Split container into hierarchy

nethsm/container/index.rst

@@ -0,0 +1,21 @@
+Container
+=========
+
+Software container images of NetHSM are available for testing and production. They are distributed as OCI images and can be run locally with a compatible executor such as Docker and Podman.
+
+Compared to the NetHSM hardware the following functions are not implemented at software container's REST API:
+
+* Network configuration
+* Factory reset
+* Reboot
+* Software update
+
+Refer to the following chapters to learn more about the respective differences.
+
+.. toctree::
+   :hidden:
+   :maxdepth: 1
+   :glob:
+
+   production-image.rst
+   test-image.rst

nethsm/container.rst → nethsm/container/production-image.rst

@@ -1,68 +1,3 @@
-Container
-=========
-
-Software container images of NetHSM are available for testing and production. They are distributed as OCI images and can be run locally with a compatible executor such as Docker and Podman.
-
-Compared to the NetHSM hardware the following functions are not implemented at software container's REST API:
-
-* Network configuration
-* Factory reset
-* Reboot
-* Software update
-
-Refer to the following chapters to learn more about the respective differences.
-
-Test Image
-----------
-
-The image can be obtained from `Docker Hub <https://hub.docker.com/r/nitrokey/nethsm>`_.
-
-.. warning::
-
-   Do not use the test image under any circumstances for production data and use cases.
-
-Tagging Policy
-^^^^^^^^^^^^^^
-
-The images in the repository are tagged with the Git commit hash from the main branch of the `repository <https://github.com/nitrokey/nethsm>`__.
-The latest image is tagged with ``testing``.
-
-.. _test-image-configuration:
-
-Configuration
-^^^^^^^^^^^^^
-
-The image can be configured with the following environment variables.
-
-+----------------------+--------------------------------------+
-| Environment variable | Description                          |
-+======================+======================================+
-| ``DEBUG_LOG``        | Enables extended logging for NetHSM. |
-+----------------------+--------------------------------------+
-
-Usage
-^^^^^
-
-The container can be executed as follows.
-
-.. tabs::
-   .. tab:: Docker
-      .. code-block:: bash
-
-         $ docker run --rm -ti -p 8443:8443 docker.io/nitrokey/nethsm:testing
-
-   .. tab:: Podman
-      .. code-block:: bash
-
-         $ podman run --rm -ti -p 8443:8443 docker.io/nitrokey/nethsm:testing
-
-This will run NetHSM as a Unix process inside the container and expose the REST API via the HTTPS protocol on port `8443`.
-
-.. important::
-   The container uses a self-signed TLS certificate.
-   Make sure to use the correct connection settings to establish a connection.
-   Please refer to chapter `NetHSM introduction <index.html>`__ to learn more.
-
 Production Image
 ----------------
 
@@ -76,7 +11,7 @@ The image can be obtained from `Nitrokey NetHSM registry <https://registry.git.n
    A compromised platform could easily compromise a NetHSM software container it executes.
    In addition the TRNG is not existent so that the entropy used and provided by the NetHSM depends on the platform's entropy. 
 
-Tagging Policy
+Tagging Policy 
 ^^^^^^^^^^^^^^
 
 The images in the repository are tagged with the Git commit hash and the version of the release.
@@ -94,8 +29,6 @@ This mode is only available on Linux and requires access to the ``/dev/tun`` and
 
 The mode can be set with the environment variable ``MODE`` (see next chapter `Configuration <container.html#production-image-configuration>`__).
 
-.. _production-image-configuration:
-
 Configuration
 ^^^^^^^^^^^^^
 

nethsm/container/test-image.rst

@@ -0,0 +1,48 @@
+Test Image
+----------
+
+The image can be obtained from `Docker Hub <https://hub.docker.com/r/nitrokey/nethsm>`_.
+
+.. warning::
+
+   Do not use the test image under any circumstances for production data and use cases.
+
+Tagging Policy
+^^^^^^^^^^^^^^
+
+The images in the repository are tagged with the Git commit hash from the main branch of the `repository <https://github.com/nitrokey/nethsm>`__.
+The latest image is tagged with ``testing``.
+
+Configuration
+^^^^^^^^^^^^^
+
+The image can be configured with the following environment variables.
+
++----------------------+--------------------------------------+
+| Environment variable | Description                          |
++======================+======================================+
+| ``DEBUG_LOG``        | Enables extended logging for NetHSM. |
++----------------------+--------------------------------------+
+
+Usage
+^^^^^
+
+The container can be executed as follows.
+
+.. tabs::
+   .. tab:: Docker
+      .. code-block:: bash
+
+         $ docker run --rm -ti -p 8443:8443 docker.io/nitrokey/nethsm:testing
+
+   .. tab:: Podman
+      .. code-block:: bash
+
+         $ podman run --rm -ti -p 8443:8443 docker.io/nitrokey/nethsm:testing
+
+This will run NetHSM as a Unix process inside the container and expose the REST API via the HTTPS protocol on port `8443`.
+
+.. important::
+   The container uses a self-signed TLS certificate.
+   Make sure to use the correct connection settings to establish a connection.
+   Please refer to chapter `NetHSM introduction <index.html>`__ to learn more.

nethsm/index.rst

@@ -47,4 +47,4 @@ In case you want to restore a backup of a NetHSM, please refer to the chapter `R
    opendnssec.rst
    ejbca.rst
    knotdns.rst
-   container.rst
+   container/index.rst

nethsm/integration.rst

@@ -30,7 +30,7 @@ It will be reset every eight hours (CET 6:00, 14:00, 22:00). User "admin", passw
 Container Image
 ^^^^^^^^^^^^^^^
 
-NetHSM `container images <nethsm/container.html>`__ are available for testing and production.
+NetHSM `container images <nethsm/container/index.html>`__ are available for testing and production.
 
 Integration Into Custom Application
 -----------------------------------