From accd055b5d797f115fd7c1292e08afec6b14021e Mon Sep 17 00:00:00 2001
From: Markus Merklinger <markus@nitrokey.com>
Date: Mon, 7 Oct 2024 15:33:55 +0200
Subject: [PATCH] Move NetHSM container information to separate page

---
 nethsm/container.rst   | 47 ++++++++++++++++++++++++++++++++++++++++++
 nethsm/index.rst       |  1 +
 nethsm/integration.rst | 44 ++-------------------------------------
 3 files changed, 50 insertions(+), 42 deletions(-)
 create mode 100644 nethsm/container.rst

diff --git a/nethsm/container.rst b/nethsm/container.rst
new file mode 100644
index 0000000000..d564e6ccc6
--- /dev/null
+++ b/nethsm/container.rst
@@ -0,0 +1,47 @@
+Container
+^^^^^^^^^
+
+For the NetHSM two container images are available for testing and production.
+
+The container image is distributed as an OCI image and can be obtained from `Docker Hub <https://hub.docker.com/r/nitrokey/nethsm>`_.
+It can be run locally with a compatible executor, e.g. Docker or Podman.
+
+Compared to the NetHSM hardware the following functions are not implemented at software container's REST API:
+
+* network configuration
+* factory reset
+* reboot
+* software update
+
+The container can be executed as follows.
+
+.. tabs::
+   .. tab:: Docker
+      .. code-block:: bash
+
+         $ sudo docker run --rm -ti -p8443:8443 nitrokey/nethsm:testing
+
+   .. tab:: Podman
+      .. code-block:: bash
+
+         $ podman run --rm -ti -p8443:8443 docker.io/nitrokey/nethsm:testing 
+
+This will run NetHSM as a Unix process inside the container and expose the REST API on the port `8443` via the HTTPS protocol.
+
+Additionaly to running the NetHSM as a Unix process it can be run as a unikernel supported by KVM.
+
+The container can be executed as follows.
+
+.. tabs::
+   .. tab:: Docker
+      .. code-block:: bash
+
+         $ docker run -ti --rm -p 8443:8443 --device /dev/net/tun --device /dev/kvm --cap-add=NET_ADMIN nitrokey/nethsm:testing
+
+This will run NetHSM as a unikernel inside a KVM virtual machine.
+The container will expose the REST API, via the HTTPS protocol, on the interface `tap200` with the IP address `192.168.1.100` and port `8443`.
+
+.. important::
+   The container uses a self-signed TLS certificate.
+   Make sure to use the correct connection settings to establish a connection.
+   Please refer to chapter `NetHSM introduction <index.html>`__ to learn more.
diff --git a/nethsm/index.rst b/nethsm/index.rst
index f240607e27..22aa456022 100644
--- a/nethsm/index.rst
+++ b/nethsm/index.rst
@@ -47,3 +47,4 @@ In case you want to restore a backup of a NetHSM, please refer to the chapter `R
    opendnssec.rst
    ejbca.rst
    knotdns.rst
+   container.rst
diff --git a/nethsm/integration.rst b/nethsm/integration.rst
index 470ae99cca..364002ee75 100644
--- a/nethsm/integration.rst
+++ b/nethsm/integration.rst
@@ -30,48 +30,8 @@ It will be reset every eight hours (CET 6:00, 14:00, 22:00). User "admin", passw
 Container Image
 ^^^^^^^^^^^^^^^
 
-The container image is distributed as an OCI image and can be obtained from `Docker Hub <https://hub.docker.com/r/nitrokey/nethsm>`_.
-It can be run locally with a compatible executor, e.g. Docker or Podman.
-
-Compared to the NetHSM hardware the following functions are not implemented at software container's REST API:
-
-* network configuration
-* factory reset
-* reboot
-* software update
-
-The container can be executed as follows.
-
-.. tabs::
-   .. tab:: Docker
-      .. code-block:: bash
-
-         $ sudo docker run --rm -ti -p8443:8443 nitrokey/nethsm:testing
-
-   .. tab:: Podman
-      .. code-block:: bash
-
-         $ podman run --rm -ti -p8443:8443 docker.io/nitrokey/nethsm:testing 
-
-This will run NetHSM as a Unix process inside the container and expose the REST API on the port `8443` via the HTTPS protocol.
-
-Additionaly to running the NetHSM as a Unix process it can be run as a unikernel supported by KVM.
-
-The container can be executed as follows.
-
-.. tabs::
-   .. tab:: Docker
-      .. code-block:: bash
-
-         $ docker run -ti --rm -p 8443:8443 --device /dev/net/tun --device /dev/kvm --cap-add=NET_ADMIN nitrokey/nethsm:testing
-
-This will run NetHSM as a unikernel inside a KVM virtual machine.
-The container will expose the REST API, via the HTTPS protocol, on the interface `tap200` with the IP address `192.168.1.100` and port `8443`.
-
-.. important::
-   The container uses a self-signed TLS certificate.
-   Make sure to use the correct connection settings to establish a connection.
-   Please refer to chapter `NetHSM introduction <index.html>`__ to learn more.
+For the NetHSM two container images are available for testing and production.
+Please refer to the chapter `Container <nethsm/container.html>`__ to learn more about the options.
 
 Integration Into Custom Application
 -----------------------------------