fix(build): minor haskell typos/errors

The code was written without having a working compiler, hence some accidental code kinks remained.

.babelrc.license

@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2022 Felix Hamann <felix.hamann@campus.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Sarah Vaupel <vaupel.sarah@campus.lmu.de>
-
-SPDX-License-Identifier: AGPL-3.0-or-later

.eslintrc.json.license

@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Sarah Vaupel <vaupel.sarah@campus.lmu.de>
-
-SPDX-License-Identifier: AGPL-3.0-or-later

.gitignore

@@ -2,8 +2,10 @@
 dist*
 develop
 node_modules/
-assets/icons
-assets/favicons
+.npm/
+.node_repl_history
+**/assets/icons
+**/assets/favicons
 bin/
 assets/fonts/
 *.hi
@@ -38,22 +40,21 @@ uniworx.nix
 .kateproject
 src/Handler/Assist.bak
 src/Handler/Course.SnapCustom.hs
-frontend/src/env.sass
 *.orig
 /instance
+backend/instance
 .stack-work-*
+.stack-work.lock
 .directory
 tags
 test.log
 *.dump-splices
-/.stack-work.lock
-/.npmrc
-/.npm/
 /config/manifest.json
 tunnel.log
-/static
-/well-known
-/.well-known-cache
+static
+well-known
+.well-known-cache
+manifest.json
 /.nix-well-known
 /**/tmp-*
 /testdata/bigAlloc_*.csv
@@ -67,4 +68,4 @@ tunnel.log
 **/result-*
 .develop.cmd
 /.vscode
-.ghc/ghci_history
+backend/.ghc/ghci_history

.gitlab-ci/sanitize-docker.pl

@@ -1,272 +0,0 @@
-#!/usr/bin/env perl
-
-use strict;
-use warnings;
-
-use Data::Dumper;
-
-print "Sanitize script for node removal from container.\n";
-
-system("pwd");
-{
-  my @l = (".","..");
-  for(1..8) {
-    push @l, (("../" x $_)."..")
-  }
-  for(@l) {
-    my $cmd = "ls -ld $_";
-    print "running: $cmd\n";
-    system $cmd;
-  }
-}
-
-my $tmpdir = "tmp-sanitize";
-
-die "Has already run, abort" if -e $tmpdir;
-
-mkdir $tmpdir;
-
-chmodWrap(0755, $tmpdir);
-chdir($tmpdir);
-system("ln -s ../uniworx.tar.gz .");
-system("tar xzvf uniworx.tar.gz");
-chmodWrap(0755, '.'); # tar can change the rights of '.' if it contains an entry for '.' with other rights
-
-my %truerights = ();
-storeRightsMake7(".");
-
-#print "=== Extended rights:\n";
-#system("ls -l *");
-#resetRights(".");
-#print "=== Reset rights:\n";
-#system("ls -l *");
-
-sub chmodWrap {
-  my ($mode, $fn) = @_;
-  my $tries = 0;
-  die "file '$fn' does not exist; cannot change its permissions to $mode" unless -e $fn;
-  RIGHTS: {
-    chmod($mode, $fn);
-    my $ismode = (stat($fn))[2];
-    my $fm = $ismode % 512;
-    if($fm != $mode) {
-      if($tries++ > 20) {
-        die "Problem with file permissions, abort"
-      }
-      warn sprintf "File rights were meant to be set, but were not updated properly for file '%s', is %03o but was set to %03o; try again in 1 second";
-      sleep 1;
-      redo RIGHTS;
-    }
-  }
-}
-
-# 
-sub storeRightsMake7 {
-  my ($pwd) = @_;
-  my $dh = undef;
-  opendir($dh, $pwd) or die "Could not read dir '$pwd', because: $!";
-  while(my $fn = readdir($dh)) {
-    next if $fn=~m#^\.\.?$#;
-    #perl -le 'my $dh = undef;opendir($dh, ".");while(my $fn = readdir($dh)) { my $mode = (stat($fn))[2];my $fm = $mode % 512;my $fmo=sprintf("%03o",$fm);print "$fn -> $fmo" }'
-    my $fullname = "$pwd/$fn";
-    my $mode = (stat($fullname))[2];
-    my $fm = $mode % 512;
-    #my $fmo = sprintf("%03o",$fm);
-    $truerights{$fullname} = $fm;
-    chmodWrap(($fm | 0700), $fullname);
-    storeRightsMake7($fullname) if -d $fullname;
-  }
-}
-
-sub resetRights {
-  my ($pwd) = @_;
-  print "Resetting rights to:\n" if '.' eq $pwd;
-  print Data::Dumper::Dumper(\%truerights);
-  my $dh = undef;
-  opendir($dh, $pwd) or die "Could not read dir '$pwd', because: $!";
-  while(my $fn = readdir($dh)) {
-    next if $fn=~m#^\.\.?$#;
-    #perl -le 'my $dh = undef;opendir($dh, ".");while(my $fn = readdir($dh)) { my $mode = (stat($fn))[2];my $fm = $mode % 512;my $fmo=sprintf("%03o",$fm);print "$fn -> $fmo" }'
-    my $fullname = "$pwd/$fn";
-    printf("  set rights of '$fullname' back to %03o\n", $truerights{$fullname});
-    chmodWrap($truerights{$fullname}, $fullname);
-    resetRights($fullname) if -d $fullname;
-  }
-}
-
-sub renameWithRights {
-  my ($from, $to) = @_;
-  print "  rename file '$from' to '$to'\n";
-  my %oldrights = %truerights;
-  %truerights = ();
-  while(my ($k,$v) = each %oldrights) {
-    $k =~ s#^\./\Q$from\E#./$to#;
-    $truerights{$k} = $v;
-  }
-  #my $rights = $truerights{$from};
-  #delete $truerights{$from};
-  rename($from, $to) or die "Could not rename '$from' to '$to', because $!";
-  my $waittimer = 20;
-  while(-e $from || not(-e $to) and $waittimer-- > 0) {
-    sleep 1
-  }
-  die "rename file from '$from' to '$to', but it is still there" if -e $from;
-  die "rename file from '$from' to '$to', but there is no file under the new name" unless -e $to;
-  #$truerights{$to} = $rights
-}
-
-print Data::Dumper::Dumper(\%truerights);
-#exit 0;
-
-# Checksummen:
-# outerjson  c27f -- toplevel $outerjson.json, by sha256sum $outerjson.json
-# imageid    d940 -- toplevel verzeichnis mit der layer darin; doc says: Each image’s ID is given by the SHA256 hash of its configuration JSON.
-#                    we'll try as configuration "remove nodejs $oldhash"
-#                    or we just use a random number ;)
-# layertar   fd3d -- doc says: Each image’s ID is given by the SHA256 hash of its configuration JSON.
-#
-##### FOUND
-# outerjson c27f64c8de183296ef409baecc27ddac8cd4065aac760b1b512caf482ad782dd -- in manifest.json
-# imageid   d940253667b5ab47060e8bf537bd5b3e66a2447978f3c784a22b115a262fccbf -- in manifest.json
-# imageid   d940253667b5ab47060e8bf537bd5b3e66a2447978f3c784a22b115a262fccbf -- as toplevel dirname
-# outerjson c27f64c8de183296ef409baecc27ddac8cd4065aac760b1b512caf482ad782dd -- as toplevel filename
-# imageid   d940253667b5ab47060e8bf537bd5b3e66a2447978f3c784a22b115a262fccbf -- in $layerdir/json
-# layertar  fd3d3cdf4ece09864ac933aa664eb5f397cf5ca28652125addd689726f8485cd -- in $outerjson.json
-# 
-#
-##### COMPUTE
-# toplevel
-# outerjson  c27f64c8de183296ef409baecc27ddac8cd4065aac760b1b512caf482ad782dd  $outerjson.json
-#            b21db3fcc85b23d91067a2a5834e114ca9eec0364742c8680546f040598d8cd9  manifest.json
-#            238f234e3a1ddb27a034f4ee1e59735175741e5cc05673b5dd41d9a42bac2ebd  uniworx.tar.gz
-# in $layerdir/
-#            028c1e8d9688b420f7316bb44ce0e26f4712dc21ef93c5af8000c102b1405ad4  json
-# layertar   fd3d3cdf4ece09864ac933aa664eb5f397cf5ca28652125addd689726f8485cd  layer.tar
-#            d0ff5974b6aa52cf562bea5921840c032a860a91a3512f7fe8f768f6bbe005f6  VERSION
-#
-#
-# sha256sum layer.tar fd3d3cdf4ece09864ac933aa664eb5f397cf5ca28652125addd689726f8485cd
-
-my ($outerjson, $imageid) = ();
-
-{
-  my $dirh = undef;
-  opendir($dirh, '.') or die "Could not read dir '.', because: $!";
-  while(my $fn = readdir($dirh)) {
-    next if $fn=~m#^\.#;
-    if($fn=~m#(.{16,})\.json#) { # it shall match on hash sums but not for example on manifest.json
-      $outerjson = $1;
-      next
-    }
-    if($fn=~m#^[0-9a-f]{64}$#) {
-      $imageid = $fn
-    }
-  }
-}
-
-die "Bad archive, could not found expected files and directories" unless defined($outerjson) and defined($imageid);
-
-#system("pwd");
-#print "will run: sha256sum $imageid/layer.tar\n";
-
-my $oldLayerdir = qx(sha256sum $imageid/layer.tar);
-#print "oldLayerdir is for now $oldLayerdir\n\n";
-$oldLayerdir =~ m#^([0-9a-f]{64}).*$# or die "layer.tar not found or sha256sum not installed!";
-$oldLayerdir = $1;
-
-# tar --delete --file layer.tar nix/store/cdalbhzm3z4gz07wyg89maprdbjc4yah-nodejs-14.17.0
-my $layerContent = qx(tar -tf $imageid/layer.tar);
-
-my @rms = $layerContent=~m#^((?:\./)?nix/store/[a-z0-9]+-(?:nodejs|openjdk|ghc)-[^/]+/)$#gm;
-
-print "rm <<$_>>\n" for @rms;
-
-system("tar --delete --file $imageid/layer.tar '$_'") for @rms;
-
-
-### Deconstruction finished, now lets put everything together again after fixing the checksums
-
-
-my $newImageId = qx(echo 'remove nodejs $imageid' | sha256sum);
-$newImageId =~ m#^([0-9a-f]{64}).*$# or die "sha256sum not installed!";
-$newImageId = $1;
-
-my $newLayerdir = qx(sha256sum $imageid/layer.tar);
-$newLayerdir =~ m#^([0-9a-f]{64}).*$# or die "sha256sum not installed!";
-$newLayerdir = $1;
-
-# new outerjson is computed later, as we first have to change its content
-
-sub cautionWaiter {
-  # some file operations give the impression that they are not instant.
-  # Hence, we wait here a bit to see if that fixes stuff
-  #sleep 5; # seems not to be the reason
-}
-
-sub replaceInFile {
-  my ($filename, $replacer) = @_;
-  return unless -e $filename;
-  my $fh = undef;
-  open($fh, '<', $filename) or die "Could not read $filename, because: $!";
-  my $content = join '', <$fh>;
-  close $fh;
-  keys %$replacer;
-  while(my ($k,$v) = each %$replacer) {
-    $content=~s#\Q$k\E#$v#g;
-  }
-  my $wh = undef;
-  open($wh, '>', $filename) or die "Could not write $filename, because: $!";
-  print $wh $content;
-  close $wh;
-}
-
-my %replacer = (
-  $oldLayerdir => $newLayerdir,
-  $imageid => $newImageId,
-);
-
-replaceInFile("$imageid/json", \%replacer);
-replaceInFile("$outerjson.json", \%replacer);
-
-cautionWaiter();
-
-my $newOuterjson = qx(sha256sum '$outerjson.json');
-$newOuterjson =~ m#^([0-9a-f]{64}).*$# or die "sha256sum not installed!";
-$newOuterjson = $1;
-
-cautionWaiter();
-
-renameWithRights("$outerjson.json", "$newOuterjson.json");
-$replacer{$outerjson} = $newOuterjson;
-
-replaceInFile("manifest.json", \%replacer);
-
-replaceInFile("repositories", \%replacer);
-
-cautionWaiter();
-renameWithRights($imageid, $newImageId);
-
-cautionWaiter();
-
-
-
-
-
-resetRights(".");
-
-
-system("find");
-
-unlink("uniworx.tar.gz");
-
-system("tar czvf uniwox-rmnodejs.tar.gz *");
-
-cautionWaiter();
-print "Debug output, content of container:\n";
-system("tar tzvf uniwox-rmnodejs.tar.gz");
-
-cautionWaiter();
-#unlink("../uniworx.tar.gz");
-
-system("cp uniwox-rmnodejs.tar.gz ../uniworx-sanitized.tar.gz");
-

.npmrc.gup.license

@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
-
-SPDX-License-Identifier: AGPL-3.0-or-later

.ports/assign.hs

@@ -1,64 +0,0 @@
--- SPDX-FileCopyrightText: 2024 David Mosbach <david.mosbach@uniworx.de>
---
--- SPDX-License-Identifier: AGPL-3.0-or-later
-
-{-# Language OverloadedStrings, LambdaCase, TypeApplications #-}
-
-import Data.Text (Text)
-import qualified Data.Text as T
-import System.Directory
-import System.Environment
-import System.IO
-
-main :: IO ()
-main = getArgs >>= \case
-  ["--assign", offsetFile] -> parseOffsets offsetFile >>= uncurry nextOffset
-  ["--remove", offset] -> removeOffset offset
-  _ -> fail "unsupported args"
-
-parseOffsets :: FilePath -> IO (Int,Int)
-parseOffsets offsetFile = do
-  user <- T.pack <$> getEnv "USER"
-  let pred x = "//" `T.isPrefixOf` x || T.null (T.strip x)
-      tokenise = map (filter (not . pred) . T.lines) . T.split (=='#')
-      extract = map tail . filter (\u -> not (null u) && user == (T.strip $ head u))
-  ((extract . tokenise . T.pack) <$> readFile offsetFile) >>= \case
-    [[min,max]] -> return (read $ T.unpack min, read $ T.unpack max)
-    x -> print x >> fail "malformed offset file"
-
-nextOffset :: Int -> Int -> IO ()
-nextOffset min max
-  | min > max = nextOffset max min
-  | otherwise = do
-      home <- getEnv "HOME"
-      offset <- findFile [home] ".port-offsets" >>= \case
-        Nothing   -> writeFile (home ++ "/.port-offsets") (show min) >> return min
-        Just path -> do
-          used <- (map (read @Int) . filter (not . null) . lines) <$> readFile path
-          o <- next min max used
-          appendFile path ('\n' : show o)
-          return o
-      print offset
-        where
-          next :: Int -> Int -> [Int] -> IO Int
-          next min max used
-            | min > max = fail "all offsets currently in use"
-            | min `elem` used = next (min+1) max used
-            | otherwise = return min
-
-removeOffset :: String -> IO ()
-removeOffset offset = do
-  home <- getEnv "HOME"
-  findFile [home] ".port-offsets" >>= \case
-    Nothing   -> fail "offset file does not exist"
-    Just path -> do
-      remaining <- (filter (/= offset) . lines) <$> readFile path
-      run <- getEnv "XDG_RUNTIME_DIR"
-      (tempPath, fh) <- openTempFile run ".port-offsets"
-      let out = unlines remaining
-      hPutStr fh $ out
-      case T.null (T.strip $ T.pack out) of
-        True -> removeFile path
-        False -> writeFile path $ out
-      removeFile tempPath
-

.ports/offsets

@@ -1,24 +0,0 @@
-// SPDX-FileCopyrightText: 2024 David Mosbach <david.mosbach@uniworx.de>
-//
-// SPDX-License-Identifier: AGPL-3.0-or-later
-
-# gkleen
-  -1000
-  -950
-
-# ishka
-  -949
-  -899
-
-# jost
-  -898
-  -848
-
-# mosbach
-  -847
-  -797
-
-# savau
-  -796
-  -746
-

Makefile

@@ -1,91 +1,59 @@
-
 export SHELL=bash
 
-# MAKE=make -f Makefile-loggingsymbols
-# MAKE=make -d
+export CLEAN_DEPENDENCIES ?= false
+export CLEAN_IMAGES ?= false
 
-# System information
-export CPU_CORES = $(shell cat /proc/cpuinfo | grep '^processor' | wc -l)
-
-export CONTAINER_COMMAND ?= podman
-export CONTAINER_BGRUN ?= $(CONTAINER_COMMAND) run -dit --network=host --replace
-export CONTAINER_FGRUN ?= $(CONTAINER_COMMAND) run -it --network=host --replace
-
-export IMAGE_REGISTRY = docker.io
-export MEMCACHED_IMAGE = $(IMAGE_REGISTRY)/memcached:latest
-export MINIO_IMAGE = $(IMAGE_REGISTRY)/minio/minio:latest
-export MAILDEV_IMAGE = $(IMAGE_REGISTRY)/maildev/maildev:latest # TODO: needs different port than 1025 to avoid conflicts
-
-export IN_CONTAINER ?= false
-export IN_CI ?= false
-export CONTAINER_FILE
-export CONTAINER_IDENT
-export CF_PREFIX
-export DEVELOP
-export CONTAINER_ATTACHED
-export CONTAINER_INIT
-export CONTAINER_CLEANUP
-export PROJECT_DIR=/fradrive
-
-export SERVICE
-export SERVICE_VARIANT ?= $(SERVICE)
-export JOB
-export IMAGE
-export SET_IMAGE
-export ENTRYPOINT
-export EXEC_OPTS
-
-export STACK_CORES = $(shell echo $(($(CPU_CORES)/2)))
-export BASE_PORTS
-export UNIWORXDB_OPTS ?= -cf
-export PROD ?= false
+export ENTRYPOINT ?= bash
 export SRC
 
-ifneq ($(PROD),true)
-  export --DEVELOPMENT=--flag uniworx:dev
-endif
-
-export DATE := $(shell date +'%Y-%m-%dT%H-%M-%S')
-
-export CURR_DEV = $(shell cat develop/.current 2>/dev/null)
-export SET_DEVELOP = $(eval DEVELOP=develop/$$(CURR_DEV))
-export NEW_DEVELOP = $(eval DEVELOP=develop/$$(DATE))
-
-
 .PHONY: help
 # HELP: print out this help message
 help:
-	@if [ -z "$$(which perl 2>/dev/null)" ] ; then \
-	  $(CONTAINER_FGRUN) .:/mnt 'debian:12.5' '/mnt/utils/makehelp.pl' '/mnt/Makefile' ; \
-	else \
-	  utils/makehelp.pl Makefile ; \
-	fi
+	docker compose run help
 
 .PHONY: clean
-# HELP: stop all running containers and remove all compilation results in the directory (but leave images including dependencies unharmed)
+# HELP: clean compilation caches
 clean:
-	rm -rf develop
-	-rm -rf node_modules .npm .cache assets/icons assets/favicons static well-known config/manifest.json frontend/src/env.sass
-	-rm -rf .stack-work .stack-work.lock
-	-rm -rf bin .Dockerfile develop
-	-$(CONTAINER_COMMAND) container prune --force
-.PHONY: clean-images
-# HELP: stop all running containers and clean all images from local repositories
-clean-images:
-	rm -rf develop
-	sleep 5
-	-$(CONTAINER_COMMAND) system prune --all --force --volumes
-	-$(CONTAINER_COMMAND) image prune --all --force
-	-$(CONTAINER_COMMAND) volume prune --force
+	$(MAKE) clean-frontend CLEAN_DEPENDENCIES=$(CLEAN_DEPENDENCIES) CLEAN_IMAGES=$(CLEAN_IMAGES) 
+	$(MAKE) clean-backend CLEAN_DEPENDENCIES=$(CLEAN_DEPENDENCIES) CLEAN_IMAGES=$(CLEAN_IMAGES)
 .PHONY: clean-all
-# HELP: like clean but with full container, image, and volume prune
-clean-all: clean
-	-rm -rf .stack
-	$(CONTAINER_COMMAND) system reset --force
+# HELP: clean everything, including dependency and image caches
+clean-all: CLEAN_DEPENDENCIES = true
+clean-all: CLEAN_IMAGES = true
+clean-all: clean ;
 
+.PHONY: clean-%
+# HELP(clean-$SERVICE): invalidate caches for a given service. Supported services: frontend, backend.
+clean-%:
+	$(MAKE) stop-$*
+	@$(MAKE) -- --clean-$*
+	@echo "Cleaned $* build files and binaries."
+ifeq ("$(CLEAN_DEPENDENCIES)", "true")
+	@$(MAKE) -- --clean-$*-deps
+	@echo "Cleaned $* dependencies."
+endif
+ifeq ("$(CLEAN_IMAGES)", "true")
+	$(MAKE) kill-$*
+	docker compose rm --force --volumes
+	docker compose down --rmi 'all' --volumes
+	@echo "Cleaned $* image."
+endif
+--clean-frontend:
+	-rm -rf assets/icons assets/favicons
+	-rm -rf static well-known
+--clean-frontend-deps:
+	-rm -rf frontend/node_modules
+	-rm -rf frontend/.npm
+--clean-backend:
+	-rm -rf backend/.stack-work
+	-rm -rf bin/
+--clean-backend-deps:
+	-rf -rf backend/.stack
+
+
+# TODO: only release when build and tests are passing!!!
 .PHONY: release
 # HELP: create, commit and push a new release
-# TODO: only release when build and tests are passing!!!
 release:
 	VERSION=`./utils/version.pl -changelog CHANGELOG.md -v` ; \
 	git add CHANGELOG.md ; \
@@ -96,346 +64,60 @@ release:
 
 .PHONY: compile
 # HELP: perform full compilation (frontend and backend)
-compile:
-	$(MAKE) compile-frontend
-	$(MAKE) compile-backend
+compile: compile-frontend compile-backend ;
+.PHONY: compile-%
+# HELP(compile-$SERVICE): compile a given service once
+compile-%:
+	docker compose run --remove-orphans --build --no-deps $* make compile
 
 .PHONY: start
 # HELP: start complete development environment with a fresh test database
-start:
-	$(MAKE) start-postgres
-	$(MAKE) start-memcached
-	$(MAKE) start-minio
-	$(MAKE) start-maildev
-	$(MAKE) compile-frontend
-	$(MAKE) compile-uniworxdb
-	$(MAKE) start-backend
-
-.PHONY: %-backend
-%-backend: SERVICE=backend
-%-backend: SERVICE_VARIANT=backend
-%-backend: IMAGE=localhost/fradrive/backend
-%-backend: BASE_PORTS = "DEV_PORT_HTTP=3000" "DEV_PORT_HTTPS=3443"
-
-.PHONY: %-uniworxdb
-%-uniworxdb: SERVICE=backend
-%-uniworxdb: SERVICE_VARIANT=uniworxdb
-%-uniworxdb: IMAGE=localhost/fradrive/backend
-
-.PHONY: %-ghci
-%-ghci: SERVICE=backend
-%-ghci: SERVICE_VARIANT=ghci
-%-ghci: IMAGE=localhost/fradrive/backend
-
-.PHONY: %-hoogle
-%-hoogle: SERVICE=backend
-%-hoogle: SERVICE_VARIANT=hoogle
-%-hoogle: BASE_PORTS = "HOOGLE_PORT=8081"
-%-hoogle: IMAGE=localhost/fradrive/backend
---start-hoogle:
-	HOOGLE_PORT=`cat $(CONTAINER_FILE) | grep 'HOOGLE_PORT=' | sed 's/HOOGLE_PORT=//'` ; \
-	stack $(STACK_CORES) hoogle -- server --local --port $${HOOGLE_PORT}
-
-.PHONY: %-frontend
-%-frontend: SERVICE=frontend
-%-frontend: SERVICE_VARIANT=frontend
-%-frontend: IMAGE=localhost/fradrive/frontend
-
-.PHONY: %-postgres
-%-postgres: SERVICE=postgres
-%-postgres: SERVICE_VARIANT=postgres
-%-postgres: BASE_PORTS = "PGPORT=5432"
-%-postgres: SET_IMAGE=localhost/fradrive/postgres
-
-.PHONY: %-memcached
-%-memcached: SERVICE=memcached
-%-memcached: SERVICE_VARIANT=memcached
-%-memcached: SET_IMAGE=$$(MEMCACHED_IMAGE) --port=`cat $$(CONTAINER_FILE) | grep 'MEMCACHED_PORT=' | sed 's/MEMCACHED_PORT=//'`
-%-memcached: BASE_PORTS = "MEMCACHED_PORT=11211"
-
-.PHONY: %-maildev
-%-maildev: SERVICE=maildev
-%-maildev: SERVICE_VARIANT=maildev
-%-maildev: SET_IMAGE=$$(MAILDEV_IMAGE) --port=`cat $$(CONTAINER_FILE) | grep 'MAILDEV_PORT=' | sed 's/MAILDEV_PORT=//'`
-%-maildev: BASE_PORTS = "MAILDEV_PORT=1025"
-
-.PHONY: %-release
-%-release: PROD=true
-%-release: SERVICE=fradrive
-%-release: SERVICE_VARIANT=fradrive
-%-release: IMAGE=localhost/fradrive/fradrive
-
-.PHONY: %-minio
-%-minio: SERVICE=minio
-%-minio: SERVICE_VARIANT=minio
-%-minio: SET_IMAGE=$$(MINIO_IMAGE) -- server `mktemp` --address=:`cat $$(CONTAINER_FILE) | grep 'UPLOAD_S3_PORT=' | sed 's/UPLOAD_S3_PORT=//'`
-%-minio: BASE_PORTS = "UPLOAD_S3_PORT=9000"
-
+start: start-postgres start-maildev start-memcached start-minio start-backend
+	docker compose exec backend make start
 .PHONY: start-%
-start-%: JOB=start
-start-%: CF_PREFIX = start-
-start-%: CONTAINER_ATTACHED = false
-start-%: --act ;
-
-.PHONY: compile-%
-compile-%: JOB=compile
-compile-%: CF_PREFIX = compile-
-compile-%: CONTAINER_ATTACHED = true
-compile-%: --act ;
-
-.PHONY: dependencies-%
-dependencies-%: JOB=dependencies
-dependencies-%: CF_PREFIX = dependencies-
-dependencies-%: CONTAINER_ATTACHED = true
-dependencies-%: --act ;
-
-.PHONY: test-%
-test-%: JOB=test
-test-%: CF_PREFIX = test-
-test-%: CONTAINER_ATTACHED = true
-test-%: --act ;
-
-.PHONY: lint-%
-lint-%: JOB=lint
-lint-%: CF_PREFIX = lint-
-lint-%: CONTAINER_ATTACHED = true
-lint-%: --act ;
+# HELP(start-$SERVICE): start a given service
+start-%:
+	docker compose up -d --build $*
 
 .PHONY: shell-%
-# HELP(shell-$SERVICE): launch (bash) shell inside a new $SERVICE container
-shell-%: JOB=shell
-shell-%: CF_PREFIX=shell-
-shell-%: CONTAINER_ATTACHED=true
-shell-%: --act ;
+# HELP(shell-$SERVICE): launch a (bash) shell inside a given service
+shell-%:
+	docker compose run --build --no-deps --entrypoint="$(ENTRYPOINT)" $*
 .PHONY: ghci
-# HELP(ghci): launch new backend instance and enter interactive ghci shell
-ghci: shell-ghci;
-
---act: --develop_containerized;
-
---develop_%: PORTS = $(foreach PORT,$(BASE_PORTS),$(shell utils/next_free_port.pl $(PORT)))
---develop_%: --ensure-develop
-	DEVELOP=develop/`cat develop/.current` ; \
-	CONTAINER_IDENT=$(CF_PREFIX)$(SERVICE_VARIANT) ; \
-	CONTAINER_FILE=$${DEVELOP}/$${CONTAINER_IDENT} ; \
-	if [[ -e $${CONTAINER_FILE} ]]; then \
-	  >&2 echo "Another $* service is already running! Use \"make new-develop\" to start a new develop instance despite currently running services." ; \
-	  exit 1 ; \
-	fi ; \
-	echo "$(PORTS)" | sed 's/ /\n/g' > $${CONTAINER_FILE} ; \
-	$(MAKE) -- --$* CONTAINER_FILE=$${CONTAINER_FILE} CONTAINER_IDENT=$${CONTAINER_IDENT} JOB=$(JOB)
-
-.PHONY: rebuild-%
-# HELP(rebuild-{backend,frontend,database,memcached,minio}): force-rebuild a given container image
-rebuild-%:
-	$(MAKE) -- --image-build SERVICE=$* NO_CACHE=--no-cache
---image-build:
-ifeq "$(IMAGE)" "localhost/fradrive/$(SERVICE)"
-	rm -f .Dockerfile
-	ln -s docker/$(SERVICE)/Dockerfile .Dockerfile
-	PROJECT_DIR=/fradrive; \
-	if [ "$(IN_CONTAINER)" == "false" ] ; then \
-	  $(CONTAINER_COMMAND) build $(NO_CACHE) \
-	    -v $(PWD):$${PROJECT_DIR}:rw \
-		--build-arg PROJECT_DIR=$${PROJECT_DIR} \
-	    --env IN_CONTAINER=true \
-		--env JOB=$(JOB) \
-		--tag fradrive/$(SERVICE) \
-		--file $(PWD)/.Dockerfile ; \
-	fi
-else
-	:
-endif
-
---containerized: --image-build
-	DEVELOP=`cat develop/.current` ; \
-	./utils/watchcontainerrun.sh "$(CONTAINER_COMMAND)" "$(CONTAINER_FILE)" "$(CONTAINER_INIT)" "$(CONTAINER_CLEANUP)" & \
-	CONTAINER_NAME=fradrive.$(CURR_DEV).$(CONTAINER_IDENT) ; \
-	if ! [ -z "$(SET_IMAGE)" ] ; \
-	  then \
-	    IMAGE="$(SET_IMAGE)" ; \
-	  else \
-	    IMAGE=$(IMAGE) ; \
-		MAKECALL="make -- --$(JOB)-$(SERVICE_VARIANT) IN_CONTAINER=true" ; \
-	fi ; \
-	CONTAINER_ID=`$(CONTAINER_BGRUN) \
-	  -v $(PWD):$(PROJECT_DIR):rw \
-	  --env IN_CONTAINER=true \
-	  --env CONTAINER_FILE=$(CONTAINER_FILE) \
-	  --env CONTAINER_NAME=$${CONTAINER_NAME} \
-	  --env JOB=$(JOB) \
-	  --env SRC=$(SRC) \
-	  --name $${CONTAINER_NAME} \
-	  $${IMAGE} \
-	  $${MAKECALL} \
-	` ; \
-	printf "CONTAINER_ID=$${CONTAINER_ID}" >> "$(CONTAINER_FILE)" ; \
-	if [[ "true" == "$(CONTAINER_ATTACHED)" ]] ; then \
-	  $(CONTAINER_COMMAND) attach $${CONTAINER_ID} || : ; \
-	fi
-
-# For Reverse Proxy Problem see: https://groups.google.com/g/yesodweb/c/2EO53kSOuy0/m/Lw6tq2VYat4J
-# HELP(start-backend): start development instance
---start-backend: --dependencies-backend
-	export YESOD_IP_FROM_HEADER=true; \
-	export DEV_PORT_HTTP=`cat $(CONTAINER_FILE) | grep 'DEV_PORT_HTTP=' | sed 's/DEV_PORT_HTTP=//'`; \
-	export DEV_PORT_HTTPS=`cat $(CONTAINER_FILE) | grep 'DEV_PORT_HTTPS=' | sed 's/DEV_PORT_HTTPS=//'`; \
-	export HOST=127.0.0.1 ; \
-	export PORT=$${PORT:-$${DEV_PORT_HTTP}} ; \
-	export DETAILED_LOGGING=$${DETAILED_LOGGING:-true} ; \
-	export LOG_ALL=$${LOG_ALL:-false} ; \
-	export LOGLEVEL=$${LOGLEVEL:-info} ; \
-	export DUMMY_LOGIN=$${DUMMY_LOGIN:-true} ; \
-	export SERVER_SESSION_ACID_FALLBACK=$${SERVER_SESSION_ACID_FALLBACK:-true} ; \
-	export SERVER_SESSION_COOKIES_SECURE=$${SERVER_SESSION_COOKIES_SECURE:-false} ; \
-	export COOKIES_SECURE=$${COOKIES_SECURE:-false} ; \
-	export ALLOW_DEPRECATED=$${ALLOW_DEPRECATED:-true} ; \
-	export ENCRYPT_ERRORS=$${ENCRYPT_ERRORS:-false} ; \
-	export RIBBON=$${RIBBON:-$${HOST:-localhost}} ; \
-	export APPROOT=$${APPROOT:-http://localhost:$${DEV_PORT_HTTP}} ; \
-	export AVSPASS=$${AVSPASS:-nopasswordset} ; \
-	stack $(STACK_CORES) exec --local-bin-path $$(pwd)/bin --copy-bins -- yesod devel -p "$${DEV_PORT_HTTP}" -q "$${DEV_PORT_HTTPS}"
-# HELP(compile-backend): compile backend binaries
---compile-backend: --dependencies-backend
-	stack build $(STACK_CORES) --fast --profile --library-profiling --executable-profiling --flag uniworx:-library-only $(--DEVELOPMENT) --local-bin-path $$(pwd)/bin --copy-bins
-# HELP(dependencies-backend): (re-)build backend dependencies
---dependencies-backend: #uniworx.cabal
-	chown -R `id -un`:`id -gn` "$(PROJECT_DIR)"; \
-	stack install hpack; stack install yesod-bin; \
-	stack build -j2 --only-dependencies
-# HELP(lint-backend): lint backend
---lint-backend:
-	stack build $(STACK_CORES) --test --fast --flag uniworx:library-only $(--DEVELOPMENT) uniworx:test:hlint
-# HELP(test-backend): test backend
---test-backend:
-	stack build $(STACK_CORES) --test --coverage --fast --flag uniworx:library-only $(--DEVELOPMENT)
-# uniworx.cabal:
-# 	stack exec -- hpack --force
-
-# HELP(compile-frontend): compile frontend assets
---compile-frontend: --dependencies-frontend
-	npm run build
---start-frontend: --compile-frontend;
---dependencies-frontend: node_modules assets esbuild.config.mjs frontend/src/env.sass;
-node_modules: package.json package-lock.json
-	npm install --cache .npm --prefer-offline
-package-lock.json: package.json
-	npm install --cache .npm --prefer-offline
-assets: assets/favicons assets/icons;
-assets/favicons:
-	./utils/faviconize.pl assets/favicon.svg long assets/favicons
-assets/icons: node_modules assets/icons-src/fontawesome.json
-	./utils/renamer.pl node_modules/@fortawesome/fontawesome-free/svgs/solid assets/icons-src/fontawesome.json assets/icons/fradrive
-	./utils/renamer.pl node_modules/@fortawesome/fontawesome-free/svgs/regular assets/icons-src/fontawesome.json assets/icons/fradrive
-	-cp assets/icons-src/*.svg assets/icons/fradrive
-frontend/src/env.sass:
-	echo "\$$path: '$${PROJECT_DIR}'" > frontend/src/env.sass
-static: --dependencies-frontend
-	npm run build
-well-known: static;
---lint-frontend: --compile-frontend
-	npm run lint
---test-frontend: --compile-frontend
-	npm run test
-
-# HELP(compile-uniworxdb): clear and fill database. requires running postgres instance (use "make start-postgres" to start one)
-# TODO (db-m-$MIGRATION-backend): apply migration (see src/Model/Migration/Definition.hs for list of available migrations)
---compile-uniworxdb: --compile-backend
-	SERVER_SESSION_ACID_FALLBACK=${SERVER_SESSION_ACID_FALLBACK:-true} ; \
-	AVSPASS=${AVSPASS:-nopasswordset} ; \
-	./bin/uniworxdb $(UNIWORXDB_OPTS)
-
-# HELP(shell-ghci): enter ghci shell. Use "make ghci SRC=<MODULE_FILE.hs>" to load specific source modules."
---shell-ghci:
-	stack ghci -- $(SRC)
-# --main-is uniworx:exe:uniworx
-
-# HELP(shell-{backend,frontend,memcached,minio,postgres}): enter (bash) shell inside a new container of a given service
---shell-%:
-	/bin/bash
-
-# HELP(start-minio): start minio service
-
-.PHONY: status
-# HELP: print develop status: running containers, used ports
-status:
-	@./utils/develop-status.pl -a
-
-.PHONY: log-%
-# HELP(log-$(JOB)-$(SERVICE)): inspect output of a given service. The service must be currently running When a service supports multiple running instances in one develop (i.e. backend), you need to specify the exact instance by its associated file (e.g. backend-1, backend-2, etc.), please check the contents of the develop/ directory for a list of running instances.
-log-%:
-	DEVELOP=develop/`cat develop/.current` ; \
-	SEARCH_FILE="$${DEVELOP}/$*" ; \
-	if [[ ! -e "$${SEARCH_FILE}" ]] ; then \
-	  SEARCH_FILE="$${DEVELOP}/.exited.$*" ; \
-	fi ; \
-	if [[ -e "$${SEARCH_FILE}" ]] ; then \
-	  $(CONTAINER_COMMAND) logs --follow `cat "$${SEARCH_FILE}" | grep CONTAINER_ID= | sed 's/^CONTAINER_ID=//'` ; \
-	else \
-	  >&2 echo "Cannot show log: No develop file found for '$*'" ; \
-	  exit 1 ; \
-	fi
-
-.PHONY: enter
-# HELP: launch (bash) shell inside a currently running container. Use ./enter shell wrapper for more convenient usage, possibly with tab-completion in the future
-enter: --ensure-develop
-	$(MAKE) -- --enter
-
-.PHONY: psql
-# HELP: enter psql (postgresql) cli inside a currently running database container
-psql: ENTRYPOINT=/usr/bin/psql -d uniworx
-psql: EXEC_OPTS=--user postgres
-psql: --ensure-develop
-	$(MAKE) -- --enter CONTAINER_FILE=develop/`cat develop/.current`/start-postgres
-
---enter:
-	CONTAINER_ID=`cat $(CONTAINER_FILE) | grep 'CONTAINER_ID=' | sed 's/CONTAINER_ID=//'` ; \
-	$(CONTAINER_COMMAND) exec -it $(EXEC_OPTS) $${CONTAINER_ID} $(if $(ENTRYPOINT),$(ENTRYPOINT),/bin/bash)
+# HELP: launch ghci instance. Use in combination with SRC to specify the modules to be loaded by ghci: make ghci SRC=src/SomeModule.hs
+ghci: ENTRYPOINT=stack ghci $(SRC)
+ghci: shell-backend ;
 
 .PHONY: stop
-# HELP: stop all currently running develop instances
+# HELP: stop all services
 stop:
-	rm -rf develop
+	docker compose down
 .PHONY: stop-%
-# HELP(stop-SERVICE): stop all currently running develop instances of a given service (i.e. backend,frontend,uniworxdb,hoogle,postgres,...)
-# HELP(stop-JOB): stop all currently running develop instances of a given job (i.e. compile,start,test,lint)
-stop-compile: CF_PREFIX=compile-
-stop-start: CF_PREFIX=start-
-stop-test: CF_PREFIX=test-
-stop-lint: CF_PREFIX=lint-
-stop-%: --stop;
---stop:
-	$(SET_DEVELOP)
-ifdef CF_PREFIX
-	rm -rf $(DEVELOP)/$(CF_PREFIX)*
-endif
-ifdef SERVICE_VARIANT
-	rm -rf $(DEVELOP)/*-$(SERVICE_VARIANT)
-endif
+# HELP(stop-$SERVICE): stop a given service
+stop-%:
+	docker compose down $*
+.PHONY: kill-%
+# HELP(kill-$SERVICE): kill a given service the hard way. Use this if the servive does not respond to stop.
+kill-%:
+	docker compose kill $*
 
-.PHONY: new-develop
-# HELP: instantiate new development bundle, i.e. create new directory under develop/
-new-develop:
-	$(NEW_DEVELOP)
-	mkdir -p $(DEVELOP)
-	$(MAKE) develop/.current
-.PHONY: switch-develop
-# HELP: switch current develop instance to DEVELOP=...
-switch-develop:
-	if ! [ -e develop/$(DEVELOP) ]; then \
-	  echo "Specified develop $(DEVELOP) does not exist! Not switching." ; \
-	  exit 1 ; \
-	fi ; \
-	echo "$(DEVELOP)" > develop/.current
---ensure-develop:
-	if ! [[ -e develop ]]; then \
-	  $(MAKE) new-develop; \
-	fi
-	$(MAKE) develop/.current
-	$(SET_DEVELOP)
-.PHONY: develop/.current
-develop/.current:
-	ls -1 develop | tail -n1 > develop/.current
+.PHONY: status
+# HELP: print an overview of currently running services and their health
+status:
+	docker compose ps
+.PHONY: top
+# HELP: print an overview of the ressource usage of the currently running services
+top:
+	docker compose stats
+.PHONY: list-projects
+# HELP: list all currently running projects on this machine
+list-projects:
+	docker compose ls
+
+.PHONY: log-%
+# HELP(log-$SERVICE): follow the output of a given service. Service must be running.
+log-%:
+	docker compose logs --follow --timestamps $*
 
 .PHONY: --%
 .SUFFIXES: # Delete all default suffixes

backend/Dockerfile

@@ -0,0 +1,40 @@
+ARG FROM_IMG=docker.io/library/debian
+ARG FROM_TAG=12.5
+
+FROM ${FROM_IMG}:${FROM_TAG}
+
+ENV LANG=de_DE.UTF-8
+
+# basic dependencies
+RUN apt-get -y update && apt-get -y install git
+RUN apt-get -y update && apt-get -y install haskell-stack
+RUN apt-get -y update && apt-get -y install llvm
+RUN apt-get -y update && apt-get install -y --no-install-recommends locales locales-all
+
+# compile-time dependencies
+RUN apt-get -y update && apt-get install -y libpq-dev libsodium-dev
+RUN apt-get -y update && apt-get -y install g++ libghc-zlib-dev libpq-dev libsodium-dev pkg-config
+RUN apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata
+
+# run-time dependencies for uniworx binary
+RUN apt-get -y update && apt-get -y install fonts-roboto
+# RUN apt-get -y update && apt-get -y install pdftk
+# RUN apt-get -y update && apt-get -y install \
+# texlive texlive-latex-recommended texlive-luatex texlive-plain-generic texlive-lang-german texlive-lang-english
+RUN apt-get -y update && apt-get -y install texlive
+# RUN ls /usr/local/texlive
+# RUN chown -hR root /usr/local/texlive/2018
+# RUN tlmgr init-usertree
+# RUN tlmgr option repository ftp://tug.org/historic/systems/texlive/2018/tlnet-final
+# RUN tlmgr update --self --all
+
+ARG PROJECT_DIR=/fradrive
+ENV PROJECT_DIR=${PROJECT_DIR}
+# RUN mkdir -p "${PROJECT_DIR}"; chmod -R 777 "${PROJECT_DIR}"
+WORKDIR ${PROJECT_DIR}
+ENV HOME=${PROJECT_DIR}
+ENV STACK_ROOT="${PROJECT_DIR}/.stack"
+
+ENV STACK_SRC=""
+ENV STACK_ENTRY="ghci ${STACK_SRC}"
+ENTRYPOINT stack ${STACK_ENTRY}

backend/Makefile

@@ -0,0 +1,51 @@
+export CPU_CORES = $(shell cat /proc/cpuinfo | grep '^processor' | wc -l)
+export STACK_CORES = $(shell echo $(($(CPU_CORES)/2)))
+
+ifeq ($(PROD),true)
+export --DEVELOPMENT=--flag uniworx:-dev
+else
+export --DEVELOPMENT=--flag uniworx:dev
+endif
+
+.PHONY: dependencies
+dependencies:
+	stack install hpack; stack install yesod-bin; \
+	stack build -j2 --only-dependencies
+
+.PHONY: compile
+compile: dependencies
+	stack build $(STACK_CORES) --fast --profile --library-profiling --executable-profiling --flag uniworx:-library-only $(--DEVELOPMENT) --local-bin-path $$(pwd)/bin --copy-bins
+
+.PHONY: lint
+lint:
+	stack build $(STACK_CORES) --test --fast --flag uniworx:library-only $(--DEVELOPMENT) uniworx:test:hlint
+
+.PHONY: test
+test:
+	stack build $(STACK_CORES) --test --coverage --fast --flag uniworx:library-only $(--DEVELOPMENT)
+
+# For Reverse Proxy Problem see: https://groups.google.com/g/yesodweb/c/2EO53kSOuy0/m/Lw6tq2VYat4J
+.PHONY: start
+start: dependencies
+	export YESOD_IP_FROM_HEADER=true; \
+	export DEV_PORT_HTTP=3000; \
+	export DEV_PORT_HTTPS=3443; \
+	export HOST=127.0.0.1 ; \
+	export PORT=$${PORT:-$${DEV_PORT_HTTP}} ; \
+	export DETAILED_LOGGING=$${DETAILED_LOGGING:-true} ; \
+	export LOG_ALL=$${LOG_ALL:-false} ; \
+	export LOGLEVEL=$${LOGLEVEL:-info} ; \
+	export DUMMY_LOGIN=$${DUMMY_LOGIN:-true} ; \
+	export SERVER_SESSION_ACID_FALLBACK=$${SERVER_SESSION_ACID_FALLBACK:-true} ; \
+	export SERVER_SESSION_COOKIES_SECURE=$${SERVER_SESSION_COOKIES_SECURE:-false} ; \
+	export COOKIES_SECURE=$${COOKIES_SECURE:-false} ; \
+	export ALLOW_DEPRECATED=$${ALLOW_DEPRECATED:-true} ; \
+	export ENCRYPT_ERRORS=$${ENCRYPT_ERRORS:-false} ; \
+	export RIBBON=$${RIBBON:-$${HOST:-localhost}} ; \
+	export APPROOT=$${APPROOT:-http://localhost:$${DEV_PORT_HTTP}} ; \
+	export AVSPASS=$${AVSPASS:-nopasswordset} ; \
+	stack $(STACK_CORES) exec --local-bin-path $$(pwd)/bin --copy-bins -- yesod devel -p "$${DEV_PORT_HTTP}" -q "$${DEV_PORT_HTTPS}"
+
+.PHONY: clean
+clean:
+	rm -rf .stack-work .stack uniworx.cabal .ghc

backend/config/settings.yml

@@ -24,9 +24,9 @@ mail-from:
   email:        "_env:MAILFROM_EMAIL:uniworx@localhost"
 mail-object-domain: "_env:MAILOBJECT_DOMAIN:localhost"
 mail-use-replyto-instead-sender: "_env:MAIL_USES_REPLYTO:true"
-mail-reroute-to:
-  name:         "_env:MAIL_REROUTE_TO_NAME:"
-  email:        "_env:MAIL_REROUTE_TO_EMAIL:"
+mail-reroute-to: 
+ name:         "_env:MAIL_REROUTE_TO_NAME:"
+ email:        "_env:MAIL_REROUTE_TO_EMAIL:"
 #mail-verp:
 #  separator:    "_env:VERP_SEPARATOR:+"
 #  prefix:       "_env:VERP_PREFIX:bounce"
@@ -45,7 +45,7 @@ legal-external:
     imprint:          "https://www.fraport.com/de/tools/impressum.html"
     data-protection:  "https://www.fraport.com/de/konzern/datenschutz.html"
     terms-of-use:     "https://www.fraport.com/de/tools/disclaimer.html"
-    payments:         "https://www.fraport.com/de/geschaeftsfelder/service/geschaeftspartner/richtlinien-und-zahlungsbedingungen.html"
+    payments:         "https://www.fraport.com/de/geschaeftsfelder/service/geschaeftspartner/richtlinien-und-zahlungsbedingungen.html"  
 
 job-workers:        "_env:JOB_WORKERS:10"
 job-flush-interval: "_env:JOB_FLUSH:30"
@@ -66,7 +66,7 @@ keep-unreferenced-files: 86400
 health-check-interval:
   matching-cluster-config: "_env:HEALTHCHECK_INTERVAL_MATCHING_CLUSTER_CONFIG:600"
   http-reachable: "_env:HEALTHCHECK_INTERVAL_HTTP_REACHABLE:600"
-  ldap-admins: "_env:HEALTHCHECK_INTERVAL_LDAP_ADMINS:600" # TODO: either generalize over every external auth sources, or otherwise reimplement for different semantics
+  ldap-admins: "_env:HEALTHCHECK_INTERVAL_LDAP_ADMINS:600"
   smtp-connect: "_env:HEALTHCHECK_INTERVAL_SMTP_CONNECT:600"
   widget-memcached: "_env:HEALTHCHECK_INTERVAL_WIDGET_MEMCACHED:600"
   active-job-executors: "_env:HEALTHCHECK_INTERVAL_ACTIVE_JOB_EXECUTORS:60"
@@ -77,7 +77,7 @@ health-check-http: "_env:HEALTHCHECK_HTTP:true" # Can we assume, that we can rea
 health-check-active-job-executors-timeout: "_env:HEALTHCHECK_ACTIVE_JOB_EXECUTORS_TIMEOUT:5"
 health-check-active-widget-memcached-timeout: "_env:HEALTHCHECK_ACTIVE_WIDGET_MEMCACHED_TIMEOUT:2"
 health-check-smtp-connect-timeout: "_env:HEALTHCHECK_SMTP_CONNECT_TIMEOUT:5"
-health-check-ldap-admins-timeout: "_env:HEALTHCHECK_LDAP_ADMINS_TIMEOUT:60" # TODO: either generalize over every external auth sources, or otherwise reimplement for different semantics
+health-check-ldap-admins-timeout: "_env:HEALTHCHECK_LDAP_ADMINS_TIMEOUT:60"
 health-check-http-reachable-timeout: "_env:HEALTHCHECK_HTTP_REACHABLE_TIMEOUT:2"
 health-check-matching-cluster-config-timeout: "_env:HEALTHCHECK_MATCHING_CLUSTER_CONFIG_TIMEOUT:2"
 
@@ -126,47 +126,24 @@ database:
   database: "_env:PGDATABASE:uniworx"
   poolsize: "_env:PGPOOLSIZE:990"
 
-auto-db-migrate: "_env:AUTO_DB_MIGRATE:true"
+auto-db-migrate: '_env:AUTO_DB_MIGRATE:true'
 
-# External sources used for user authentication and userdata lookups
-user-auth:
-# mode: single-source
-  protocol: "_env:USERAUTH_MODE:azureadv2"
-  config:
-    client-id:     "_env:AZURECLIENTID:00000000-0000-0000-0000-000000000000"
-    client-secret: "_env:AZURECLIENTSECRET:''"
-    tenant-id:     "_env:AZURETENANTID:00000000-0000-0000-0000-000000000000"
-    scopes:        "_env:AZURESCOPES:[ID,Profile]"
-    # protocol: "ldap"
-    # config:
-    #   host:           "_env:LDAPHOST:"
-    #   tls:            "_env:LDAPTLS:"
-    #   port:           "_env:LDAPPORT:389"
-    #   user:           "_env:LDAPUSER:"
-    #   pass:           "_env:LDAPPASS:"
-    #   baseDN:         "_env:LDAPBASE:"
-    #   scope:          "_env:LDAPSCOPE:WholeSubtree"
-    #   timeout:        "_env:LDAPTIMEOUT:5"
-    #   search-timeout: "_env:LDAPSEARCHTIME:5"
+ldap:
+  - host:    "_env:LDAPHOST:"
+    tls:     "_env:LDAPTLS:"
+    port:    "_env:LDAPPORT:389"
+    user:    "_env:LDAPUSER:"
+    pass:    "_env:LDAPPASS:"
+    baseDN:  "_env:LDAPBASE:"
+    scope:   "_env:LDAPSCOPE:WholeSubtree"
+    timeout: "_env:LDAPTIMEOUT:5"
+    search-timeout: "_env:LDAPSEARCHTIME:5"
+    pool:
+      stripes: "_env:LDAPSTRIPES:1"
+      timeout: "_env:LDAPTIMEOUT:20"
+      limit:   "_env:LDAPLIMIT:10"
 
-single-sign-on: "_env:OIDC_SSO:false"
-
-# Automatically redirect to SSO route when not signed on
-# Note: This will force authentication, thus the site will be inaccessible without external credentials. Only use this option when it is ensured that every user that should be able to access the site has valid external credentials!
-auto-sign-on: "_env:AUTO_SIGN_ON:false"
-
-# TODO: generalize for arbitrary auth protocols
-# TODO: maybe use separate pools for external databases?
-ldap-pool:
-  stripes: "_env:LDAPSTRIPES:1"
-  timeout: "_env:LDAPTIMEOUT:20"
-  limit:   "_env:LDAPLIMIT:10"
-
-# TODO: reintroduce and move into failover settings once failover mode has been reimplemented
-# user-retest-failover: 60
-# TODO; maybe implement syncWithin and syncInterval per auth source
-user-sync-within:   "_env:USER_SYNC_WITHIN:1209600" # 14 Tage in Sekunden
-user-sync-interval: "_env:USER_SYNC_INTERVAL:3600"  # jede Stunde
+ldap-re-test-failover: 60
 
 lms-direct:
   upload-header:                "_env:LMSUPLOADHEADER:true"
@@ -189,7 +166,7 @@ avs:
 lpr:
   host:    "_env:LPRHOST:fravm017173.fra.fraport.de"
   port:    "_env:LPRPORT:515"
-  queue:   "_env:LPRQUEUE:fradrive"
+  queue:   "_env:LPRQUEUE:fradrive"  
 
 smtp:
   host:    "_env:SMTPHOST:"
@@ -212,7 +189,7 @@ widget-memcached:
   timeout:    "_env:WIDGET_MEMCACHED_TIMEOUT:20"
   base-url:   "_env:WIDGET_MEMCACHED_ROOT:"
   expiration: "_env:WIDGET_MEMCACHED_EXPIRATION:3600"
-
+  
 session-memcached:
   host:       "_env:SESSION_MEMCACHED_HOST:localhost"
   port:       "_env:SESSION_MEMCACHED_PORT:11211"

backend/messages/uniworx/categories/admin/de-de-formal.msg

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022-2025 Sarah Vaupel <sarah.vaupel@uniworx.de>,Gregor Kleen <gregor.kleen@ifi.lmu.de>,Winnie Ros <winnie.ros@campus.lmu.de>,Steffen Jost <s.jost@fraport.de>
+# SPDX-FileCopyrightText: 2022-25 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Winnie Ros <winnie.ros@campus.lmu.de>,Steffen Jost <s.jost@fraport.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -150,8 +150,6 @@ InterfaceName: Schnittstelle
 InterfaceLastSynch: Zuletzt
 InterfaceSubtype: Betreffend
 InterfaceWrite: Schreibend
-
-AdminUserPassword: Passwort
 InterfaceSuccess: Rückmeldung
 InterfaceInfo: Nachricht
 InterfaceFreshness: Maximale Zugriffsfrist
@@ -163,4 +161,4 @@ IWTActDelete: Entfernen
 InterfaceWarningAdded: Schnittstellenwarnungszeit hinzugefügt oder geändert
 InterfaceWarningDeleted n@Int: #{pluralDEeN n "Schnittstellenwarnungszeit"} gelöscht
 InterfaceWarningDisabledEntirely: Alle Fehler ignorieren
-InterfaceWarningDisabledInterval: Keine Zugriffsfrist
+InterfaceWarningDisabledInterval: Keine Zugriffsfrist

backend/messages/uniworx/categories/admin/en-eu.msg

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022-2025 Sarah Vaupel <sarah.vaupel@uniworx.de>,Winnie Ros <winnie.ros@campus.lmu.de>,Steffen Jost <s.jost@fraport.de>
+# SPDX-FileCopyrightText: 2022-25 Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Winnie Ros <winnie.ros@campus.lmu.de>,Steffen Jost <s.jost@fraport.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -150,8 +150,6 @@ InterfaceName: Interface
 InterfaceLastSynch: Last
 InterfaceSubtype: Affecting
 InterfaceWrite: Write
-
-AdminUserPassword: Password
 InterfaceSuccess: Returned
 InterfaceInfo: Message
 InterfaceFreshness: Maximum usage period
@@ -163,4 +161,4 @@ IWTActDelete: Delete
 InterfaceWarningAdded: Interface warning time added/changed
 InterfaceWarningDeleted n: #{pluralENsN n "interface warning time"} deleted
 InterfaceWarningDisabledEntirely: Ignore all errors
-InterfaceWarningDisabledInterval: No maximum usage period
+InterfaceWarningDisabledInterval: No maximum usage period

backend/messages/uniworx/categories/authorization/de-de-formal.msg

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022-2024 David Mosbach <david.mosbach@uniworx.de>, Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Sarah Vaupel <sarah.vaupel@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, Winnie Ros <winnie.ros@campus.lmu.de>
+# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>,Winnie Ros <winnie.ros@campus.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -72,8 +72,8 @@ UnauthorizedTutorialTutorControl: Ausbilder:innen dürfen diesen Kurs nicht edit
 UnauthorizedCourseTutor: Sie sind nicht Ausbilder:in für diese Kursart.
 UnauthorizedTutor: Sie sind nicht Ausbilder:in.
 UnauthorizedTutorialRegisterGroup: Sie sind bereits in einem Kurs mit derselben Registrierungs-Gruppe eingetragen.
-UnauthorizedExternal: Angegebene:r Benuzter:in meldet sich nicht über einen aktuell unterstützten externen Login an.
-UnauthorizedInternal: Angegebene:r Benutzer:in meldet sich nicht mit FRADrive-Kennung an.
+UnauthorizedLDAP: Angegebener Nutzer/Angegebene Nutzerin meldet sich nicht mit Fraport Login an.
+UnauthorizedPWHash: Angegebener Nutzer/Angegebene Nutzerin meldet sich nicht mit FRADrive-Kennung an.
 UnauthorizedExternalExamListNotEmpty: Liste von externen Prüfungen ist nicht leer
 UnauthorizedExternalExamLecturer: Sie sind nicht als Prüfer:in für diese externe Prüfung eingetragen
 UnauthorizedSubmissionSubmissionGroup: Sie sind nicht Mitglied in einer der registrierten Abgabegruppen, die an dieser Abgabe beteiligt sind
@@ -102,15 +102,15 @@ LDAPLoginTitle: Fraport Login für interne und externe Nutzer
 PWHashLoginTitle: Spezieller Funktionsnutzer Login
 PWHashLoginNote: Verwenden Sie dieses Formular nur, wenn Sie explizit dazu aufgefordert wurden. Alle anderen sollten das andere Login Formular verwenden!
 DummyLoginTitle: Development-Login
-InternalLoginError: Interner Fehler beim Login
-DecodeUserInvalidIdent: Konnte anhand des Fraport Büko-Logins keine eindeutige Identifikation ermitteln
-DecodeUserInvalidEmail: Konnte anhand des Fraport Büko-Logins keine E-Mail-Addresse ermitteln
-DecodeUserInvalidDisplayName: Konnte anhand des Fraport Büko-Logins keinen vollen Namen ermitteln
-DecodeUserInvalidGivenName: Konnte anhand des Fraport Büko-Logins keinen Vornamen ermitteln
-DecodeUserInvalidSurname: Konnte anhand des Fraport Büko-Logins keinen Nachname ermitteln
-DecodeUserInvalidTitle: Konnte anhand des Fraport Büko-Logins keinen akademischen Titel ermitteln
-DecodeUserInvalidFeaturesOfStudy parseErr@Text: Konnte anhand des Fraport Büko-Logins keine Studiengänge ermitteln
-DecodeUserInvalidAssociatedSchools parseErr@Text: Konnte anhand des Fraport Büko-Logins keine Bereiche ermitteln
+InternalLdapError: Interner Fehler beim Fraport Büko-Login
+CampusUserInvalidIdent: Konnte anhand des Fraport Büko-Logins keine eindeutige Identifikation ermitteln
+CampusUserInvalidEmail: Konnte anhand des Fraport Büko-Logins keine E-Mail-Addresse ermitteln
+CampusUserInvalidDisplayName: Konnte anhand des Fraport Büko-Logins keinen vollen Namen ermitteln
+CampusUserInvalidGivenName: Konnte anhand des Fraport Büko-Logins keinen Vornamen ermitteln
+CampusUserInvalidSurname: Konnte anhand des Fraport Büko-Logins keinen Nachname ermitteln
+CampusUserInvalidTitle: Konnte anhand des Fraport Büko-Logins keinen akademischen Titel ermitteln
+CampusUserInvalidFeaturesOfStudy parseErr@Text: Konnte anhand des Fraport Büko-Logins keine Studiengänge ermitteln
+CampusUserInvalidAssociatedSchools parseErr@Text: Konnte anhand des Fraport Büko-Logins keine Bereiche ermitteln
 InvalidCredentialsADNoSuchObject: Benutzereintrag existiert nicht
 InvalidCredentialsADLogonFailure: Ungültiges Passwort
 InvalidCredentialsADAccountRestriction: Beschränkungen des Fraport Accounts verhindern Login
@@ -139,6 +139,3 @@ FormHoneypotNamePlaceholder: Name
 FormHoneypotComment: Kommentar
 FormHoneypotCommentPlaceholder: Kommentar
 FormHoneypotFilled: Bitte füllen Sie keines der verstecken Felder aus
-
-Logout: Abmeldung
-SingleSignOut: Abmeldung bei Azure

backend/messages/uniworx/categories/authorization/en-eu.msg

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, David Mosbach <david.mosbach@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Sarah Vaupel <sarah.vaupel@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, Winnie Ros <winnie.ros@campus.lmu.de>
+# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>,Winnie Ros <winnie.ros@campus.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -72,8 +72,8 @@ UnauthorizedTutorialTutorControl: Instructors may not edit this course.
 UnauthorizedCourseTutor: You are no instructor for this course.
 UnauthorizedTutor: You are no instructor.
 UnauthorizedTutorialRegisterGroup: You are already registered for a course with the same registration group.
-UnauthorizedExternal: Specified user does not log in with any currently supported external login.
-UnauthorizedInternal: Specified user does not log in with a FRADrive-account.
+UnauthorizedLDAP: Specified user does not log in with their Fraport password.
+UnauthorizedPWHash: Specified user does not log in with an FRADrive-account.
 UnauthorizedExternalExamListNotEmpty: List of external exams is not empty
 UnauthorizedExternalExamLecturer: You are not an associated person for this external exam
 UnauthorizedSubmissionSubmissionGroup: You are not member in any of the submission groups for this submission
@@ -103,15 +103,15 @@ LDAPLoginTitle: Fraport login for intern and extern users
 PWHashLoginTitle: Special function user login
 PWHashLoginNote: Only use this login form if you have received special instructions to do so. All others should use the other login field.
 DummyLoginTitle: Development login
-InternalLoginError: Internal error during login
-DecodeUserInvalidIdent: Could not determine unique identification during Fraport Büko login
-DecodeUserInvalidEmail: Could not determine email address during Fraport Büko login
-DecodeUserInvalidDisplayName: Could not determine display name during Fraport Büko login
-DecodeUserInvalidGivenName: Could not determine given name during Fraport Büko login
-DecodeUserInvalidSurname: Could not determine surname during Fraport Büko login
-DecodeUserInvalidTitle: Could not determine title during Fraport Büko login
-DecodeUserInvalidFeaturesOfStudy parseErr: Could not determine features of study during Fraport Büko login
-DecodeUserInvalidAssociatedSchools parseErr: Could not determine associated departments during Fraport Büko login
+InternalLdapError: Internal error during Fraport Büko login
+CampusUserInvalidIdent: Could not determine unique identification during Fraport Büko login
+CampusUserInvalidEmail: Could not determine email address during Fraport Büko login
+CampusUserInvalidDisplayName: Could not determine display name during Fraport Büko login
+CampusUserInvalidGivenName: Could not determine given name during Fraport Büko login
+CampusUserInvalidSurname: Could not determine surname during Fraport Büko login
+CampusUserInvalidTitle: Could not determine title during Fraport Büko login
+CampusUserInvalidFeaturesOfStudy parseErr: Could not determine features of study during Fraport Büko login
+CampusUserInvalidAssociatedSchools parseErr: Could not determine associated departments during Fraport Büko login
 InvalidCredentialsADNoSuchObject: User entry does not exist
 InvalidCredentialsADLogonFailure: Invalid password
 InvalidCredentialsADAccountRestriction: Restrictions on your Fraport account prevent a login
@@ -140,6 +140,3 @@ FormHoneypotNamePlaceholder !ident-ok: Name
 FormHoneypotComment: Comment
 FormHoneypotCommentPlaceholder: Comment
 FormHoneypotFilled: Please do not fill in any of the hidden fields
-
-Logout: Logout
-SingleSignOut: Azure logout

backend/messages/uniworx/categories/courses/tutorial/de-de-formal.msg

@@ -47,9 +47,11 @@ TutorialUserDeregister: Vom Kurs abmelden
 TutorialUserSendMail: Mitteilung verschicken
 TutorialUserPrintQualification: Zertifikat drucken
 TutorialUserGrantQualification: Qualifikation vergeben
+TutorialUserGrantQualificationDateTooltip: Leer lassen, um das Ablaufdatum auf das heutige Datum plus Standardgültigkeitsdauer zu setzen.
+TutorialUserGrantQualificationDateError qsh@QualificationShorthand: Qualifikation #{qsh} hat keine Standardgültigkeitsdauer, daher ist ein explizites Ablaufdatum erforderlich!
 TutorialUserRenewQualification: Qualifikation regulär verlängern
-TutorialUserRenewedQualification n@Int: Qualifikation für #{tshow n} Kurs-#{pluralDE n "Teilnehmer:in" "Teilnehmer:innen"} regulär verlängert
-TutorialUserGrantedQualification n@Int: Qualifikation erfolgreich an #{tshow n} Kurs-#{pluralDE n "Teilnehmer:in" "Teilnehmer:innen"} vergeben
+TutorialUserRenewedQualification qsh@QualificationShorthand n@Int: Qualifikation #{qsh} für #{tshow n} Kurs-#{pluralDE n "Teilnehmer:in" "Teilnehmer:innen"} regulär verlängert.
+TutorialUserGrantedQualification qsh@QualificationShorthand day@Text n@Int: Qualifikation #{qsh} bis #{day} erfolgreich an #{tshow n} Kurs-#{pluralDE n "Teilnehmer:in" "Teilnehmer:innen"} vergeben.
 TutorialUserAssignExam: Zur Prüfung einteilen
 TutorialUserExamAssignedFor n@Int m@Int p@Text: #{n}/#{m} zur Prüfung #{p} eingeteilt
 CommTutorial: Kursmitteilung

backend/messages/uniworx/categories/courses/tutorial/en-eu.msg

@@ -43,14 +43,15 @@ TutorInviteHeading tutn: Invitation to be instructor for #{tutn}
 TutorInviteExplanation: You were invited to be a instructor.
 TutorCorrectorInvitationAccepted shn: You are now a corrector for #{shn}
 TutorialUsersDeregistered count: Successfully deregistered #{show count} participants from course
-
 TutorialUserDeregister: Deregister from course
 TutorialUserSendMail: Send mail
 TutorialUserPrintQualification: Print certificate
 TutorialUserGrantQualification: Grant qualification
+TutorialUserGrantQualificationDateTooltip: Leave blank for expiry on today's date plus standard qualification valid duration.
+TutorialUserGrantQualificationDateError qsh@QualificationShorthand: Qualification #{qsh} has no standard valid duration. Please provide an explicit expiry date!
 TutorialUserRenewQualification: Renew qualification
-TutorialUserRenewedQualification n@Int: Successfully renewed qualification #{tshow n} course #{pluralEN n "user" "users"}
-TutorialUserGrantedQualification n: Successfully granted qualification #{tshow n} course #{pluralEN n "user" "users"}
+TutorialUserRenewedQualification qsh n: Successfully renewed #{qsh} qualification for #{pluralENsN n "course participant"}
+TutorialUserGrantedQualification qsh day n: Successfully granted #{qsh} qualification until #{day} to #{pluralENsN n "course participant"}
 TutorialUserAssignExam: Register for examination
 TutorialUserExamAssignedFor n@Int m@Int p@Text: #{n}/#{m} enrolled for exam #{p}
 CommTutorial: Course message

backend/messages/uniworx/categories/send/send_notifications/de-de-formal.msg

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, Winnie Ros <winnie.ros@campus.lmu.de>
+# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>,Winnie Ros <winnie.ros@campus.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -75,10 +75,11 @@ NotPassed: Nicht bestanden
 
 #userAuthModeUpdate.hs + templates
 MailSubjectUserAuthModeUpdate: Ihr FRADrive-Login
-UserAuthPasswordEnabled: Sie können sich nun mit einer FRADrive-internen Kennung einloggen.
-UserAuthPasswordDisabled: Sie können sich nun nicht mehr mit Ihrer FRADrive-internen Kennung einloggen.
-AuthExternalLoginTip: Sollten Sie Zugriff zu einem von FRADrive unterstützten externen Account (Azure-Login über Fraport-Kennung, Fraport-BüKo-Login) besitzen, so können Sie sich mit Ihren externen Login-Daten in FRADrive einloggen.
-PasswordResetEmailIncoming: Einen Link um ihr Passwort zu setzen bzw. zu ändern bekommen Sie aus Sicherheitsgründen in einer separaten E-Mail.
+UserAuthModeChangedToLDAP: Sie können sich nun mit Ihrer Fraport AG Kennung (Büko) in FRADrive einloggen.
+UserAuthModeChangedToPWHash: Sie können sich nun mit einer FRADrive-internen Kennung einloggen.
+UserAuthModeChangedToNoLogin: Ihr Login auf der FRADrive Webseite wurde deaktiviert, aber ihr FRADrive Konto besteht weiterhin. Gültigkeit und Verlängerungen Ihrer Qualifikationen sind dadurch nicht beeinträchtigt. Wenden Sie sich an die Fahrschuladmins, wenn der Login auf der FRADrive Webseite benötigt werden sollte.
+AuthPWHashTip: Sie müssen nun das mit "FRADrive-Login" beschriftete Login-Formular verwenden. Stellen Sie bitte sicher, dass Sie ein Passwort gesetzt haben, bevor Sie versuchen sich anzumelden.
+PasswordResetEmailIncoming: Einen Link um ihr Passwort zu setzen bzw. zu ändern bekommen Sie, aus Sicherheitsgründen, in einer separaten E-Mail.
 MailFradrive !ident-ok: FRADrive
 MailBodyFradrive: ist die Führerscheinverwaltungsapp der Fraport AG.
 

backend/messages/uniworx/categories/send/send_notifications/en-eu.msg

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, Winnie Ros <winnie.ros@campus.lmu.de>
+# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>,Winnie Ros <winnie.ros@campus.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -75,9 +75,10 @@ NotPassed: Failed
 
 #userAuthModeUpdate.hs + templates
 MailSubjectUserAuthModeUpdate: Your FRADrive login
-UserAuthPasswordEnabled: You can now log in using your FRADrive-internal account credentials.
-UserAuthPasswordDisabled: You can no longer log in using your FRADrive-internal account credentials.
-AuthExternalLoginTip: If you have access to an external account supported by FRADrive (Azure login via Fraport identification, Fraport-BüKo login), you can login in FRADrive using your external credentials.
+UserAuthModeChangedToLDAP: You can now log in to FRADrive using your Fraport AG account (Büko)
+UserAuthModeChangedToPWHash: You can now log in using your FRADrive-internal account
+UserAuthModeChangedToNoLogin: Your login for the FRADrive website has been deactivated, but you FRADrive account persists. This has no effect on you qualifications. Please contact the driving school admins, if you need new login credentials for the FRADrive website.
+AuthPWHashTip: You now need to use the login form labeled "FRADrive login". Please ensure that you have already set a password when you try to log in.
 PasswordResetEmailIncoming: For security reasons you will receive a link to the page on which you can set and later change your password in a separate email.
 MailFradrive: FRADrive
 MailBodyFradrive: is the apron driver's licence management app of Fraport AG.