diff --git a/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml b/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
deleted file mode 100644
index 35030b000..000000000
--- a/dsf-podman-dev-setup/dsf-fhir/dsf-db.yaml
+++ /dev/null
@@ -1,62 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: dsf-db-data
-  annotations:
-    volume.podman.io/driver: local
-    volume.podman.io/gid: "70"
-    volume.podman.io/uid: "70"
-    volume.podman.io/mount-options: "uid=70,gid=70,mode=0770"
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
----
-apiVersion: v1
-kind: Pod
-metadata:
-  labels:
-    app: dsf-db
-  name: dsf-db
-spec:
-  containers:
-  - image: docker.io/library/postgres:18.4-alpine3.23
-    name: dsf-db
-    livenessProbe:
-      exec:
-        command:
-          - pg_isready
-          - -U
-          - liquibase_user
-          - -d
-          - fhir
-      initialDelaySeconds: 10
-      periodSeconds: 10
-      timeoutSeconds: 5
-      failureThreshold: 5
-    env:
-    - name: POSTGRES_DB
-      value: fhir
-    - name: POSTGRES_PASSWORD_FILE
-      value: /run/secrets/db_liquibase.password
-    - name: POSTGRES_USER
-      value: liquibase_user
-    - name: TZ
-      value: Europe/Berlin
-    volumeMounts:
-    - mountPath: /var/lib/postgresql
-      name: postgres-data-pvc
-    - name: db-passwords
-      mountPath: /run/secrets/db_liquibase.password
-      subPath: db_liquibase.password
-      readOnly: true
-  volumes:
-  - name: postgres-data-pvc
-    persistentVolumeClaim:
-      claimName: dsf-db-data
-  - name: db-passwords
-    secret:
-      secretName: dsf-fhir-passwords
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml b/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml
deleted file mode 100644
index 1e7bad633..000000000
--- a/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-apiVersion: v1
-kind: Pod
-metadata:
-  name: dsf-proxy
-  labels:
-    app: dsf-proxy
-spec:
-  restartPolicy: OnFailure
-  securityContext:
-    sysctls:
-      - name: net.ipv4.ip_unprivileged_port_start
-        value: "80"
-  containers:
-    - name: dsf-proxy
-      image: ghcr.io/datasharingframework/fhir_proxy:2.1.0
-      env:
-        - name: TZ
-          value: Europe/Berlin
-        - name: APP_SERVER_IP
-          value: dsf-app
-        - name: HTTPS_SERVER_NAME_PORT
-          value: "dsf.todo.organization.com:443"
-        - name: SSL_CERTIFICATE_FILE
-          value: /run/secrets/ssl_certificate_file.pem
-        - name: SSL_CERTIFICATE_KEY_FILE
-          value: /run/secrets/ssl_certificate_key_file.pem
-        - name: SSL_CERTIFICATE_CHAIN_FILE
-          value: /run/secrets/ssl_certificate_chain_file.pem
-      ports:
-        - containerPort: 443
-          hostPort: 443
-      volumeMounts:
-        - name: ssl-cert
-          mountPath: /run/secrets
-          readOnly: true
-  volumes:
-    - name: ssl-cert
-      configMap:
-        name: dsf-ssl-cert
diff --git a/dsf-podman-dev-setup/fhir/conf/bundle.xml b/dsf-podman-dev-setup/fhir/conf/bundle.xml
new file mode 100644
index 000000000..1d767d624
--- /dev/null
+++ b/dsf-podman-dev-setup/fhir/conf/bundle.xml
@@ -0,0 +1,159 @@
+<!--
+
+    Copyright 2018-2025 Heilbronn University of Applied Sciences
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<Bundle xmlns="http://hl7.org/fhir">
+   <type value="transaction"/>
+   <entry>
+      <fullUrl value="urn:uuid:bb73165c-c7b9-4342-8e28-531f07fa7735"/>
+      <resource>
+         <Organization xmlns="http://hl7.org/fhir">
+            <meta>
+               <profile value="http://dsf.dev/fhir/StructureDefinition/organization"/>
+               <tag>
+                  <system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
+                  <code value="ALL"/>
+               </tag>
+            </meta>
+            <extension url="http://dsf.dev/fhir/StructureDefinition/extension-certificate-thumbprint">
+               <valueString value="${dev.dsf.fhir.server.organization.thumbprint}"/>
+            </extension>
+            <identifier>
+               <system value="http://dsf.dev/sid/organization-identifier"/>
+               <value value="${dev.dsf.fhir.server.organization.identifier.value}"/>
+            </identifier>
+            <active value="true"/>
+            <endpoint>
+               <reference value="urn:uuid:b879e904-d666-45de-a995-accdd4429b79"/>
+               <type value="Endpoint"/>
+            </endpoint>
+         </Organization>
+      </resource>
+      <request>
+         <method value="PUT"/>
+         <!-- Conditional update as the certificate thumbprint can change -->
+         <url value="Organization?identifier=http://dsf.dev/sid/organization-identifier|${dev.dsf.fhir.server.organization.identifier.value}"/>
+      </request>
+   </entry>
+   <entry>
+      <fullUrl value="urn:uuid:b879e904-d666-45de-a995-accdd4429b79"/>
+      <resource>
+         <Endpoint xmlns="http://hl7.org/fhir">
+            <meta>
+               <profile value="http://dsf.dev/fhir/StructureDefinition/endpoint"/>
+               <tag>
+                  <system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
+                  <code value="ALL"/>
+               </tag>
+            </meta>
+            <identifier>
+               <system value="http://dsf.dev/sid/endpoint-identifier"/>
+               <value value="${dev.dsf.fhir.server.endpoint.identifier.value}"/>
+            </identifier>
+            <status value="active"/>
+            <connectionType>
+               <system value="http://terminology.hl7.org/CodeSystem/endpoint-connection-type"/>
+               <code value="hl7-fhir-rest"/>
+            </connectionType>
+            <name value="Test Endpoint"/>
+            <managingOrganization>
+               <reference value="urn:uuid:bb73165c-c7b9-4342-8e28-531f07fa7735"/>
+               <type value="Organization"/>
+            </managingOrganization>
+            <payloadType>
+               <coding>
+                  <system value="http://hl7.org/fhir/resource-types"/>
+                  <code value="Task"/>
+               </coding>
+            </payloadType>
+            <payloadMimeType value="application/fhir+json"/>
+            <payloadMimeType value="application/fhir+xml"/>
+            <address value="${dev.dsf.fhir.server.endpoint.address}"/>
+         </Endpoint>
+      </resource>
+      <request>
+         <method value="POST"/>
+         <url value="Endpoint"/>
+         <ifNoneExist value="identifier=http://dsf.dev/sid/endpoint-identifier|${dev.dsf.fhir.server.endpoint.identifier.value}"/>
+      </request>
+   </entry>
+   <entry>
+      <fullUrl value="urn:uuid:c4a7b553-01b1-4b50-bcb3-1467f5ae6791"/>
+      <resource>
+         <Organization xmlns="http://hl7.org/fhir">
+            <meta>
+               <profile value="http://dsf.dev/fhir/StructureDefinition/organization-parent"/>
+               <tag>
+                  <system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
+                  <code value="ALL"/>
+               </tag>
+            </meta>
+            <identifier>
+               <system value="http://dsf.dev/sid/organization-identifier"/>
+               <value value="Parent_Organization"/>
+            </identifier>
+            <active value="true"/>
+         </Organization>
+      </resource>
+      <request>
+         <method value="POST"/>
+         <url value="Organization"/>
+         <ifNoneExist value="identifier=http://dsf.dev/sid/organization-identifier|Parent_Organization"/>
+      </request>
+   </entry>
+   <entry>
+      <fullUrl value="urn:uuid:78eee72c-a682-4648-bcc9-909d7c2f2c84"/>
+      <resource>
+         <OrganizationAffiliation xmlns="http://hl7.org/fhir">
+            <meta>
+               <profile value="http://dsf.dev/fhir/StructureDefinition/organization-affiliation"/>
+               <tag>
+                  <system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
+                  <code value="ALL"/>
+               </tag>
+            </meta>
+            <active value="true"/>
+            <organization>
+               <reference value="urn:uuid:c4a7b553-01b1-4b50-bcb3-1467f5ae6791"/>
+               <type value="Organization"/>
+            </organization>
+            <participatingOrganization>
+               <reference value="urn:uuid:bb73165c-c7b9-4342-8e28-531f07fa7735"/>
+               <type value="Organization"/>
+            </participatingOrganization>
+            <code>
+               <coding>
+                  <system value="http://dsf.dev/fhir/CodeSystem/organization-role"/>
+                  <code value="DIC"/>
+               </coding>
+               <coding>
+                  <system value="http://dsf.dev/fhir/CodeSystem/organization-role"/>
+                  <code value="COS"/>
+               </coding>
+            </code>
+            <endpoint>
+               <reference value="urn:uuid:b879e904-d666-45de-a995-accdd4429b79"/>
+               <type value="Endpoint"/>
+            </endpoint>
+         </OrganizationAffiliation>
+      </resource>
+      <request>
+         <method value="POST"/>
+         <url value="OrganizationAffiliation"/>
+         <ifNoneExist value="primary-organization:identifier=http://dsf.dev/sid/organization-identifier|Parent_Organization&amp;participating-organization:identifier=http://dsf.dev/sid/organization-identifier|${dev.dsf.fhir.server.organization.identifier.value}"/>
+      </request>
+   </entry>
+</Bundle>
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/fhir/docker-compose.yml b/dsf-podman-dev-setup/fhir/docker-compose.yml
new file mode 100644
index 000000000..973c27c27
--- /dev/null
+++ b/dsf-podman-dev-setup/fhir/docker-compose.yml
@@ -0,0 +1,168 @@
+#
+# Copyright 2018-2025 Heilbronn University of Applied Sciences
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+services:
+  proxy:
+    build: ../../dsf-docker/fhir_proxy
+    image: datasharingframework/fhir_proxy
+    restart: "no"
+    ports:
+      - 127.0.0.1:80:80
+      - 127.0.0.1:443:443
+    secrets:
+      - fhir.crt
+      - fhir.key.plain
+      - issuing_ca.crt
+      - ca_chain.crt
+    environment:
+      TZ: Europe/Berlin
+      HTTPS_SERVER_NAME_PORT: localhost:443
+      APP_SERVER_IP: 172.28.1.11
+      SSL_CERTIFICATE_FILE: /run/secrets/fhir.crt
+      SSL_CERTIFICATE_KEY_FILE: /run/secrets/fhir.key.plain
+      SSL_CERTIFICATE_CHAIN_FILE: /run/secrets/issuing_ca.crt
+      SSL_CA_CERTIFICATE_FILE: /run/secrets/ca_chain.crt
+      SSL_CA_DN_REQUEST_FILE: /run/secrets/issuing_ca.crt
+      SSL_EXPECTED_CLIENT_I_DN_CN_VALUES: "'DSF Dev Issuing CA'"
+    networks:
+      frontend:
+        ipv4_address: 172.28.1.10
+      bpe:
+        ipv4_address: 172.28.1.2
+        aliases:
+          - fhir
+    depends_on:
+      - app
+
+  app:
+    build: ../../dsf-fhir/dsf-fhir-server-jetty/docker
+    image: datasharingframework/fhir
+    restart: "no"
+    ports:
+      - 127.0.0.1:5001:5001
+    secrets:
+      - db_liquibase.password
+      - db_user.password
+      - db_user_permanent_delete.password
+      - root_ca.crt
+      - bpe.crt
+      - bpe.key
+      - ca_chain.crt
+    volumes:
+      - type: bind
+        source: ./conf/bundle.xml
+        target: /opt/fhir/conf/bundle.xml
+        read_only: true
+      - type: bind
+        source: ./log
+        target: /opt/fhir/log
+    environment:
+      TZ: Europe/Berlin
+      EXTRA_JVM_ARGS: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5001
+      DEV_DSF_FHIR_DB_URL: jdbc:postgresql://db/fhir
+      DEV_DSF_FHIR_DB_LIQUIBASE_PASSWORD_FILE: /run/secrets/db_liquibase.password
+      DEV_DSF_FHIR_DB_USER_PASSWORD_FILE: /run/secrets/db_user.password
+      DEV_DSF_FHIR_DB_USER_PERMANENT_DELETE_PASSWORD_FILE: /run/secrets/db_user_permanent_delete.password
+      DEV_DSF_FHIR_CLIENT_TRUST_SERVER_CERTIFICATE_CAS: /run/secrets/root_ca.crt
+      DEV_DSF_FHIR_CLIENT_CERTIFICATE: /run/secrets/bpe.crt
+      DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY: /run/secrets/bpe.key
+      DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD: 'password'
+      DEV_DSF_FHIR_SERVER_UI_THEME: dev
+      DEV_DSF_FHIR_SERVER_BASE_URL: https://fhir/fhir
+      DEV_DSF_FHIR_SERVER_ORGANIZATION_IDENTIFIER_VALUE: Test_Organization
+      DEV_DSF_FHIR_SERVER_ROLECONFIG: |
+        - webbrowser_test_user:
+            thumbprint: ${WEBBROWSER_TEST_USER_THUMBPRINT}
+            dsf-role:
+              - CREATE: [Task]
+              - READ
+              - UPDATE: [QuestionnaireResponse]
+              - SEARCH
+              - HISTORY
+            practitioner-role:
+              - http://dsf.dev/fhir/CodeSystem/practitioner-role|DSF_ADMIN
+      DEV_DSF_SERVER_AUTH_TRUST_CLIENT_CERTIFICATE_CAS: /run/secrets/ca_chain.crt
+    networks:
+      frontend:
+        ipv4_address: 172.28.1.11
+      backend:
+        ipv4_address: 172.28.1.18
+    depends_on:
+      - db
+
+  db:
+    image: postgres:18
+    restart: "no"
+#    ports:
+#      - 127.0.0.1:5432:5432
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U liquibase_user -d fhir"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    environment:
+      TZ: Europe/Berlin
+      POSTGRES_PASSWORD_FILE: /run/secrets/db_liquibase.password
+      POSTGRES_USER: liquibase_user
+      POSTGRES_DB: fhir
+    networks:
+      backend:
+        ipv4_address: 172.28.1.19
+    secrets:
+      - db_liquibase.password
+
+secrets:
+  fhir.crt:
+    file: ./secrets/fhir.crt
+  fhir.key.plain:
+    file: ./secrets/fhir.key.plain
+  bpe.crt:
+    file: ./secrets/bpe.crt
+  bpe.key:
+    file: ./secrets/bpe.key
+  issuing_ca.crt:
+    file: ./secrets/issuing_ca.crt
+  root_ca.crt:
+    file: ./secrets/root_ca.crt
+  ca_chain.crt:
+    file: ./secrets/ca_chain.crt
+
+  db_liquibase.password:
+    file: ./secrets/db_liquibase.password
+  db_user.password:
+    file: ./secrets/db_user.password
+  db_user_permanent_delete.password:
+    file: ./secrets/db_user_permanent_delete.password
+
+networks:
+  frontend:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.28.1.8/29
+  backend:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.28.1.16/29
+  bpe:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.28.1.0/29
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/fhir/kube.yaml b/dsf-podman-dev-setup/fhir/kube.yaml
new file mode 100644
index 000000000..93853b286
--- /dev/null
+++ b/dsf-podman-dev-setup/fhir/kube.yaml
@@ -0,0 +1,302 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dsf-fhir-db-passwords
+type: Opaque
+stringData:
+  db_liquibase.password: "v4smzLRUKvQPHStp5WHMRhhdcV4GWkuPGvcq8unKa8CEhTmUTDyMWd62tHdHgwhf"
+  db_user.password: "xTZkzduUjYw3Bk7XQ4hYi2cRbunDAdNT"
+  db_user_permanent_delete.password: "aPBRCNJZkfbf46Fh9YE4MDG5X3vDBMca"
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-fhir-proxy
+  labels:
+    app: dsf-fhir-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-fhir-proxy
+  template:
+    metadata:
+      labels:
+        app: dsf-fhir-proxy
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: proxy
+          image: datasharingframework/fhir_proxy
+          env:
+            - name: TZ
+              value: "Europe/Berlin"
+            - name: HTTPS_SERVER_NAME_PORT
+              value: "localhost:443"
+            - name: APP_SERVER_IP
+              value: "dsf-fhir-app"
+            - name: SSL_CERTIFICATE_FILE
+              value: "/run/secrets/fhir.crt"
+            - name: SSL_CERTIFICATE_KEY_FILE
+              value: "/run/secrets/fhir.key.plain"
+            - name: SSL_CERTIFICATE_CHAIN_FILE
+              value: "/run/secrets/issuing_ca.crt"
+            - name: SSL_CA_CERTIFICATE_FILE
+              value: "/run/secrets/ca_chain.crt"
+            - name: SSL_CA_DN_REQUEST_FILE
+              value: "/run/secrets/issuing_ca.crt"
+            - name: SSL_EXPECTED_CLIENT_I_DN_CN_VALUES
+              value: "'DSF Dev Issuing CA'"
+          ports:
+            - containerPort: 80
+              hostPort: 80
+              hostIP: 127.0.0.1
+            - containerPort: 443
+              hostPort: 443
+              hostIP: 127.0.0.1
+          volumeMounts:
+            - name: fhir-crt
+              mountPath: /run/secrets/fhir.crt
+              subPath: fhir.crt
+              readOnly: true
+            - name: fhir-key-plain
+              mountPath: /run/secrets/fhir.key.plain
+              subPath: fhir.key.plain
+              readOnly: true
+            - name: issuing-ca-crt
+              mountPath: /run/secrets/issuing_ca.crt
+              subPath: issuing_ca.crt
+              readOnly: true
+            - name: ca-chain-crt
+              mountPath: /run/secrets/ca_chain.crt
+              subPath: ca_chain.crt
+              readOnly: true
+      volumes:
+        - name: fhir-crt
+          hostPath:
+            path: ./secrets/fhir.crt
+            type: File
+        - name: fhir-key-plain
+          hostPath:
+            path: ./secrets/fhir.key.plain
+            type: File
+        - name: issuing-ca-crt
+          hostPath:
+            path: ./secrets/issuing_ca.crt
+            type: File
+        - name: ca-chain-crt
+          hostPath:
+            path: ./secrets/ca_chain.crt
+            type: File
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsf-fhir-app-config
+data:
+  application.yml: |
+    dev:
+      dsf:
+        fhir:
+          db:
+            url: jdbc:postgresql://dsf-fhir-db/fhir
+            liquibase:
+              password:
+                file: /run/secrets/db_liquibase.password
+            user:
+              password:
+                file: /run/secrets/db_user.password
+              permanent:
+                delete:
+                  password:
+                    file: /run/secrets/db_user_permanent_delete.password
+          client:
+            trust:
+              server:
+                certificate:
+                  cas: /run/secrets/root_ca.crt
+          server:
+            ui:
+              theme: dev
+            base:
+              url: https://dsf-fhir-proxy/fhir
+            organization:
+              identifier:
+                value: Test_Organization
+            roleconfig: |
+              - webbrowser_test_user:
+                  thumbprint: ${WEBBROWSER_TEST_USER_THUMBPRINT}
+                  dsf-role:
+                    - CREATE: [Task]
+                    - READ
+                    - UPDATE: [QuestionnaireResponse]
+                    - SEARCH
+                    - HISTORY
+                  practitioner-role:
+                    - http://dsf.dev/fhir/CodeSystem/practitioner-role|DSF_ADMIN
+        server:
+          auth:
+            trust:
+              client:
+                certificate:
+                  cas: /run/secrets/ca_chain.crt
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-fhir-app
+  labels:
+    app: dsf-fhir-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-fhir-app
+  template:
+    metadata:
+      labels:
+        app: dsf-fhir-app
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: app
+          image: datasharingframework/fhir
+          ports:
+            - containerPort: 5001
+              hostPort: 5001
+              hostIP: 127.0.0.1
+          env:
+            - name: TZ
+              value: "Europe/Berlin"
+            - name: EXTRA_JVM_ARGS
+              value: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5001"
+            - name: SPRING_CONFIG_ADDITIONAL_LOCATION
+              value: "file:/config/application.yml"
+            # Diese drei stehen in Konflikt mit dev.dsf.fhir.client.certificate.private.*
+            # (Scalar vs. verschachtelter Key unter demselben Parent) und bleiben daher als ENV:
+            - name: DEV_DSF_FHIR_CLIENT_CERTIFICATE
+              value: "/run/secrets/bpe.crt"
+            - name: DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY
+              value: "/run/secrets/bpe.key"
+            - name: DEV_DSF_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD
+              value: "password"
+          volumeMounts:
+            - name: spring-application-config
+              mountPath: /config
+              readOnly: true
+            - name: bundle-xml
+              mountPath: /opt/fhir/conf/bundle.xml
+              subPath: bundle.xml
+              readOnly: true
+            - name: fhir-log
+              mountPath: /opt/fhir/log
+            - name: db-passwords
+              mountPath: /run/secrets/db_liquibase.password
+              subPath: db_liquibase.password
+              readOnly: true
+            - name: db-passwords
+              mountPath: /run/secrets/db_user.password
+              subPath: db_user.password
+              readOnly: true
+            - name: db-passwords
+              mountPath: /run/secrets/db_user_permanent_delete.password
+              subPath: db_user_permanent_delete.password
+              readOnly: true
+            - name: root-ca-crt
+              mountPath: /run/secrets/root_ca.crt
+              subPath: root_ca.crt
+              readOnly: true
+            - name: bpe-crt
+              mountPath: /run/secrets/bpe.crt
+              subPath: bpe.crt
+              readOnly: true
+            - name: bpe-key
+              mountPath: /run/secrets/bpe.key
+              subPath: bpe.key
+              readOnly: true
+            - name: ca-chain-crt
+              mountPath: /run/secrets/ca_chain.crt
+              subPath: ca_chain.crt
+              readOnly: true
+      volumes:
+        - name: spring-application-config
+          configMap:
+            name: dsf-fhir-app-config
+        - name: bundle-xml
+          hostPath:
+            path: ./conf/bundle.xml
+            type: File
+        - name: fhir-log
+          hostPath:
+            path: ./log
+            type: Directory
+        - name: root-ca-crt
+          hostPath:
+            path: ./secrets/root_ca.crt
+            type: File
+        - name: bpe-crt
+          hostPath:
+            path: ./secrets/bpe.crt
+            type: File
+        - name: bpe-key
+          hostPath:
+            path: ./secrets/bpe.key
+            type: File
+        - name: ca-chain-crt
+          hostPath:
+            path: ./secrets/ca_chain.crt
+            type: File
+        - name: db-passwords
+          secret:
+            secretName: dsf-fhir-db-passwords
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-fhir-db
+  labels:
+    app: dsf-fhir-db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-fhir-db
+  template:
+    metadata:
+      labels:
+        app: dsf-fhir-db
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: db
+          image: docker.io/library/postgres:18
+          env:
+            - name: TZ
+              value: "Europe/Berlin"
+            - name: POSTGRES_PASSWORD_FILE
+              value: "/run/secrets/db_liquibase.password"
+            - name: POSTGRES_USER
+              value: "liquibase_user"
+            - name: POSTGRES_DB
+              value: "fhir"
+          livenessProbe:
+            exec:
+              command:
+                - pg_isready
+                - -U
+                - liquibase_user
+                - -d
+                - fhir
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 5
+          volumeMounts:
+            - name: db-passwords
+              mountPath: /run/secrets/db_liquibase.password
+              subPath: db_liquibase.password
+              readOnly: true
+      volumes:
+        - name: db-passwords
+          secret:
+            secretName: dsf-fhir-db-passwords
diff --git a/dsf-podman-dev-setup/fhir/log/README.md b/dsf-podman-dev-setup/fhir/log/README.md
new file mode 100644
index 000000000..2fd366f72
--- /dev/null
+++ b/dsf-podman-dev-setup/fhir/log/README.md
@@ -0,0 +1 @@
+Empty folder for log files
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/fhir/secrets/db_liquibase.password b/dsf-podman-dev-setup/fhir/secrets/db_liquibase.password
new file mode 100644
index 000000000..b8dfeff3f
--- /dev/null
+++ b/dsf-podman-dev-setup/fhir/secrets/db_liquibase.password
@@ -0,0 +1 @@
+v4smzLRUKvQPHStp5WHMRhhdcV4GWkuPGvcq8unKa8CEhTmUTDyMWd62tHdHgwhf
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/fhir/secrets/db_user.password b/dsf-podman-dev-setup/fhir/secrets/db_user.password
new file mode 100644
index 000000000..5ed8aaf48
--- /dev/null
+++ b/dsf-podman-dev-setup/fhir/secrets/db_user.password
@@ -0,0 +1 @@
+xTZkzduUjYw3Bk7XQ4hYi2cRbunDAdNT
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/fhir/secrets/db_user_permanent_delete.password b/dsf-podman-dev-setup/fhir/secrets/db_user_permanent_delete.password
new file mode 100644
index 000000000..034d7f42d
--- /dev/null
+++ b/dsf-podman-dev-setup/fhir/secrets/db_user_permanent_delete.password
@@ -0,0 +1 @@
+aPBRCNJZkfbf46Fh9YE4MDG5X3vDBMca
\ No newline at end of file
diff --git a/dsf-podman-dev-setup/podman-build.bat b/dsf-podman-dev-setup/podman-build.bat
new file mode 100644
index 000000000..2cce25ea3
--- /dev/null
+++ b/dsf-podman-dev-setup/podman-build.bat
@@ -0,0 +1,29 @@
+@REM
+@REM Copyright 2018-2025 Heilbronn University of Applied Sciences
+@REM
+@REM Licensed under the Apache License, Version 2.0 (the "License");
+@REM you may not use this file except in compliance with the License.
+@REM You may obtain a copy of the License at
+@REM
+@REM     http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing, software
+@REM distributed under the License is distributed on an "AS IS" BASIS,
+@REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@REM See the License for the specific language governing permissions and
+@REM limitations under the License.
+@REM
+
+@echo off
+
+echo datasharingframework/bpe ...
+podman build --pull -t datasharingframework/bpe ..\dsf-bpe\dsf-bpe-server-jetty\docker
+
+echo datasharingframework/fhir ...
+podman build --pull -t datasharingframework/fhir ..\dsf-fhir\dsf-fhir-server-jetty\docker
+
+echo datasharingframework/bpe_proxy ...
+podman build --pull -t datasharingframework/bpe_proxy ..\dsf-docker\bpe_proxy
+
+echo datasharingframework/fhir_proxy ...
+podman build --pull -t datasharingframework/fhir_proxy ..\dsf-docker\fhir_proxy
diff --git a/dsf-podman-dev-setup/podman-build.sh b/dsf-podman-dev-setup/podman-build.sh
new file mode 100644
index 000000000..bee97f3b1
--- /dev/null
+++ b/dsf-podman-dev-setup/podman-build.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+#
+# Copyright 2018-2025 Heilbronn University of Applied Sciences
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+echo datasharingframework/bpe ...
+podman build --pull -t datasharingframework/bpe ../dsf-bpe/dsf-bpe-server-jetty/docker
+
+echo datasharingframework/fhir ...
+podman build --pull -t datasharingframework/fhir ../dsf-fhir/dsf-fhir-server-jetty/docker
+
+echo datasharingframework/bpe_proxy ...
+podman build --pull -t datasharingframework/bpe_proxy ../dsf-docker/bpe_proxy
+
+echo datasharingframework/fhir_proxy ...
+podman build --pull -t datasharingframework/fhir_proxy ../dsf-docker/fhir_proxy
diff --git a/dsf-podman-dev-setup/README.md b/dsf-podman-dev-setup/prod/README.md
similarity index 90%
rename from dsf-podman-dev-setup/README.md
rename to dsf-podman-dev-setup/prod/README.md
index 41bca1b09..72bb7a70f 100644
--- a/dsf-podman-dev-setup/README.md
+++ b/dsf-podman-dev-setup/prod/README.md
@@ -1,5 +1,8 @@
 # DSF Kube
 
+> [!NOTE]
+> This is currently being refactored and not all changes are well tested together. This will be changed, when we have a development setup.
+
 A rootless Podman setup for the Data Sharing Framework (DSF), designed as an intermediate step towards Kubernetes. It uses native Quadlet integration into systemd and Kubernetes-compatible YAML manifests.
 
 ## Improvements over the original Docker Compose setup
@@ -252,25 +255,7 @@ systemctl --user restart dsf-bpe-app.service
 
 ---
 
-## Roadmap
-
-1. **Multiline config as mounted YAML** — Load Spring Boot configuration as a mounted `config.yaml` instead of environment variables for better readability of multiline values such as role configurations:
-   ```yaml
-   - name: spring-application-config
-     mountPath: /config
-   ```
-
-2. **Unified naming** — Avoid duplicate names between BPE and FHIR to support single-instance dev setups.
-
-3. **Migrate to Deployments** — Replace `kind: Pod` with `kind: Deployment` (replicas: 1) for a smoother migration path to Kubernetes.
-
-4. **One secret per password** — Currently all DB passwords are bundled in a single Kubernetes Secret. Splitting them improves least-privilege access.
-
-5. **Unprivileged proxy port** — Find a solution that avoids the `net.ipv4.ip_unprivileged_port_start=80` sysctl requirement, e.g. by using a higher container port with host port mapping or a setcap-based approach.
-
----
-
-### Kubernetes Migration Notes
+## Kubernetes Migration Notes
 
 The Kubernetes YAML files under `dsf-fhir` and `dsf-bpe` can be used as a starting point for a Kubernetes deployment with minor additions:
 
@@ -279,6 +264,7 @@ The Kubernetes YAML files under `dsf-fhir` and `dsf-bpe` can be used as a starti
 - Replace `hostPort` with a proper `Service` of type `LoadBalancer` or `NodePort`
 - Consider a sidecar or init container approach for process plugins
 - Instead of deploying plugins as jar files via bind-mount, publish them as OCI images and mount them into the container.
+- use one secret per password -> least privilege
 
 ### Notes on certificate handling
 
diff --git a/dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl b/dsf-podman-dev-setup/prod/dsf-bpe-passwords.yaml.tpl
similarity index 100%
rename from dsf-podman-dev-setup/dsf-bpe-passwords.yaml.tpl
rename to dsf-podman-dev-setup/prod/dsf-bpe-passwords.yaml.tpl
diff --git a/dsf-podman-dev-setup/dsf-bpe.target b/dsf-podman-dev-setup/prod/dsf-bpe.target
similarity index 100%
rename from dsf-podman-dev-setup/dsf-bpe.target
rename to dsf-podman-dev-setup/prod/dsf-bpe.target
diff --git a/dsf-podman-dev-setup/dsf-bpe/dsf-backend.network b/dsf-podman-dev-setup/prod/dsf-bpe/dsf-backend.network
similarity index 100%
rename from dsf-podman-dev-setup/dsf-bpe/dsf-backend.network
rename to dsf-podman-dev-setup/prod/dsf-bpe/dsf-backend.network
diff --git a/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube b/dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-app.kube
similarity index 100%
rename from dsf-podman-dev-setup/dsf-bpe/dsf-bpe-app.kube
rename to dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-app.kube
diff --git a/dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-app.yaml b/dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-app.yaml
new file mode 100644
index 000000000..6e17b0d36
--- /dev/null
+++ b/dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-app.yaml
@@ -0,0 +1,109 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dsf-bpe-cache
+  annotations:
+    volume.podman.io/uid: "0"
+    volume.podman.io/gid: "2202"
+    volume.podman.io/mount-options: "uid=0,gid=2202,mode=0770"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsf-bpe-config
+data:
+  application.yml: |
+    dev:
+      dsf:
+        bpe:
+          db:
+            url: jdbc:postgresql://dsf-bpe-db/bpe
+            liquibase:
+              password:
+                file: /run/secrets/db/db_liquibase.password
+            user:
+              password:
+                file: /run/secrets/db/db_user.password
+              engine:
+                password:
+                  file: /run/secrets/db/db_user_camunda.password
+          fhir:
+            client:
+              certificate: /run/secrets/cert/client_certificate.pem
+              private:
+                key: /run/secrets/cert/client_certificate_private_key.pem
+                key:
+                  password:
+                    file: /run/secrets/cert/client_certificate_private_key.pem.password
+            server:
+              base:
+                # TODO specify the base url of this DSF FHIR server
+                url: https://dsf.todo.organization.com/fhir
+            roleConfig: |
+              ""
+        # process:
+        #   excluded: |
+        #     dsfdev_updateAllowList|1.0
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-bpe-app
+  labels:
+    app: dsf-bpe-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-bpe-app
+  template:
+    metadata:
+      labels:
+        app: dsf-bpe-app
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: dsf-bpe-app
+          image: ghcr.io/datasharingframework/bpe:2.1.0
+          env:
+            - name: TZ
+              value: "Europe/Berlin"
+          volumeMounts:
+            - name: spring-application-config
+              mountPath: /config
+              readOnly: true
+            - name: db-passwords
+              mountPath: /run/secrets/db
+              readOnly: true
+            - name: client-cert
+              mountPath: /run/secrets/cert
+              readOnly: true
+            - name: bpe-process
+              mountPath: /opt/bpe/process
+              readOnly: true
+            - name: bpe-cache
+              mountPath: /opt/bpe/cache
+      volumes:
+        - name: spring-application-config
+          configMap:
+            name: dsf-bpe-config
+        - name: bpe-process
+          hostPath:
+            path: /home/podman/.config/dsf-bpe/process
+            type: Directory
+        - name: db-passwords
+          secret:
+            secretName: dsf-bpe-passwords
+        - name: client-cert
+          configMap:
+            name: dsf-client-cert
+        - name: bpe-cache
+          persistentVolumeClaim:
+            claimName: dsf-bpe-cache
diff --git a/dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube b/dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-db.kube
similarity index 100%
rename from dsf-podman-dev-setup/dsf-bpe/dsf-bpe-db.kube
rename to dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-db.kube
diff --git a/dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-db.yaml b/dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-db.yaml
new file mode 100644
index 000000000..ea7fc48dd
--- /dev/null
+++ b/dsf-podman-dev-setup/prod/dsf-bpe/dsf-bpe-db.yaml
@@ -0,0 +1,72 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dsf-bpe-db-data
+  annotations:
+    volume.podman.io/driver: local
+    volume.podman.io/uid: "70"
+    volume.podman.io/gid: "70"
+    volume.podman.io/mount-options: "uid=70,gid=70,mode=0770"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-bpe-db
+  labels:
+    app: dsf-bpe-db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-bpe-db
+  template:
+    metadata:
+      labels:
+        app: dsf-bpe-db
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: dsf-bpe-db
+          image: docker.io/library/postgres:18.4-alpine3.23
+          env:
+            - name: TZ
+              value: Europe/Berlin
+            - name: POSTGRES_USER
+              value: liquibase_user
+            - name: POSTGRES_DB
+              value: bpe
+            - name: POSTGRES_PASSWORD_FILE
+              value: /run/secrets/db_liquibase.password
+          livenessProbe:
+            exec:
+              command:
+                - pg_isready
+                - -U
+                - liquibase_user
+                - -d
+                - bpe
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 5
+          volumeMounts:
+            - name: db-data
+              mountPath: /var/lib/postgresql
+            - name: db-passwords
+              mountPath: /run/secrets/db_liquibase.password
+              subPath: db_liquibase.password
+              readOnly: true
+      volumes:
+        - name: db-data
+          persistentVolumeClaim:
+            claimName: dsf-bpe-db-data
+        - name: db-passwords
+          secret:
+            secretName: dsf-bpe-passwords
diff --git a/dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml b/dsf-podman-dev-setup/prod/dsf-bpe/dsf-client-cert.yaml
similarity index 100%
rename from dsf-podman-dev-setup/dsf-bpe/dsf-client-cert.yaml
rename to dsf-podman-dev-setup/prod/dsf-bpe/dsf-client-cert.yaml
diff --git a/dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl b/dsf-podman-dev-setup/prod/dsf-fhir-passwords.yaml.tpl
similarity index 100%
rename from dsf-podman-dev-setup/dsf-fhir-passwords.yaml.tpl
rename to dsf-podman-dev-setup/prod/dsf-fhir-passwords.yaml.tpl
diff --git a/dsf-podman-dev-setup/dsf-fhir.target b/dsf-podman-dev-setup/prod/dsf-fhir.target
similarity index 100%
rename from dsf-podman-dev-setup/dsf-fhir.target
rename to dsf-podman-dev-setup/prod/dsf-fhir.target
diff --git a/dsf-podman-dev-setup/dsf-fhir/dsf-app.kube b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-app.kube
similarity index 100%
rename from dsf-podman-dev-setup/dsf-fhir/dsf-app.kube
rename to dsf-podman-dev-setup/prod/dsf-fhir/dsf-app.kube
diff --git a/dsf-podman-dev-setup/prod/dsf-fhir/dsf-app.yaml b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-app.yaml
new file mode 100644
index 000000000..202d68100
--- /dev/null
+++ b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-app.yaml
@@ -0,0 +1,83 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsf-fhir-config
+data:
+  application.yml: |
+    dev:
+      dsf:
+        fhir:
+          db:
+            url: jdbc:postgresql://dsf-db/fhir
+            liquibase:
+              password:
+                file: /run/secrets/db/db_liquibase.password
+            user:
+              password:
+                file: /run/secrets/db/db_user.password
+              permanent:
+                delete:
+                  password:
+                    file: /run/secrets/db/db_user_permanent_delete.password
+          client:
+            certificate: /run/secrets/cert/client_certificate.pem
+              private:
+                key: /run/secrets/cert/client_certificate_private_key.pem
+                password:
+                  file: /run/secrets/cert/client_certificate_private_key.pem.password
+          server:
+            organization:
+              identifier:
+                value: "todo.organization.com"
+                # TODO specify the SHA-512 thumbprint of the Client-Certificate as lower case HEX (Regex: ^[a-f0-9]{128}$)
+                # certtool --fingerprint --hash=sha512 --infile=client_certificate.pem
+                # or simply get it from allowlist management tool
+              thumbprint: ""
+            base:
+              # TODO specify the base url of this DSF FHIR server
+              url: https://dsf.todo.organization.com/fhir
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-app
+  labels:
+    app: dsf-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-app
+  template:
+    metadata:
+      labels:
+        app: dsf-app
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: dsf-app
+          image: ghcr.io/datasharingframework/fhir:2.1.0
+          env:
+            - name: TZ
+              value: Europe/Berlin
+          volumeMounts:
+            - name: db-passwords
+              mountPath: /run/secrets/db
+              readOnly: true
+            - name: client-cert
+              mountPath: /run/secrets/cert
+              readOnly: true
+            - name: spring-application-config
+              mountPath: /config
+              readOnly: true
+      volumes:
+        - name: db-passwords
+          secret:
+            secretName: dsf-fhir-passwords
+        - name: client-cert
+          configMap:
+            name: dsf-client-cert
+        - name: spring-application-config
+          configMap:
+            name: dsf-fhir-config
diff --git a/dsf-podman-dev-setup/dsf-fhir/dsf-backend.network b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-backend.network
similarity index 100%
rename from dsf-podman-dev-setup/dsf-fhir/dsf-backend.network
rename to dsf-podman-dev-setup/prod/dsf-fhir/dsf-backend.network
diff --git a/dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-client-cert.yaml
similarity index 100%
rename from dsf-podman-dev-setup/dsf-fhir/dsf-client-cert.yaml
rename to dsf-podman-dev-setup/prod/dsf-fhir/dsf-client-cert.yaml
diff --git a/dsf-podman-dev-setup/dsf-fhir/dsf-db.kube b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-db.kube
similarity index 100%
rename from dsf-podman-dev-setup/dsf-fhir/dsf-db.kube
rename to dsf-podman-dev-setup/prod/dsf-fhir/dsf-db.kube
diff --git a/dsf-podman-dev-setup/prod/dsf-fhir/dsf-db.yaml b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-db.yaml
new file mode 100644
index 000000000..78efc4125
--- /dev/null
+++ b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-db.yaml
@@ -0,0 +1,71 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dsf-db-data
+  annotations:
+    volume.podman.io/driver: local
+    volume.podman.io/gid: "70"
+    volume.podman.io/uid: "70"
+    volume.podman.io/mount-options: "uid=70,gid=70,mode=0770"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-db
+  labels:
+    app: dsf-db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-db
+  template:
+    metadata:
+      labels:
+        app: dsf-db
+    spec:
+      containers:
+      - image: docker.io/library/postgres:18.4-alpine3.23
+        name: dsf-db
+        livenessProbe:
+          exec:
+            command:
+              - pg_isready
+              - -U
+              - liquibase_user
+              - -d
+              - fhir
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 5
+        env:
+        - name: POSTGRES_DB
+          value: fhir
+        - name: POSTGRES_PASSWORD_FILE
+          value: /run/secrets/db_liquibase.password
+        - name: POSTGRES_USER
+          value: liquibase_user
+        - name: TZ
+          value: Europe/Berlin
+        volumeMounts:
+        - mountPath: /var/lib/postgresql
+          name: postgres-data-pvc
+        - name: db-passwords
+          mountPath: /run/secrets/db_liquibase.password
+          subPath: db_liquibase.password
+          readOnly: true
+      volumes:
+      - name: postgres-data-pvc
+        persistentVolumeClaim:
+          claimName: dsf-db-data
+      - name: db-passwords
+        secret:
+          secretName: dsf-fhir-passwords
diff --git a/dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-frontend.network
similarity index 100%
rename from dsf-podman-dev-setup/dsf-fhir/dsf-frontend.network
rename to dsf-podman-dev-setup/prod/dsf-fhir/dsf-frontend.network
diff --git a/dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-proxy.kube
similarity index 100%
rename from dsf-podman-dev-setup/dsf-fhir/dsf-proxy.kube
rename to dsf-podman-dev-setup/prod/dsf-fhir/dsf-proxy.kube
diff --git a/dsf-podman-dev-setup/prod/dsf-fhir/dsf-proxy.yaml b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-proxy.yaml
new file mode 100644
index 000000000..d90905df3
--- /dev/null
+++ b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-proxy.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-proxy
+  labels:
+    app: dsf-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-proxy
+  template:
+    metadata:
+      labels:
+        app: dsf-proxy
+    spec:
+      restartPolicy: OnFailure
+      securityContext:
+        sysctls:
+          - name: net.ipv4.ip_unprivileged_port_start
+            value: "80"
+      containers:
+        - name: dsf-proxy
+          image: ghcr.io/datasharingframework/fhir_proxy:2.1.0
+          env:
+            - name: TZ
+              value: Europe/Berlin
+            - name: APP_SERVER_IP
+              value: dsf-app
+            - name: HTTPS_SERVER_NAME_PORT
+              value: "dsf.todo.organization.com:443"
+            - name: SSL_CERTIFICATE_FILE
+              value: /run/secrets/ssl_certificate_file.pem
+            - name: SSL_CERTIFICATE_KEY_FILE
+              value: /run/secrets/ssl_certificate_key_file.pem
+            - name: SSL_CERTIFICATE_CHAIN_FILE
+              value: /run/secrets/ssl_certificate_chain_file.pem
+          ports:
+            - containerPort: 443
+              hostPort: 443
+          volumeMounts:
+            - name: ssl-cert
+              mountPath: /run/secrets
+              readOnly: true
+      volumes:
+        - name: ssl-cert
+          configMap:
+            name: dsf-ssl-cert
diff --git a/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-ssl-cert.yaml
similarity index 99%
rename from dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml
rename to dsf-podman-dev-setup/prod/dsf-fhir/dsf-ssl-cert.yaml
index 0c0500497..bf542d20e 100644
--- a/dsf-podman-dev-setup/dsf-fhir/dsf-ssl-cert.yaml
+++ b/dsf-podman-dev-setup/prod/dsf-fhir/dsf-ssl-cert.yaml
@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: ConfigMap
 metadata: