From 9fd3df83e730df02f48db070f37d4a98f4c9efac Mon Sep 17 00:00:00 2001
From: Clemens Hering <clemens.hering@valtrix.systems>
Date: Mon, 10 Nov 2025 21:10:31 +0100
Subject: [PATCH] Breaking changes

---
 .gitea/workflows/deploy-old.yaml.off     | 102 -----------------------
 Containerfile                            |  42 ++++++----
 Containerfile.old                        |  26 ++++++
 src/layouts/Base.astro                   |  10 ++-
 src/pages/{ => de}/cases.astro           |   6 +-
 src/pages/de/cases/cloud-migration.astro |  36 ++++++++
 src/pages/de/cases/k8s-hardening.astro   |  48 +++++++++++
 src/pages/{ => de}/datenschutz.astro     |   6 +-
 src/pages/{ => de}/impressum.astro       |   4 +-
 src/pages/de/index.astro                 |  82 ++++++++++++++++++
 src/pages/{ => de}/kontakt.astro         |   6 +-
 src/pages/{ => de}/leistungen.astro      |   4 +-
 src/pages/{ => de}/sicherheit.astro      |   4 +-
 src/pages/{ => de}/ueber-uns.astro       |   4 +-
 src/pages/en/index.astro                 |  24 ++++--
 src/pages/index.astro                    |  73 ----------------
 16 files changed, 259 insertions(+), 218 deletions(-)
 delete mode 100644 .gitea/workflows/deploy-old.yaml.off
 create mode 100644 Containerfile.old
 rename src/pages/{ => de}/cases.astro (75%)
 create mode 100644 src/pages/de/cases/cloud-migration.astro
 create mode 100644 src/pages/de/cases/k8s-hardening.astro
 rename src/pages/{ => de}/datenschutz.astro (94%)
 rename src/pages/{ => de}/impressum.astro (78%)
 create mode 100644 src/pages/de/index.astro
 rename src/pages/{ => de}/kontakt.astro (84%)
 rename src/pages/{ => de}/leistungen.astro (89%)
 rename src/pages/{ => de}/sicherheit.astro (71%)
 rename src/pages/{ => de}/ueber-uns.astro (68%)
 delete mode 100644 src/pages/index.astro

diff --git a/.gitea/workflows/deploy-old.yaml.off b/.gitea/workflows/deploy-old.yaml.off
deleted file mode 100644
index 8878c4b..0000000
--- a/.gitea/workflows/deploy-old.yaml.off
+++ /dev/null
@@ -1,102 +0,0 @@
-name: Build and Deploy Container
-
-env:
-  TARGET_HOST: host.containers.internal
-  #TARGET_HOST: www.valtrix.systems
-  TARGET_USER: traefik
-  APP_DIR: /home/traefik/valtrix-website
-  CONTAINER_NAME: valtrix-website
-  QUADLET_FILE: ./deploy/valtrix-website.container
-  SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-  SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
-
-on:
-  push:
-    branches:
-      - main
-      - develop
-
-jobs:
-  build_and_deploy:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Pre-clean Git global config (avoid https→ssh rewrite)
-        shell: bash
-        run: |
-          set -euo pipefail
-          git --version || true
-          echo "Global git config before:" || true
-          git config --global --list || true
-          # Remove any url.*.insteadof rules that force SSH for gitea.smb-corp.de
-          for key in $(git config --global --get-regexp '^url\\..*\\.insteadof$' 2>/dev/null | awk '{print $1}'); do
-            if echo "$key" | grep -qi 'gitea\\.smb-corp\\.de'; then
-              echo "Removing global mapping: $key"
-              git config --global --unset-all "$key" || true
-            fi
-          done
-          # Ensure no global sshCommand forces SSH
-          git config --global --unset-all core.sshCommand || true
-          echo "Global git config after:" || true
-          git config --global --list || true
-      - name: Setup SSH for git/scp
-        shell: bash
-        run: |
-          install -m 700 -d ~/.ssh
-          printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
-          chmod 600 ~/.ssh/id_ed25519
-          printf "%s\n" "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts || true
-          chmod 644 ~/.ssh/known_hosts
-          # Ensure host keys are present to avoid interactive prompts
-          (ssh-keygen -F "$TARGET_HOST" >/dev/null || ssh-keyscan -H "$TARGET_HOST" >> ~/.ssh/known_hosts) || true
-          (ssh-keygen -F gitea.smb-corp.de >/dev/null || ssh-keyscan -H gitea.smb-corp.de >> ~/.ssh/known_hosts) || true
-
-      - name: Checkout Repository
-        uses: actions/checkout@v4
-      - name: Copy entire repository to target host (scp -> atomic replace)
-        shell: bash
-        run: |
-          set -euo pipefail
-          # Work in a temp directory to avoid partial updates and handle ownership issues more clearly
-          TMP_DIR="$APP_DIR.tmp.$(date +%s)"
-          echo "Creating remote temp dir $TMP_DIR"
-          ssh -o BatchMode=yes -i ~/.ssh/id_ed25519 $TARGET_USER@$TARGET_HOST "mkdir -p '$TMP_DIR'"
-
-          echo "Copying repository files to $TARGET_HOST:$TMP_DIR via scp (includes hidden files)"
-          # Enable dotglob so hidden files are included in the glob
-          shopt -s dotglob || true
-          # Copy all files and directories in the repo root to the remote temp dir
-          scp -r -o BatchMode=yes -i ~/.ssh/id_ed25519 ./* $TARGET_USER@$TARGET_HOST:$TMP_DIR/
-
-          echo "Attempting atomic replacement of $APP_DIR with $TMP_DIR"
-          # Try to remove existing dir and move temp into place. If removal fails due to permissions, leave temp and error.
-          ssh -o BatchMode=yes -i ~/.ssh/id_ed25519 $TARGET_USER@$TARGET_HOST "set -euo pipefail; if [ -d '$APP_DIR' ]; then rm -rf '$APP_DIR' || { echo 'ERROR: cannot remove existing $APP_DIR (permissions)'; exit 2; } fi; mv '$TMP_DIR' '$APP_DIR'"
-          echo "Copy and replace finished"
-
-      - name: Build container on target host
-        run: |
-          # Expand $APP_DIR locally so the remote shell receives the concrete path
-          ssh $TARGET_USER@$TARGET_HOST "set -euo pipefail; echo -e \"$APP_DIR \n\n\"; cd '$APP_DIR' && echo 'PWD:' \$(pwd) && ls -la . && podman build -t $CONTAINER_NAME:latest ."
-
-      - name: Backup Quadlet file
-        run: |
-          ssh $TARGET_USER@$TARGET_HOST "
-            test -f ~/.config/containers/systemd/$CONTAINER_NAME.container && \
-            cp ~/.config/containers/systemd/$CONTAINER_NAME.container ~/.config/containers/systemd/$CONTAINER_NAME.container.bak || true
-          "
-
-      - name: Replace Quadlet file
-        run: |
-          scp ./$QUADLET_FILE $TARGET_USER@$TARGET_HOST:~/.config/containers/systemd/
-          ssh $TARGET_USER@$TARGET_HOST '
-            systemctl --user daemon-reload && echo "Reloaded user systemd daemon" && \
-            systemctl --user restart valtrix-website.service
-          '
-
-      - name: Verify deployment
-        run: |
-          ssh $TARGET_USER@$TARGET_HOST '
-            podman ps --filter "name=valtrix" --format "table {{.Names}}\t{{.Image}}\t{{.Status}}" || echo "No running container named $CONTAINER_NAME"
-            echo "Container logs of $CONTAINER_NAME:"
-            podman logs valtrix-website 
-            podman logs $CONTAINER_NAME --tail 20
-          '
\ No newline at end of file
diff --git a/Containerfile b/Containerfile
index 7770436..239b61e 100644
--- a/Containerfile
+++ b/Containerfile
@@ -1,26 +1,36 @@
-# Multi-stage build for Astro static site
-FROM node:22-alpine AS builder
+# syntax=docker/dockerfile:1.7
+
+###########
+# BUILD STAGE
+###########
+FROM cgr.dev/chainguard/node:latest-dev AS build
 WORKDIR /app
 
-# Install deps
+# Copy dependency manifests
 COPY package*.json ./
-RUN npm ci || npm install
 
-# Copy sources and build static output
+# Install all deps (inkl. dev)
+RUN --mount=type=cache,target=/root/.npm npm ci
+
+# Copy app source and build
 COPY . .
 RUN npm run build
 
-# ---- Runtime stage ----
-FROM node:22-alpine AS runtime
-WORKDIR /app
+###########
+# RUNTIME STAGE
+###########
+FROM cgr.dev/chainguard/node:latest
 ENV NODE_ENV=production
-ENV PORT=3000
-ENV WEB_ROOT=/app/dist
-ENV TZ=Europe/Berlin
-ENV ASTRO_TELEMETRY_DISABLED=1
-COPY --from=builder /app/dist /app/dist
-COPY server.mjs /app/server.mjs
-# Drop root: use the pre-created node user
+WORKDIR /app
+
+# Copy only what’s needed to run
+COPY --from=build /app/package*.json ./
+COPY --from=build /app/node_modules ./node_modules
+COPY --from=build /app/dist ./dist
+COPY --from=build /app/server.mjs ./server.mjs
+
+# Chainguard runs as nonroot by default (user `nonroot`)
 USER node
 #EXPOSE 3000
-CMD ["node", "/app/server.mjs"]
+
+CMD ["node", "./server.mjs"]
\ No newline at end of file
diff --git a/Containerfile.old b/Containerfile.old
new file mode 100644
index 0000000..7770436
--- /dev/null
+++ b/Containerfile.old
@@ -0,0 +1,26 @@
+# Multi-stage build for Astro static site
+FROM node:22-alpine AS builder
+WORKDIR /app
+
+# Install deps
+COPY package*.json ./
+RUN npm ci || npm install
+
+# Copy sources and build static output
+COPY . .
+RUN npm run build
+
+# ---- Runtime stage ----
+FROM node:22-alpine AS runtime
+WORKDIR /app
+ENV NODE_ENV=production
+ENV PORT=3000
+ENV WEB_ROOT=/app/dist
+ENV TZ=Europe/Berlin
+ENV ASTRO_TELEMETRY_DISABLED=1
+COPY --from=builder /app/dist /app/dist
+COPY server.mjs /app/server.mjs
+# Drop root: use the pre-created node user
+USER node
+#EXPOSE 3000
+CMD ["node", "/app/server.mjs"]
diff --git a/src/layouts/Base.astro b/src/layouts/Base.astro
index bad24ba..ea393e3 100644
--- a/src/layouts/Base.astro
+++ b/src/layouts/Base.astro
@@ -4,13 +4,15 @@ const { title = "Valtrix – Struktur schafft Wert", description = "Cloud, Secur
 // Language & routing helpers
 const pathname = Astro.url.pathname;
 const isEn = pathname.startsWith('/en');
+const isDe = pathname.startsWith('/de');
 const lang = isEn ? 'en' : 'de';
-const prefix = isEn ? '/en' : '';
-const stripEn = (p) => p.replace(/^\/en(?=\/|$)/, '');
-const altHref = isEn ? (stripEn(pathname) || '/') : ('/en' + (pathname === '/' ? '' : pathname));
+// Default to /de for links so navigation always points to language-prefixed routes
+const prefix = isEn ? '/en' : '/de';
+const stripLang = (p) => p.replace(/^\/(?:en|de)(?=\/|$)/, '');
+const altHref = isEn ? ('/de' + (stripLang(pathname) || '/')) : ('/en' + (stripLang(pathname) || '/'));
 // Canonical/alternate URLs (use provided path when present for og/link tags)
 const canonicalPath = path || pathname;
-const deHref = stripEn(canonicalPath) || '/';
+const deHref = canonicalPath.startsWith('/de') ? canonicalPath : ('/de' + (canonicalPath === '/' ? '' : canonicalPath));
 const enHref = canonicalPath.startsWith('/en') ? canonicalPath : ('/en' + (canonicalPath === '/' ? '' : canonicalPath));
 // Nav labels per language
 const labels = isEn ? {
diff --git a/src/pages/cases.astro b/src/pages/de/cases.astro
similarity index 75%
rename from src/pages/cases.astro
rename to src/pages/de/cases.astro
index e6ee3ea..580a9d9 100644
--- a/src/pages/cases.astro
+++ b/src/pages/de/cases.astro
@@ -1,15 +1,15 @@
 ---
-import Base from "../layouts/Base.astro";
+import Base from "../../layouts/Base.astro";
 const items = [
   { slug: "cloud-migration", title: "Sichere Cloud-Migration (AWS/Azure)", summary: "Landing Zone, Zero-Trust, Pipeline & Observability in 6 Wochen." },
   { slug: "k8s-hardening", title: "Kubernetes Hardening & GitOps", summary: "CIS Benchmarks, OPA Policies-as-Code, ArgoCD Rollouts." }
 ];
 ---
-<Base path="/cases" title="Referenzen – Valtrix">
+<Base path="/de/cases" title="Referenzen – Valtrix">
   <h1 class="text-3xl font-bold mt-8">Referenzen</h1>
   <div class="grid md:grid-cols-2 gap-6 mt-6">
     {items.map(i => (
-      <a href={`/cases/${i.slug}`} class="p-6 border rounded-brand card hover:shadow-sm transition-shadow block">
+      <a href={`/de/cases/${i.slug}`} class="p-6 border rounded-brand card hover:shadow-sm transition-shadow block">
         <h2 class="font-semibold text-lg">{i.title}</h2>
         <p class="mt-2 text-textMuted">{i.summary}</p>
         <span class="mt-3 inline-block text-primary underline">Case ansehen</span>
diff --git a/src/pages/de/cases/cloud-migration.astro b/src/pages/de/cases/cloud-migration.astro
new file mode 100644
index 0000000..a6daefb
--- /dev/null
+++ b/src/pages/de/cases/cloud-migration.astro
@@ -0,0 +1,36 @@
+---
+import Base from "../../../layouts/Base.astro";
+---
+<Base path="/de/cases/cloud-migration" title="Case Study – Sichere Cloud-Migration">
+  <h1 class="text-3xl font-bold mt-8">Case Study: Sichere Cloud-Migration</h1>
+  <p class="mt-4 text-textMuted">Enterprise-Migration von On-Prem nach Cloud mit Fokus auf Sicherheit & Compliance.</p>
+
+  <section class="mt-8 grid md:grid-cols-3 gap-6">
+    <div class="p-6 border rounded-brand card">
+      <h3 class="font-semibold">Ziel</h3>
+      <p class="mt-2 text-textMuted">Sichere AWS/Azure Landing Zone, segmentiertes Netzwerk, zentralisiertes IAM.</p>
+    </div>
+    <div class="p-6 border rounded-brand card">
+      <h3 class="font-semibold">Vorgehen</h3>
+      <p class="mt-2 text-textMuted">Guardrails, IaC (Terraform/OpenTofu), GitOps, Observability, Cost Controls.</p>
+    </div>
+    <div class="p-6 border rounded-brand card">
+      <h3 class="font-semibold">Ergebnis</h3>
+      <p class="mt-2 text-textMuted">Schnelleres Deployment, Auditfähigkeit, reduzierte Risiken & Kosten.</p>
+    </div>
+  </section>
+
+  <section class="mt-10">
+  <h2 class="text-2xl font-bold mb-3">Kennzahlen</h2>
+    <ul class="list-disc pl-6 text-textMuted">
+      <li>6 Wochen bis produktionsreifer Basis</li>
+      <li>~40% weniger manuelle Deployments durch CI/CD</li>
+      <li>100% Infrastruktur als Code & Policies-as-Code</li>
+    </ul>
+  </section>
+
+  <div class="mt-12 rounded-brand p-6 bg-gradient-to-r from-accent to-primary text-white flex items-center justify-between">
+    <div class="text-lg font-semibold tracking-wide">Ähnliches Projekt geplant?</div>
+    <a href="/de/kontakt" class="px-5 py-3 rounded-brand bg-white text-primary font-medium">Jetzt anfragen</a>
+  </div>
+</Base>
diff --git a/src/pages/de/cases/k8s-hardening.astro b/src/pages/de/cases/k8s-hardening.astro
new file mode 100644
index 0000000..7b4e5b9
--- /dev/null
+++ b/src/pages/de/cases/k8s-hardening.astro
@@ -0,0 +1,48 @@
+---
+import Base from "../../../layouts/Base.astro";
+---
+<Base path="/de/cases/k8s-hardening" title="Case Study – Kubernetes Hardening & GitOps">
+  <h1 class="text-3xl font-bold mt-8">Case Study: Kubernetes Hardening & GitOps</h1>
+  <p class="mt-4 text-textMuted">Produktionsreifes K8s‑Setup mit Härtung nach CIS, durchgängigen Policies‑as‑Code und GitOps‑Deployments.</p>
+
+  <section class="mt-8 grid md:grid-cols-3 gap-6">
+    <div class="p-6 border rounded-brand card">
+      <h3 class="font-semibold">Ziel</h3>
+      <p class="mt-2 text-textMuted">Sicheres Cluster‑Baseline: identitätszentrierte Zugriffe, Netzwerk‑Segmentierung, saubere Supply Chain.</p>
+    </div>
+    <div class="p-6 border rounded-brand card">
+      <h3 class="font-semibold">Vorgehen</h3>
+      <p class="mt-2 text-textMuted">CIS Benchmarks, OPA/Gatekeeper oder Kyverno Policies, Pod Security Standards, signierte Artefakte & GitOps (Argo CD).</p>
+    </div>
+    <div class="p-6 border rounded-brand card">
+      <h3 class="font-semibold">Ergebnis</h3>
+      <p class="mt-2 text-textMuted">Reproduzierbare Deployments, Policy‑konforme Releases, Auditfähigkeit und reduzierte Angriffsfläche.</p>
+    </div>
+  </section>
+
+  <section class="mt-10">
+    <h2 class="text-2xl font-bold mb-3">Kennzahlen</h2>
+    <ul class="list-disc pl-6 text-textMuted">
+      <li>100% deklarative Deployments (GitOps, Pull‑basiert)</li>
+      <li>~80% der CIS‑Kontrollen automatisiert überprüfbar</li>
+      <li>Policy‑Breaks verhindern riskante Manifeste vor dem Rollout</li>
+      <li>Signierte Container‑Images & SBOM für Kernservices</li>
+    </ul>
+  </section>
+
+  <section class="mt-10 grid md:grid-cols-2 gap-6">
+    <div class="p-6 border rounded-brand card">
+      <h3 class="font-semibold">GitOps Setup</h3>
+      <p class="mt-2 text-textMuted">Mehrstufige Environments (dev/stage/prod) mit Branch/Tag‑Strategie, Kustomize‑Overlays und PR‑basierten Changes.</p>
+    </div>
+    <div class="p-6 border rounded-brand card">
+      <h3 class="font-semibold">Cluster Hardening</h3>
+      <p class="mt-2 text-textMuted">RBAC Least‑Privilege, NetworkPolicies default‑deny, Pod Security, Image‑Scanning, Secrets‑Management.</p>
+    </div>
+  </section>
+
+  <div class="mt-12 rounded-brand p-6 bg-gradient-to-r from-accent to-primary text-white flex items-center justify-between">
+    <div class="text-lg font-semibold tracking-wide">Ähnliches Projekt geplant?</div>
+    <a href="/de/kontakt" class="px-5 py-3 rounded-brand bg-white text-primary font-medium">Jetzt anfragen</a>
+  </div>
+</Base>
diff --git a/src/pages/datenschutz.astro b/src/pages/de/datenschutz.astro
similarity index 94%
rename from src/pages/datenschutz.astro
rename to src/pages/de/datenschutz.astro
index 272c8f6..d2f4697 100644
--- a/src/pages/datenschutz.astro
+++ b/src/pages/de/datenschutz.astro
@@ -1,15 +1,15 @@
 ---
-import Base from "../layouts/Base.astro";
+import Base from "../../layouts/Base.astro";
 const updated = new Date().toLocaleDateString('de-DE', { year: 'numeric', month: 'long', day: '2-digit' });
 ---
-<Base path="/datenschutz" title="Datenschutz – Valtrix">
+<Base path="/de/datenschutz" title="Datenschutz – Valtrix">
   <h1 class="text-2xl font-bold mt-8">Datenschutzhinweise</h1>
 
   <p class="mt-4 text-textMuted">Diese Hinweise informieren darüber, wie wir personenbezogene Daten beim Besuch dieser Website verarbeiten. Die Website ist als statische Seite umgesetzt; es werden keine Tracking‑ oder Marketing‑Cookies eingesetzt und keine externen Ressourcen (z. B. Google Fonts, Analytics, Formdienste) geladen.</p>
 
   <section class="mt-8 grid gap-2">
     <h2 class="text-xl font-semibold">1. Verantwortlicher</h2>
-    <p>Verantwortlicher im Sinne der DSGVO ist: <strong>Valtrix</strong>. Anschrift siehe <a class="underline text-primary" href="/impressum">Impressum</a>. E‑Mail: <a class="underline text-primary" href="mailto:kontakt@valtrix.systems">kontakt@valtrix.systems</a></p>
+    <p>Verantwortlicher im Sinne der DSGVO ist: <strong>Valtrix</strong>. Anschrift siehe <a class="underline text-primary" href="/de/impressum">Impressum</a>. E‑Mail: <a class="underline text-primary" href="mailto:kontakt@valtrix.systems">kontakt@valtrix.systems</a></p>
   </section>
 
   <section class="mt-6 grid gap-2">
diff --git a/src/pages/impressum.astro b/src/pages/de/impressum.astro
similarity index 78%
rename from src/pages/impressum.astro
rename to src/pages/de/impressum.astro
index f129e77..3ac00af 100644
--- a/src/pages/impressum.astro
+++ b/src/pages/de/impressum.astro
@@ -1,7 +1,7 @@
 ---
-import Base from "../layouts/Base.astro";
+import Base from "../../layouts/Base.astro";
 ---
-<Base path="/impressum" title="Impressum – Valtrix">
+<Base path="/de/impressum" title="Impressum – Valtrix">
   <h1 class="text-2xl font-bold mt-8">Impressum</h1>
   <p><strong>VALTRIX</strong> GmbH i.G.</p>
   <p>Am Wassergraben 4, 10179 Berlin</p>
diff --git a/src/pages/de/index.astro b/src/pages/de/index.astro
new file mode 100644
index 0000000..2b2a831
--- /dev/null
+++ b/src/pages/de/index.astro
@@ -0,0 +1,82 @@
+---
+import Base from "../../layouts/Base.astro";
+const benefits = [
+  { title: "Zero-Trust & Härtung", text: "Security-by-Design, CIS/BSI-Richtlinien, automatisierte Policies." },
+  { title: "Cloud Foundations", text: "Landing Zones, Identity, Observability – sauber & skalierbar." },
+  { title: "Automatisierung", text: "IaC/CI/CD, GitOps, wiederholbar & auditfähig." }
+];
+const approach = [
+  { title: 'Assess', text: 'Risiko- und Reifegradanalyse: schneller Quick-Scan, klare Prioritäten.' },
+  { title: 'Design', text: 'Zielarchitektur & Guardrails: sichere, skalierbare Blueprint-Entwürfe.' },
+  { title: 'Build', text: 'IaC, Pipelines & Policies-as-Code: reproduzierbar und überprüfbar.' },
+  { title: 'Run', text: 'Monitoring, Audits & Kostentransparenz: nachhaltig betreibbar.' }
+];
+---
+<Base path="/de">
+  <section class="py-16 grid lg:grid-cols-2 gap-12 items-center">
+    <div class="fade-in">
+      <h1 class="text-4xl md:text-5xl font-bold leading-tight">
+        Security-first Cloud Consulting.
+      </h1>
+      <p class="mt-4 text-lg text-textMuted">
+        Wir verbinden <strong>Struktur</strong> und <strong>Wert</strong>: sichere Cloud-Architekturen, Automatisierung und Compliance – pragmatisch und messbar.
+      </p>
+      <div class="mt-8 flex gap-4">
+        <a href="/de/leistungen" class="px-5 py-3 rounded-brand bg-primary text-white hover:opacity-90">Leistungen</a>
+        <a href="/de/kontakt" class="px-5 py-3 rounded-brand border border-primary text-primary hover:bg-graybg">Kontakt</a>
+      </div>
+      <div class="mt-8 grid grid-cols-3 gap-4 text-sm text-textMuted">
+        <div class="p-3 border rounded-brand card">DSGVO / EU-Hosting</div>
+        <div class="p-3 border rounded-brand card">BSI/ISO-orientiert</div>
+        <div class="p-3 border rounded-brand card">Auditfähig</div>
+      </div>
+    </div>
+  </section>
+
+  <section class="py-10 grid md:grid-cols-3 gap-6">
+    {benefits.map(b => (
+      <div class="p-6 border rounded-brand hover:shadow-sm transition-shadow card">
+        <h3 class="font-semibold text-lg">{b.title}</h3>
+        <p class="mt-2 text-textMuted">{b.text}</p>
+      </div>
+    ))}
+  </section>
+
+  <section class="py-12">
+    <h2 class="text-2xl font-bold mb-6">Leistungen</h2>
+    <div class="grid md:grid-cols-3 gap-6">
+      <div class="p-6 border rounded-brand card">
+        <h3 class="font-semibold text-lg">Cloud & DevOps</h3>
+        <p class="mt-2 text-textMuted">Plan, Build & Run – effizient, sicher, skalierbar.</p>
+        <a href="/de/leistungen" class="mt-3 inline-block text-primary underline">Mehr erfahren</a>
+      </div>
+      <div class="p-6 border rounded-brand card">
+        <h3 class="font-semibold text-lg">Security & Compliance</h3>
+        <p class="mt-2 text-textMuted">Zero-Trust, IAM, Hardening, Audits, BSI/ISO‑orientierte Prozesse.</p>
+      </div>
+      <div class="p-6 border rounded-brand card">
+        <h3 class="font-semibold text-lg">AI & Automation</h3>
+        <p class="mt-2 text-textMuted">RAG/Agenten, Automatisierung von Betriebsprozessen, sichere Integration.</p>
+      </div>
+    </div>
+  </section>
+
+  <section class="py-14">
+    <h2 class="text-2xl font-bold mb-6">Unser Ansatz</h2>
+    <div class="grid md:grid-cols-4 gap-6">
+      {approach.map((a, i) => (
+        <div class="p-6 border rounded-brand card">
+          <div class="text-xl font-semibold">{i+1}. {a.title}</div>
+          <p class="mt-2 text-textMuted">{a.text}</p>
+        </div>
+      ))}
+    </div>
+  </section>
+
+  <section class="py-12">
+    <div class="rounded-brand p-8 bg-gradient-to-r from-accent to-primary text-white flex flex-col md:flex-row items-center justify-between gap-6">
+      <div class="text-xl font-semibold tracking-wide">Sichere Cloud – pragmatisch umgesetzt.</div>
+      <a href="/de/kontakt" class="px-6 py-3 rounded-brand bg-white text-primary font-medium">Projekt anfragen</a>
+    </div>
+  </section>
+</Base>
diff --git a/src/pages/kontakt.astro b/src/pages/de/kontakt.astro
similarity index 84%
rename from src/pages/kontakt.astro
rename to src/pages/de/kontakt.astro
index aa2b1c1..1331cf3 100644
--- a/src/pages/kontakt.astro
+++ b/src/pages/de/kontakt.astro
@@ -1,7 +1,7 @@
 ---
-import Base from "../layouts/Base.astro";
+import Base from "../../layouts/Base.astro";
 ---
-<Base path="/kontakt" title="Kontakt – Valtrix">
+<Base path="/de/kontakt" title="Kontakt – Valtrix">
   <h1 class="text-3xl font-bold mt-8">Kontakt</h1>
   <form id="contactForm" class="mt-6 grid gap-4 max-w-xl">
     <input class="border rounded-brand p-3" name="name" placeholder="Ihr Name" required>
@@ -20,7 +20,7 @@ import Base from "../layouts/Base.astro";
       const message = (data.get('message')||'').toString();
       const subject = `Kontaktanfrage – ${name}`;
       const body = `Name: ${name}\nE-Mail: ${email}\n\n${message}`;
-  const mail = `mailto:kontakt@valtrix.systems?subject=${encodeURIComponent(subject)}&body=${encodeURIComponent(body)}`;
+      const mail = `mailto:kontakt@valtrix.systems?subject=${encodeURIComponent(subject)}&body=${encodeURIComponent(body)}`;
       window.location.href = mail;
     });
   </script>
diff --git a/src/pages/leistungen.astro b/src/pages/de/leistungen.astro
similarity index 89%
rename from src/pages/leistungen.astro
rename to src/pages/de/leistungen.astro
index 50602eb..79133ea 100644
--- a/src/pages/leistungen.astro
+++ b/src/pages/de/leistungen.astro
@@ -1,7 +1,7 @@
 ---
-import Base from "../layouts/Base.astro";
+import Base from "../../layouts/Base.astro";
 ---
-<Base path="/leistungen" title="Leistungen – Valtrix">
+<Base path="/de/leistungen" title="Leistungen – Valtrix">
   <h1 class="text-3xl font-bold font-bold mt-8">Leistungen</h1>
   <div class="grid md:grid-cols-3 gap-6 mt-6">
     <div class="p-6 border rounded-brand card">
diff --git a/src/pages/sicherheit.astro b/src/pages/de/sicherheit.astro
similarity index 71%
rename from src/pages/sicherheit.astro
rename to src/pages/de/sicherheit.astro
index 304914d..7d9163f 100644
--- a/src/pages/sicherheit.astro
+++ b/src/pages/de/sicherheit.astro
@@ -1,7 +1,7 @@
 ---
-import Base from "../layouts/Base.astro";
+import Base from "../../layouts/Base.astro";
 ---
-<Base path="/sicherheit" title="Sicherheit & Compliance – Valtrix">
+<Base path="/de/sicherheit" title="Sicherheit & Compliance – Valtrix">
   <h1 class="text-3xl font-bold mt-8">Sicherheit & Compliance</h1>
   <ul class="list-disc pl-6 mt-4 text-textMuted">
     <li>Datensouverän: EU-Hosting, DSGVO-konform</li>
diff --git a/src/pages/ueber-uns.astro b/src/pages/de/ueber-uns.astro
similarity index 68%
rename from src/pages/ueber-uns.astro
rename to src/pages/de/ueber-uns.astro
index b2d71c7..6a3df1b 100644
--- a/src/pages/ueber-uns.astro
+++ b/src/pages/de/ueber-uns.astro
@@ -1,7 +1,7 @@
 ---
-import Base from "../layouts/Base.astro";
+import Base from "../../layouts/Base.astro";
 ---
-<Base path="/ueber-uns" title="Über uns – Valtrix">
+<Base path="/de/ueber-uns" title="Über uns – Valtrix">
   <h1 class="text-3xl font-bold mt-8">Über uns</h1>
   <p class="mt-4 text-textMuted max-w-2xl">Wir sind ein Team aus Cloud-, Security- und AI-Engineers. Wir bauen robuste Systeme – pragmatisch und messbar.</p>
 </Base>
diff --git a/src/pages/en/index.astro b/src/pages/en/index.astro
index 7b9c939..0b5a056 100644
--- a/src/pages/en/index.astro
+++ b/src/pages/en/index.astro
@@ -56,12 +56,24 @@ const features = [
 
   <section class="py-14">
   <h2 class="text-2xl font-bold mb-6">Our approach</h2>
-    <ol class="grid md:grid-cols-4 gap-6 list-decimal pl-5">
-      <li class="p-5 border rounded-brand card"><strong>Assess:</strong> Risk & maturity → quick scan.</li>
-      <li class="p-5 border rounded-brand card"><strong>Design:</strong> Target architecture & guardrails.</li>
-      <li class="p-5 border rounded-brand card"><strong>Build:</strong> IaC, pipelines, policies-as-code.</li>
-      <li class="p-5 border rounded-brand card"><strong>Run:</strong> Monitoring, audits, cost transparency.</li>
-    </ol>
+    <div class="grid md:grid-cols-4 gap-6">
+      <div class="p-6 border rounded-brand card">
+        <div class="text-xl font-semibold">1. Assess</div>
+        <p class="mt-2 text-textMuted">Risk & maturity analysis: quick-scan, clear priorities.</p>
+      </div>
+      <div class="p-6 border rounded-brand card">
+        <div class="text-xl font-semibold">2. Design</div>
+        <p class="mt-2 text-textMuted">Target architecture & guardrails: secure, scalable blueprints.</p>
+      </div>
+      <div class="p-6 border rounded-brand card">
+        <div class="text-xl font-semibold">3. Build</div>
+        <p class="mt-2 text-textMuted">IaC, pipelines & policies-as-code: reproducible & testable.</p>
+      </div>
+      <div class="p-6 border rounded-brand card">
+        <div class="text-xl font-semibold">4. Run</div>
+        <p class="mt-2 text-textMuted">Monitoring, audits & cost transparency for sustainable operations.</p>
+      </div>
+    </div>
   </section>
 
   <section class="py-12">
diff --git a/src/pages/index.astro b/src/pages/index.astro
deleted file mode 100644
index b1ade09..0000000
--- a/src/pages/index.astro
+++ /dev/null
@@ -1,73 +0,0 @@
----
-import Base from "../layouts/Base.astro";
-const benefits = [
-  { title: "Zero-Trust & Hardening", text: "Security-by-Design, CIS/BSI-Guidelines, automatisierte Policies." },
-  { title: "Cloud Foundations", text: "Landing Zones, Identity, Observability – sauber & skalierbar." },
-  { title: "Automatisierung", text: "IaC/CI/CD, GitOps, wiederholbar & auditfähig." }
-];
-const features = [
-  { title: "Cloud & DevOps", text: "Plan, Build & Run – effizient, sicher, skalierbar." },
-  { title: "Security & Compliance", text: "BSI/ISO-aligned, Zero-Trust, Audits, Policies-as-Code." },
-  { title: "AI & Automation", text: "RAG, Agenten & Process Automation mit messbarem Outcome." }
-];
----
-<Base path="/">
-  <section class="py-16 grid lg:grid-cols-2 gap-12 items-center">
-    <div class="fade-in">
-      <h1 class="text-4xl md:text-5xl font-bold leading-tight">
-        Security-first Cloud Consulting.
-      </h1>
-      <p class="mt-4 text-lg text-textMuted">
-        Wir verbinden <strong>Struktur</strong> und <strong>Wert</strong>: sichere Cloud-Architekturen, Automatisierung und Compliance – pragmatisch und messbar.
-      </p>
-      <div class="mt-8 flex gap-4">
-        <a href="/leistungen" class="px-5 py-3 rounded-brand bg-primary text-white hover:opacity-90">Leistungen</a>
-        <a href="/kontakt" class="px-5 py-3 rounded-brand border border-primary text-primary hover:bg-graybg">Kontakt</a>
-      </div>
-      <div class="mt-8 grid grid-cols-3 gap-4 text-sm text-textMuted">
-        <div class="p-3 border rounded-brand card">DSGVO / EU-Hosting</div>
-        <div class="p-3 border rounded-brand card">BSI/ISO-orientiert</div>
-        <div class="p-3 border rounded-brand card">Auditfähig</div>
-      </div>
-    </div>
-  </section>
-
-  <section class="py-10 grid md:grid-cols-3 gap-6">
-    {benefits.map(b => (
-      <div class="p-6 border rounded-brand hover:shadow-sm transition-shadow card">
-        <h3 class="font-semibold text-lg">{b.title}</h3>
-        <p class="mt-2 text-textMuted">{b.text}</p>
-      </div>
-    ))}
-  </section>
-
-  <section class="py-12">
-  <h2 class="text-2xl font-bold mb-6">Leistungen</h2>
-    <div class="grid md:grid-cols-3 gap-6">
-      {features.map(f => (
-        <div class="p-6 border rounded-brand hover:-translate-y-0.5 transition card">
-          <h3 class="font-semibold text-lg">{f.title}</h3>
-          <p class="mt-2 text-textMuted">{f.text}</p>
-          <a href="/leistungen" class="mt-3 inline-block text-primary underline">Mehr erfahren</a>
-        </div>
-      ))}
-    </div>
-  </section>
-
-  <section class="py-14">
-  <h2 class="text-2xl font-bold mb-6">Unser Ansatz</h2>
-    <ol class="grid md:grid-cols-4 gap-6 list-decimal pl-5">
-      <li class="p-5 border rounded-brand card"><strong>Assess:</strong> Risiko & Reifegrad → Quick-Scan.</li>
-      <li class="p-5 border rounded-brand card"><strong>Design:</strong> Zielarchitektur & Guardrails.</li>
-      <li class="p-5 border rounded-brand card"><strong>Build:</strong> IaC, Pipelines, Policies-as-Code.</li>
-      <li class="p-5 border rounded-brand card"><strong>Run:</strong> Monitoring, Audits, Kostentransparenz.</li>
-    </ol>
-  </section>
-
-  <section class="py-12">
-      <div class="rounded-brand p-8 bg-gradient-to-r from-accent to-primary text-white flex flex-col md:flex-row items-center justify-between gap-6">
-      <div class="text-xl font-semibold tracking-wide">Sichere Cloud – pragmatisch umgesetzt.</div>
-      <a href="/kontakt" class="px-6 py-3 rounded-brand bg-white text-primary font-medium">Projekt anfragen</a>
-    </div>
-  </section>
-</Base>