Merge branch 'sagitta' of https://github.com/rebortg/vyos-documentation

17 files changed, 0 insertions, 1244 deletions

diff --git a/docs/system/advanced-index.rst b/docs/system/advanced-index.rst
deleted file mode 100644
index 8e855789..00000000
--- a/docs/system/advanced-index.rst
+++ /dev/null
@@ -1,19 +0,0 @@
-.. _advanced_system_tweaks:
-
-######
-System
-######
-
-.. toctree::
-   :maxdepth: 2
-
-   boot-options
-   eventhandler
-   flow-accounting
-   lcd
-   ntp
-   option
-   proxy
-   serial-console
-   syslog
-   task-scheduler
diff --git a/docs/system/basic-index.rst b/docs/system/basic-index.rst
deleted file mode 100644
index b7bbf1c5..00000000
--- a/docs/system/basic-index.rst
+++ /dev/null
@@ -1,14 +0,0 @@
-.. _basic_system_tweaks:
-
-###################
-Basic System Tweaks
-###################
-
-.. toctree::
-   :maxdepth: 2
-
-   user-management
-   host-information
-   default-route
-   time-zone
-   system-dns
diff --git a/docs/system/boot-options.rst b/docs/system/boot-options.rst
deleted file mode 100644
index d054748f..00000000
--- a/docs/system/boot-options.rst
+++ /dev/null
@@ -1,57 +0,0 @@
-.. _boot-options:
-
-
-############
-Boot Options
-############
-
-.. warning:: This function may be highly disruptive.
-   It may cause major service interruption, so make sure you really
-   need it and verify your input carefully.
-
-
-
-VyOS has several kernel command line options to modify the normal boot
-process. 
-To add an option, select the desired image in GRUB menu at load
-time, press **e**, edit the first line, and press **Ctrl-x** to boot when
-ready.
-
-.. image:: /_static/images/boot-options.png
-   :width: 80%
-   :align: center
-
-
-Specify custom config file
-==========================
-
-Tells the system to use specified file instead of ``/config/config.boot``.
-If specified file does not exist or is not readable, fall back to
-default config. No additional verification is performed, so make sure
-you specify a valid config file.
-
-.. code-block:: none
-
-   vyos-config=/path/to/file
-
-To load the *factory default* config, use:
-
-.. code-block:: none
-
-   vyos-config=/opt/vyatta/etc/config.boot.default
-
-
-Disable specific boot process steps
-===================================
-
-These options disable some boot steps. Make sure you understand the
-:ref:`boot process <boot-steps>` well before using them!
-
-.. glossary::
-
-    no-vyos-migrate
-      Do not perform config migration.
-
-    no-vyos-firewall
-      Do not initialize default firewall chains, renders any firewall configuration unusable.
-
diff --git a/docs/system/default-route.rst b/docs/system/default-route.rst
deleted file mode 100644
index 27c74188..00000000
--- a/docs/system/default-route.rst
+++ /dev/null
@@ -1,40 +0,0 @@
-.. _default_gateway:
-
-#####################
-Default Gateway/Route
-#####################
-
-In the past (VyOS 1.1) used a gateway-address configured under the system tree
-(:cfgcmd:`set system gateway-address <address>`), this is no longer supported
-and existing configurations are migrated to the new CLI command.
-
-Configuration
-=============
-
-.. cfgcmd:: set protocols static route 0.0.0.0/0 next-hop <address>
-
-   Specify static route into the routing table sending all non local traffic
-   to the nexthop address `<address>`.
-
-
-.. cfgcmd:: delete protocols static route 0.0.0.0/0
-
-   Delete default route from the system.
-
-Operation
-=========
-
-.. opcmd:: show ip route 0.0.0.0
-
-   Show routing table entry for the default route.
-
-   .. code-block:: none
-
-      vyos@vyos:~$ show ip route 0.0.0.0
-      Routing entry for 0.0.0.0/0
-        Known via "static", distance 10, metric 0, best
-        Last update 09:46:30 ago
-        * 172.18.201.254, via eth0.201
-
-.. seealso:: Configuration of :ref:`static-routing`
-
diff --git a/docs/system/eventhandler.rst b/docs/system/eventhandler.rst
deleted file mode 100644
index a68b3924..00000000
--- a/docs/system/eventhandler.rst
+++ /dev/null
@@ -1,48 +0,0 @@
-.. _event-handler:
-
-Event Handler
--------------
-
-Event handler allows you to execute scripts when a string that matches a regex appears in a text stream (e.g. log file).
-
-It uses "feeds" (output of commands, or a named pipes) and "policies" that define what to execute if a regex is matched.
-
-.. code-block:: none
-
-  system
-  event-handler
-      feed <name>
-      description <feed description>
-      policy <policy name>
-      source
-          preset
-          syslog # Use the syslog logs for feed
-          custom
-          command <command to execute> # E.g. "tail -f /var/log/somelogfile"
-          named-pipe <path to a names pipe>
-      policy <policy name>
-      description <policy description>
-      event <event name>
-          description <event description>
-          pattern <regex>
-          run <command to run>
-
-In this small example a script runs every time a login failed and an interface goes down
-
-.. code-block:: none
-
-  vyos@vyos# show system event-handler
-  feed Syslog {
-      policy MyPolicy
-      source {
-          preset syslog
-      }
-  }
-  policy MyPolicy {
-      description "Test policy"
-      event BadThingsHappened {
-          pattern "authentication failure"
-          pattern "interface \.* index \d+ .* DOWN.*"
-          run /config/scripts/email-to-admin
-      }
-  }
\ No newline at end of file
diff --git a/docs/system/flow-accounting.rst b/docs/system/flow-accounting.rst
deleted file mode 100644
index f09c1c9a..00000000
--- a/docs/system/flow-accounting.rst
+++ /dev/null
@@ -1,203 +0,0 @@
-.. _flow-accounting:
-
-###############
-Flow Accounting
-###############
-
-VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts
-as a flow exporter, and you are free to use it with any compatible collector.
-
-Flows can be exported via two different protocols: NetFlow (versions 5, 9 and
-10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table
-internally in a router.
-
-.. warning:: You need to disable the in-memory table in production environments!
-   Using :abbr:`IMT (In-Memory Table)` may lead to heavy CPU overloading and
-   unstable flow-accounting behavior.
-
-
-NetFlow / IPFIX
-===============
-NetFlow is a feature that was introduced on Cisco routers around 1996 that
-provides the ability to collect IP network traffic as it enters or exits an
-interface. By analyzing the data provided by NetFlow, a network administrator
-can determine things such as the source and destination of traffic, class of
-service, and the causes of congestion. A typical flow monitoring setup (using
-NetFlow) consists of three main components:
-
-* **exporter**: aggregates packets into flows and exports flow records towards
-  one or more flow collectors
-* **collector**: responsible for reception, storage and pre-processing of flow
-  data received from a flow exporter
-* **application**: analyzes received flow data in the context of intrusion
-  detection or traffic profiling, for example
-
-For connectionless protocols as like ICMP and UDP, a flow is considered
-complete once no more packets for this flow appear after configurable timeout.
-
-NetFlow is usually enabled on a per-interface basis to limit load on the router
-components involved in NetFlow, or to limit the amount of NetFlow records
-exported.
-
-Configuration
-=============
-
-In order for flow accounting information to be collected and displayed for an
-interface, the interface must be configured for flow accounting.
-
-.. cfgcmd:: set system flow-accounting interface <interface>
-
-   Configure and enable collection of flow information for the interface
-   identified by `<interface>`.
-
-   You can configure multiple interfaces which whould participate in flow
-   accounting.
-
-.. note:: Will be recorded only packets/flows on **incoming** direction in
-   configured interfaces.
-
-
-By default, recorded flows will be saved internally and can be listed with the
-CLI command. You may disable using the local in-memory table with the command:
-
-.. cfgcmd:: set system flow-accounting disable-imt
-
-   Internally, in flow-accounting processes exist a buffer for data exchanging
-   between core process and plugins (each export target is a separated plugin).
-   If you have high traffic levels or noted some problems with missed records
-   or stopping exporting, you may try to increase a default buffer size (10
-   MiB) with the next command:
-
-.. cfgcmd:: set system flow-accounting buffer-size <buffer size>
-
-   In case, if you need to catch some logs from flow-accounting daemon, you may
-   configure logging facility:
-
-.. cfgcmd:: set system flow-accounting syslog-facility <facility>
-
-   TBD
-
-Flow Export
------------
-
-In addition to displaying flow accounting information locally, one can also
-exported them to a collection server.
-
-NetFlow
-^^^^^^^
-
-.. cfgcmd:: set system flow-accounting netflow version <version>
-
-   There are multiple versions available for the NetFlow data. The `<version>`
-   used in the exported flow data can be configured here. The following
-   versions are supported:
-
-   * **5** - Most common version, but restricted to IPv4 flows only
-   * **9** - NetFlow version 9 (default)
-   * **10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`
-
-.. cfgcmd:: set system flow-accounting netflow server <address>
-
-   Configure address of NetFlow collector. NetFlow server at `<address>` can
-   be both listening on an IPv4 or IPv6 address.
-
-.. cfgcmd:: set system flow-accounting netflow source-ip <address>
-
-   IPv4 or IPv6 source address of NetFlow packets
-
-.. cfgcmd:: set system flow-accounting netflow engine-id <id>
-
-   NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255.
-
-.. cfgcmd:: set system flow-accounting netflow sampling-rate <rate>
-
-   Use this command to configure the  sampling rate for flow accounting. The
-   system samples one in every `<rate>` packets, where `<rate>` is the value
-   configured for the sampling-rate option. The advantage of sampling every n
-   packets, where n > 1, allows you to decrease the amount of processing
-   resources required for flow accounting. The disadvantage of not sampling
-   every packet is that the statistics produced are estimates of actual data
-   flows.
-
-   Per default every packet is sampled (that is, the sampling rate is 1).
-
-.. cfgcmd:: set system flow-accounting netflow timeout expiry-interval <interval>
-
-   Specifies the interval at which Netflow data will be sent to a collector. As
-   per default, Netflow data will be sent every 60 seconds.
-
-   You may also additionally configure timeouts for different types of
-   connections.
-
-.. cfgcmd:: set system flow-accounting netflow max-flows <n>
-
-   If you want to change the maximum number of flows, which are tracking
-   simultaneously, you may do this with this command (default 8192).
-
-sFlow
-^^^^^
-
-.. cfgcmd:: set system flow-accounting sflow server <address>
-
-   Configure address of sFlow collector. sFlow server at `<address>` can
-   be an IPv4 or IPv6 address. But you cannot export to both IPv4 and
-   IPv6 collectors at the same time!
-
-.. cfgcmd:: set system flow-accounting sflow sampling-rate <rate>
-
-   Enable sampling of packets, which will be transmitted to sFlow collectors.
-
-.. cfgcmd:: set system flow-accounting sflow agent-address <address>
-
-   Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you
-   must set the same protocol, which is used for sFlow collector addresses. By
-   default, using router-id from BGP or OSPF protocol, or the primary IP
-   address from the first interface.
-
-Example:
---------
-
-NetFlow v5 example:
-
-.. code-block:: none
-
-  set system flow-accounting netflow engine-id 100
-  set system flow-accounting netflow version 5
-  set system flow-accounting netflow server 192.168.2.10 port 2055
-
-Operation
-=========
-
-Once flow accounting is configured on an interfaces it provides the ability to
-display captured network traffic information for all configured interfaces.
-
-.. opcmd:: show flow-accounting interface <interface>
-
-   Show flow accounting information for given `<interface>`.
-
-   .. code-block:: none
-
-     vyos@vyos:~$ show flow-accounting interface eth0
-     IN_IFACE    SRC_MAC            DST_MAC            SRC_IP                     DST_IP             SRC_PORT    DST_PORT  PROTOCOL      TOS    PACKETS    FLOWS    BYTES
-     ----------  -----------------  -----------------  ------------------------  ---------------  ----------  ----------  ----------  -----  ---------  -------  -------
-     eth0        00:53:01:a8:28:ac  ff:ff:ff:ff:ff:ff  192.0.2.2                 255.255.255.255        5678        5678  udp             0          1        1      178
-     eth0        00:53:01:b2:2f:34  33:33:ff:00:00:00  fe80::253:01ff:feb2:2f34  ff02::1:ff00:0            0           0  ipv6-icmp       0          2        1      144
-     eth0        00:53:01:1a:b4:53  33:33:ff:00:00:00  fe80::253:01ff:fe1a:b453  ff02::1:ff00:0            0           0  ipv6-icmp       0          1        1       72
-     eth0        00:53:01:b2:22:48  00:53:02:58:a2:92  192.0.2.100               192.0.2.14            40152          22  tcp            16         39        1     2064
-     eth0        00:53:01:c8:33:af  ff:ff:ff:ff:ff:ff  192.0.2.3                 255.255.255.255        5678        5678  udp             0          1        1      154
-     eth0        00:53:01:b2:22:48  00:53:02:58:a2:92  192.0.2.100               192.0.2.14            40006          22  tcp            16        146        1     9444
-     eth0        00:53:01:b2:22:48  00:53:02:58:a2:92  192.0.2.100               192.0.2.14                0           0  icmp          192         27        1     4455
-
-.. opcmd:: show flow-accounting interface <interface> host <address>
-
-   Show flow accounting information for given `<interface>` for a specific host
-   only.
-
-   .. code-block:: none
-
-     vyos@vyos:~$ show flow-accounting interface eth0 host 192.0.2.14
-     IN_IFACE    SRC_MAC            DST_MAC            SRC_IP       DST_IP        SRC_PORT    DST_PORT  PROTOCOL      TOS    PACKETS    FLOWS    BYTES
-     ----------  -----------------  -----------------  -----------  ----------  ----------  ----------  ----------  -----  ---------  -------  -------
-     eth0        00:53:01:b2:22:48  00:53:02:58:a2:92  192.0.2.100  192.0.2.14       40006          22  tcp            16        197        2    12940
-     eth0        00:53:01:b2:22:48  00:53:02:58:a2:92  192.0.2.100  192.0.2.14       40152          22  tcp            16         94        1     4924
-     eth0        00:53:01:b2:22:48  00:53:02:58:a2:92  192.0.2.100  192.0.2.14           0           0  icmp          192         36        1     5877
diff --git a/docs/system/host-information.rst b/docs/system/host-information.rst
deleted file mode 100644
index 30efe01e..00000000
--- a/docs/system/host-information.rst
+++ /dev/null
@@ -1,63 +0,0 @@
-.. _host-information:
-
-################
-Host Information
-################
-
-This section describes the system's host information and how to configure them,
-it covers the following topics:
-
-* Host name
-* Domain
-* IP address
-* Aliases
-
-Hostname
-========
-
-A hostname is the label (name) assigned to a network device (a host) on a
-network and is used to distinguish one device from another on specific networks
-or over the internet. On the other hand this will be the name which appears on
-the command line prompt.
-
-.. cfgcmd:: set system host-name <hostname>
-
-   Set system hostname. The hostname can be up to 63 characters. A hostname
-   must start and end with a letter or digit, and have as interior characters
-   only letters, digits, or a hyphen.
-
-   The default hostname used is `vyos`.
-
-Domain Name
-===========
-
-A domain name is the label (name) assigned to a computer network and is thus
-unique. VyOS appends the domain name as a suffix to any unqualified name. For
-example, if you set the domain name `example.com`, and you would ping the
-unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`.
-
-.. cfgcmd:: set system domain-name <domain>
-
-   Configure system domain name. A domain name must start and end with a letter
-   or digit, and have as interior characters only letters, digits, or a hyphen.
-
-Static Hostname Mapping
-=======================
-
-How an IP address is assigned to an interface in :ref:`ethernet-interface`.
-This section shows how to statically map an IP address to a hostname for local
-(meaning on this VyOS instance) name resolution.
-
-.. cfgcmd:: set system static-host-mapping host-name <hostname> inet <address>
-
-   Create a static hostname mapping which will always resolve the name
-   `<hostname>` to IP address `<address>`.
-
-
-.. cfgcmd:: set system static-host-mapping host-name <hostname> alias <alias>
-
-   Create named `<alias>` for the configured static mapping for `<hostname>`.
-   Thus the address configured as :cfgcmd:`set system static-host-mapping
-   host-name <hostname> inet <address>` can be reached via multiple names.
-
-   Multiple aliases can pe specified per host-name.
diff --git a/docs/system/lcd.rst b/docs/system/lcd.rst
deleted file mode 100644
index 441becf5..00000000
--- a/docs/system/lcd.rst
+++ /dev/null
@@ -1,45 +0,0 @@
-.. _system-display:
-
-********************
-System Display (LCD)
-********************
-
-The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running
-VyOS on hardware that features an LCD display. This is typically a small display
-built in an 19 inch rack-mountable appliance. Those displays are used to show
-runtime data.
-
-To configure your LCD display you must first identify the used hardware, and
-connectivity of the display to your system. This can be any serial port
-(`ttySxx`) or serial via USB or even old parallel port interfaces.
-
-Configuration
-=============
-
-.. cfgcmd:: set system lcd device <device>
-
-   This is the name of the physical interface used to connect to your LCD
-   display. Tab completion is supported and it will list you all available
-   serial interface.
-
-   For serial via USB port information please refor to: :ref:`hardware_usb`.
-
-.. cfgcmd:: set system lcd model <model>
-
-   This is the LCD model used in your system.
-
-   At the time of this writing the following displays are supported:
-
-   * Crystalfontz CFA-533
-
-   * Crystalfontz CFA-631
-
-   * Crystalfontz CFA-633
-
-   * Crystalfontz CFA-635
-
-   .. note:: We can't support all displays from the beginning. If your display
-      type is missing, please create a feature request via Phabricator_.
-
-.. include:: ../common-references.rst
-
diff --git a/docs/system/ntp.rst b/docs/system/ntp.rst
deleted file mode 100644
index 223447f5..00000000
--- a/docs/system/ntp.rst
+++ /dev/null
@@ -1,77 +0,0 @@
-.. _ntp:
-
-###
-NTP
-###
-
-:abbr:`NTP (Network Time Protocol`) is a networking protocol for clock
-synchronization between computer systems over packet-switched, variable-latency
-data networks. In operation since before 1985, NTP is one of the oldest Internet
-protocols in current use.
-
-NTP is intended to synchronize all participating computers to within a few
-milliseconds of :abbr:`UTC (Coordinated Universal Time)`. It uses the
-intersection algorithm, a modified version of Marzullo's algorithm, to select
-accurate time servers and is designed to mitigate the effects of variable
-network latency. NTP can usually maintain time to within tens of milliseconds
-over the public Internet, and can achieve better than one millisecond accuracy
-in local area networks under ideal conditions. Asymmetric routes and network
-congestion can cause errors of 100 ms or more.
-
-The protocol is usually described in terms of a client-server model, but can as
-easily be used in peer-to-peer relationships where both peers consider the other
-to be a potential time source. Implementations send and receive timestamps using
-:abbr:`UDP (User Datagram Protocol)` on port number 123.
-
-NTP supplies a warning of any impending leap second adjustment, but no
-information about local time zones or daylight saving time is transmitted.
-
-The current protocol is version 4 (NTPv4), which is a proposed standard as
-documented in :rfc:`5905`. It is backward compatible with version 3, specified
-in :rfc:`1305`.
-
-Configuration
-=============
-
-.. cfgcmd:: set system ntp server <address>
-
-   Configure one or more servers for synchronisation. Server name can be either
-   an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`.
-
-   There are 3 default NTP server set. You are able to change them.
-
-   * ``0.pool.ntp.org``
-   * ``1.pool.ntp.org``
-   * ``2.pool.ntp.org``
-
-.. cfgcmd:: set system ntp server <address> <noselect | pool | preempt | prefer>
-
-   Configure one or more attributes to the given NTP server.
-
-   * ``noselect`` marks the server as unused, except for display purposes. The
-     server is discarded by the selection algorithm.
-
-   * ``pool`` mobilizes persistent client mode association with a number of
-     remote servers.
-
-   * ``preempt`` a preemptable association is expendable.
-
-   * ``prefer`` marks the server as preferred. All other things being equal,
-     this host will be chosen for synchronization among a set of correctly
-     operating hosts.
-
-.. cfgcmd:: set system ntp listen-address <address>
-
-   NTP process will only listen on the specified IP address. You must specify
-   the `<address>` and optionally the permitted clients. Multiple listen
-   addresses can be configured.
-
-.. cfgcmd:: set system ntp allow-clients address <address>
-
-   List of networks or client addresses permitted to contact this NTP server.
-
-   Multiple networks can be configured.
-
-.. cfgcmd:: set system ntp vrf <name>
-
-  Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance.
diff --git a/docs/system/option.rst b/docs/system/option.rst
deleted file mode 100644
index e7661492..00000000
--- a/docs/system/option.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-.. _system_option:
-
-#######
-Options
-#######
-
-This chapter describe the possibilities of advanced system behavior.
-
-*******
-General
-*******
-
-.. cfgcmd:: set system option ctrl-alt-delete <ignore | reboot | poweroff>
-
-   Action which will be run once the ctrl-alt-del keystroke is received.
-
-.. cfgcmd:: set system option reboot-on-panic
-
-   Automatically reboot system on kernel panic after 60 seconds.
-
-.. cfgcmd:: set system option startup-beep
-
-    Play an audible beep to the system speaker when system is ready.
-
-***********
-HTTP client
-***********
-
-.. cfgcmd:: set system option http-client source-address <address>
-
-   Several commands utilize curl to initiate transfers. Configure the local
-   source IPv4/IPv6 address used for all CURL operations.
-
-.. cfgcmd:: set system option http-client source-interface <interface>
-
-   Several commands utilize curl to initiate transfers. Configure the local
-   source interface used for all CURL operations.
-
-.. note:: `source-address` and `source-interface` can not be used at the same time.
-
-***************
-Keyboard Layout
-***************
-
-When starting a VyOS live system (the installation CD) the configured keyboard
-layout defaults to US. As this might not suite everyones use case you can adjust
-the used keyboard layout on the system console.
-
-.. cfgcmd:: set system option keyboard-layout <us | fr | de | fi | no | dk>
-
-  Change system keyboard layout to given language.
-
-  Defaults to ``us``.
-
-  .. note:: Changing the keymap only has an effect on the system console, using
-    SSH oder Serial remote access to the device is not affected as the keyboard
-    layout here corresponds to your access system.
-
-.. _system_options_performance:
-
-***********
-Performance
-***********
-
-As more and more routers run on Hypervisors, expecially with a :abbr:`NOS
-(Network Operating System)` as VyOS, it makes fewer and fewer sense to use
-static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and
-earlier to pin certain interrupt handlers to specific CPUs.
-
-We now utilize `tuned` for dynamic resource balancing based on profiles.
-
-  .. seealso:: https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf
-
-.. cfgcmd:: set system option performance < throughput | latency >
-
-  Configure one of the predefined system performance profiles.
-
-  * ``throughput``: A server profile focused on improving network throughput.
-    This profile favors performance over power savings by setting ``intel_pstate``
-    and ``max_perf_pct=100`` and increasing kernel network buffer sizes.
-
-    It enables transparent huge pages, and uses cpupower to set the performance
-    cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us,
-    ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to
-    40%.
-
-  * ``latency``: A server profile focused on lowering network latency.
-    This profile favors performance over power savings by setting ``intel_pstate``
-    and ``min_perf_pct=100``.
-
-    It disables transparent huge pages, and automatic NUMA balancing. It also
-    uses cpupower to set the performance cpufreq governor, and requests a
-    cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to
-    50 us, and tcp_fastopen to 3.
diff --git a/docs/system/proxy.rst b/docs/system/proxy.rst
deleted file mode 100644
index 8e0339a7..00000000
--- a/docs/system/proxy.rst
+++ /dev/null
@@ -1,28 +0,0 @@
-.. _system_proxy:
-
-############
-System Proxy
-############
-
-Some IT environments require the use of a proxy to connect to the Internet.
-Without this configuration VyOS updates could not be installed directly by
-using the :opcmd:`add system image` command (:ref:`update_vyos`).
-
-.. cfgcmd:: set system proxy url <url>
-
-   Set proxy for all connections initiated by VyOS, including HTTP, HTTPS, and
-   FTP (anonymous ftp).
-
-.. cfgcmd:: set system proxy port <port>
-
-   Configure proxy port if it does not listen to the default port 80.
-
-.. cfgcmd:: set system proxy username <username>
-
-   Some proxys require/support the "basic" HTTP authentication scheme as per
-   :rfc:`7617`, thus a username can be configured.
-
-.. cfgcmd:: set system proxy password <password>
-
-   Some proxys require/support the "basic" HTTP authentication scheme as per
-   :rfc:`7617`, thus a password can be configured.
diff --git a/docs/system/serial-console.rst b/docs/system/serial-console.rst
deleted file mode 100644
index 4a750ada..00000000
--- a/docs/system/serial-console.rst
+++ /dev/null
@@ -1,43 +0,0 @@
-.. _serial-console:
-
-##############
-Serial Console
-##############
-
-For the average user a serial console has no advantage over a console offered
-by a directly attached keyboard and screen. Serial consoles are much slower,
-taking up to a second to fill a 80 column by 24 line screen. Serial consoles
-generally only support non-proportional ASCII text, with limited support for
-languages other than English.
-
-There are some scenarios where serial consoles are useful. System administration
-of remote computers is usually done using :ref:`ssh`, but there are times when
-access to the console is the only way to diagnose and correct software failures.
-Major upgrades to the installed distribution may also require console access.
-
-
-.. cfgcmd:: set system console device <device>
-
-   Defines the specified device as a system console. Available console devices
-   can be (see completion helper):
-
-   * ``ttySN`` - Serial device name
-   * ``ttyUSBX`` - USB Serial device name
-   * ``hvc0`` - Xen console
-
-.. cfgcmd:: set system console device <device> speed <speed>
-
-   The speed (baudrate) of the console device. Supported values are:
-
-   * ``1200`` - 1200 bps
-   * ``2400`` - 2400 bps
-   * ``4800`` - 4800 bps
-   * ``9600`` - 9600 bps
-   * ``19200`` - 19,200 bps
-   * ``38400`` - 38,400 bps (default for Xen console)
-   * ``57600`` - 57,600 bps
-   * ``115200`` - 115,200 bps (default for serial console)
-
-   .. note:: If you use a USB to serial converter please note that most of them
-      use software emulation without flow control, thus you should start with a
-      common baud rate of 9600 as otherwise you could get
diff --git a/docs/system/syslog.rst b/docs/system/syslog.rst
deleted file mode 100644
index 3449c15b..00000000
--- a/docs/system/syslog.rst
+++ /dev/null
@@ -1,226 +0,0 @@
-.. _syslog:
-
-######
-Syslog
-######
-
-Per default VyOSs has minimal syslog logging enabled which is stored and
-rotated locally. Errors will be always logged to a local file, which includes
-`local7` error messages, emergency messages will be sent to the console, too.
-
-To configure syslog, you need to switch into configuration mode.
-
-Logging
-=======
-
-Syslog supports logging to multiple targets, those targets could be a plain
-file on your VyOS installation itself, a serial console or a remote syslog
-server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP.
-
-Console
--------
-
-.. cfgcmd:: set system syslog console facility <keyword> level <keyword>
-
-Log syslog messages to ``/dev/console``, for an explanation on
-:ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords
-see tables below.
-
-
-Custom File
------------
-
-.. cfgcmd:: set system syslog file <filename> facility <keyword> level <keyword>
-
-Log syslog messages to file specified via `<filename>`, for en explanation on
-:ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see
-tables below.
-
-.. cfgcmd:: set system syslog file <filename> archive size <size>
-
-Syslog will write `<size>` kilobytes into the file specified by `<filename>`.
-After this limit has been reached, the custom file is "rotated" by logrotate
-and a new custom file is created.
-
-.. cfgcmd:: set system syslog file <filename> archive file <number>
-
-Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep
-as many as `<number>` rotated file before they are deleted on the system.
-
-
-Remote Host
------------
-
-Logging to a remote host leaves the local logging configuration intact, it
-can be configured in parallel to a custom file or console logging. You can log
-to multiple hosts at the same time, using either TCP or UDP. The default is
-sending the messages via port 514/UDP.
-
-
-.. cfgcmd:: set system syslog host <address> facility <keyword> level <keyword>
-
-Log syslog messages to remote host specified by `<address>`. The address can be
-specified by either FQDN or IP address. For en explanation on
-:ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see
-tables below.
-
-
-.. cfgcmd:: set system syslog host <address> facility <keyword> protocol <udp|tcp>
-
-Configure protocol used for communication to remote syslog host. This can be
-either UDP or TCP.
-
-
-Local User Account
-------------------
-
-.. cfgcmd:: set system syslog user <username> facility <keyword> level <keyword>
-
-If logging to a local user account is configured, all defined log messages are
-display on the console if the local user is logged in, if the user is not
-logged in, no messages are being displayed. For en explanation on
-:ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see
-tables below.
-
-.. _syslog_facilities:
-
-Facilities
-==========
-
-List of facilities used by syslog. Most facilities names are self explanatory.
-Facilities local0 - local7 common usage is f.e. as network logs facilities for
-nodes and network equipment. Generally it depends on the situation how to
-classify logs and put them to facilities. See facilities more as a tool rather
-than a directive to follow.
-
-Facilities can be adjusted to meet the needs of the user:
-
-+----------+----------+----------------------------------------------------+
-| Facility | Keyword  | Description                                        |
-| Code     |          |                                                    |
-+==========+==========+====================================================+
-|          | all      | All facilities                                     |
-+----------+----------+----------------------------------------------------+
-| 0        | kern     | Kernel messages                                    |
-+----------+----------+----------------------------------------------------+
-| 1        | user     | User-level messages                                |
-+----------+----------+----------------------------------------------------+
-| 2        | mail     | Mail system                                        |
-+----------+----------+----------------------------------------------------+
-| 3        | daemon   | System daemons                                     |
-+----------+----------+----------------------------------------------------+
-| 4        | auth     | Security/authentication messages                   |
-+----------+----------+----------------------------------------------------+
-| 5        | syslog   | Messages generated internally by syslogd           |
-+----------+----------+----------------------------------------------------+
-| 6        | lpr      | Line printer subsystem                             |
-+----------+----------+----------------------------------------------------+
-| 7        | news     | Network news subsystem                             |
-+----------+----------+----------------------------------------------------+
-| 8        | uucp     | UUCP subsystem                                     |
-+----------+----------+----------------------------------------------------+
-| 9        | cron     | Clock daemon                                       |
-+----------+----------+----------------------------------------------------+
-| 10       | security | Security/authentication messages                   |
-+----------+----------+----------------------------------------------------+
-| 11       | ftp      | FTP daemon                                         |
-+----------+----------+----------------------------------------------------+
-| 12       | ntp      | NTP subsystem                                      |
-+----------+----------+----------------------------------------------------+
-| 13       | logaudit | Log audit                                          |
-+----------+----------+----------------------------------------------------+
-| 14       | logalert | Log alert                                          |
-+----------+----------+----------------------------------------------------+
-| 15       | clock    | clock daemon (note 2)                              |
-+----------+----------+----------------------------------------------------+
-| 16       | local0   | local use 0 (local0)                               |
-+----------+----------+----------------------------------------------------+
-| 17       | local1   | local use 1 (local1)                               |
-+----------+----------+----------------------------------------------------+
-| 18       | local2   | local use 2 (local2)                               |
-+----------+----------+----------------------------------------------------+
-| 19       | local3   | local use 3 (local3)                               |
-+----------+----------+----------------------------------------------------+
-| 20       | local4   | local use 4 (local4)                               |
-+----------+----------+----------------------------------------------------+
-| 21       | local5   | local use 5 (local5)                               |
-+----------+----------+----------------------------------------------------+
-| 22       | local6   |  use 6 (local6)                                    |
-+----------+----------+----------------------------------------------------+
-| 23       | local7   | local use 7 (local7)                               |
-+----------+----------+----------------------------------------------------+
-
-.. _syslog_severity_level:
-
-Severity Level
-==============
-
-+-------+---------------+---------+-------------------------------------------+
-| Value | Severity      | Keyword | Description                               |
-+=======+===============+=========+===========================================+
-|       |               | all     | Log everything                            |
-+-------+---------------+---------+-------------------------------------------+
-| 0     | Emergency     | emerg   | System is unusable - a panic condition    |
-+-------+---------------+---------+-------------------------------------------+
-| 1     | Alert         | alert   | Action must be taken immediately - A      |
-|       |               |         | condition that should be corrected        |
-|       |               |         | immediately, such as a corrupted system   |
-|       |               |         | database.                                 |
-+-------+---------------+---------+-------------------------------------------+
-| 2     | Critical      | crit    | Critical conditions - e.g. hard drive     |
-|       |               |         | errors.                                   |
-+-------+---------------+---------+-------------------------------------------+
-| 3     | Error         | err     | Error conditions                          |
-+-------+---------------+---------+-------------------------------------------+
-| 4     | Warning       | warning | Warning conditions                        |
-+-------+---------------+---------+-------------------------------------------+
-| 5     | Notice        | notice  | Normal but significant conditions -       |
-|       |               |         | conditions that are not error conditions, |
-|       |               |         | but that may require special handling.    |
-+-------+---------------+---------+-------------------------------------------+
-| 6     | Informational | info    | Informational messages                    |
-+-------+---------------+---------+-------------------------------------------+
-| 7     | Debug         | debug   | Debug-level messages - Messages that      |
-|       |               |         | contain information normally of use only  |
-|       |               |         | when debugging a program.                 |
-+-------+---------------+---------+-------------------------------------------+
-
-
-Display Logs
-============
-
-.. opcmd:: show log [all | authorization | cluster | conntrack-sync | ...]
-
-Display log files of given category on the console. Use tab completion to get
-a list of available categories. Thos categories could be: all, authorization,
-cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image
-lldp, nat, openvpn, snmp, tail, vpn, vrrp
-
-If no option is specified, this defaults to `all`.
-
-.. opcmd:: show log image <name> [all | authorization | directory | file <file name> | tail <lines>]
-
-Log messages from a specified image can be displayed on the console. Details of
-allowed parameters:
-
-.. list-table::
-   :widths: 25 75
-   :header-rows: 0
-
-   * - all
-     - Display contents of all master log files of the specified image
-   * - authorization
-     - Display all authorization attempts of the specified image
-   * - directory
-     - Display list of all user-defined log files of the specified image
-   * - file <file name>
-     - Display contents of a specified user-defined log file of the specified image
-   * - tail
-     - Display last lines of the system log of the specified image
-   * - <lines>
-     - Number of lines to be displayed, default 10
-
-When no options/parameters are used, the contents of the main syslog file are
-displayed.
-
-.. hint:: Use ``show log | strip-private`` if you want to hide private data when sharing your logs.
diff --git a/docs/system/system-dns.rst b/docs/system/system-dns.rst
deleted file mode 100644
index 59cfdb5d..00000000
--- a/docs/system/system-dns.rst
+++ /dev/null
@@ -1,69 +0,0 @@
-.. _system-dns:
-
-##########
-System DNS
-##########
-
-
-This section describes configuring DNS on the system, namely:
-
- * DNS name servers
- * Domain search order
-
-
-DNS name servers
-================
-
-.. cfgcmd:: set system name-server <address>
-
-   Use this command to specify a DNS server for the system to be used
-   for DNS lookups. More than one DNS server can be added, configuring
-   one at a time. Both IPv4 and IPv6 addresses are supported.
-
-
-
-Example
--------
-
-In this example, some *OpenNIC* servers are used, two IPv4 addresses
-and two IPv6 addresses:
-
-
-.. code-block:: none
-
-   set system name-server 176.9.37.132
-   set system name-server 195.10.195.195
-   set system name-server 2a01:4f8:161:3441::1
-   set system name-server 2a00:f826:8:2::195
-
-
-Domain search order
-===================
-
-In order for the system to use and complete unqualified host names, a
-list can be defined which will be used for domain searches.
-
-
-.. cfgcmd:: set system domain-search domain <domain>
-
-   Use this command to define domains, one at a time, so that the system
-   uses them to complete unqualified host names. Maximum: 6 entries.
-
-
-.. note:: Domain names can include letters, numbers, hyphens and periods
-   with a maximum length of 253 characters.
-
-
-Example
--------
-
-The system is configured to attempt domain completion in the following
-order: vyos.io (first), vyos.net (second) and vyos.network (last):
-
-
-.. code-block:: none
-
-   set system domain-search domain vyos.io
-   set system domain-search domain vyos.net
-   set system domain-search domain vyos.network
-
diff --git a/docs/system/task-scheduler.rst b/docs/system/task-scheduler.rst
deleted file mode 100644
index 382da39f..00000000
--- a/docs/system/task-scheduler.rst
+++ /dev/null
@@ -1,40 +0,0 @@
-.. _task-scheduler:
-
-##############
-Task Scheduler
-##############
-
-The task scheduler allows you to execute tasks on a given schedule. It makes
-use of UNIX cron_.
-
-.. note:: All scripts excecuted this way are executed as root user - this may
-   be dangerous. Together with :ref:`command-scripting` this can be used for
-   automating (re-)configuration.
-
-.. cfgcmd:: set system task-scheduler task <task> interval <interval>
-
-   Specify the time interval when `<task>` should be executed. The interval
-   is specified as number with one of the following suffixes:
-
-   * ``none`` - Execution interval in minutes
-   * ``m`` - Execution interval in minutes
-   * ``h`` - Execution interval in hours
-   * ``d`` - Execution interval in days
-
-   .. note:: If suffix is omitted, minutes are implied.
-
-.. cfgcmd:: set system task-scheduler task <task> crontab-spec <spec>
-
-   Set execution time in common cron_ time format. A cron `<spec>` of
-   ``30 */6 * * *`` would execute the `<task>` at minute 30 past every 6th hour.
-
-.. cfgcmd:: set system task-scheduler task <task> executable path <path>
-
-   Specify absolute `<path>` to script which will be run when `<task>` is
-   executed.
-
-.. cfgcmd:: set system task-scheduler task <task> executable arguments <args>
-
-   Arguments which will be passed to the executable.
-
-.. _cron: https://en.wikipedia.org/wiki/Cron
diff --git a/docs/system/time-zone.rst b/docs/system/time-zone.rst
deleted file mode 100644
index 025c4376..00000000
--- a/docs/system/time-zone.rst
+++ /dev/null
@@ -1,18 +0,0 @@
-.. _timezone:
-
-#########
-Time Zone
-#########
-
-Time Zone setting is very important as e.g all your logfile entries will be
-based on the configured zone. Without proper time zone configuration it will
-be very difficult to compare logfiles from different systems.
-
-.. cfgcmd:: set system time-zone <timezone>
-
-   Specify the systems `<timezone>` as the Region/Location that best defines
-   your location. For example, specifying US/Pacific sets the time zone to US
-   Pacific time.
-
-   Command completion can be used to list available time zones. The adjustment
-   for daylight time will take place automatically based on the time of year.
\ No newline at end of file
diff --git a/docs/system/user-management.rst b/docs/system/user-management.rst
deleted file mode 100644
index 6d89735f..00000000
--- a/docs/system/user-management.rst
+++ /dev/null
@@ -1,160 +0,0 @@
-.. _user_management:
-
-###############
-User Management
-###############
-
-The default VyOS user account (`vyos`), as well as newly created user accounts,
-have all capabilities to configure the system. All accounts have sudo
-capabilities and therefore can operate as root on the system.
-
-Both local administered and remote administered :abbr:`RADIUS (Remote
-Authentication Dial-In User Service)` accounts are supported.
-
-Local
-=====
-
-.. cfgcmd:: set system login user <name> full-name "<string>"
-
-   Create new system user with username `<name>` and real-name specified by
-   `<string>`.
-
-.. cfgcmd:: set system login user <name> authentication plaintext-password <password>
-
-   Specify the plaintext password user by user `<name>` on this system. The
-   plaintext password will be automatically transferred into a secure hashed
-   password and not saved anywhere in plaintext.
-
-.. cfgcmd:: set system login user <name> authentication encrypted-password <password>
-
-   Setup encrypted password for given username. This is useful for
-   transferring a hashed password from system to system.
-
-.. _ssh_key_based_authentication:
-
-Key Based Authentication
-------------------------
-
-It is highly recommended to use SSH key authentication. By default there is
-only one user (``vyos``), and you can assign any number of keys to that user.
-You can generate a ssh key with the ``ssh-keygen`` command on your local
-machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``.
-
-Every SSH key comes in three parts:
-
-``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com``
-
-Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note that the
-key will usually be several hundred characters long, and you will need to copy
-and paste it. Some terminal emulators may accidentally split this over several
-lines. Be attentive when you paste it that it only pastes as a single line.
-The third part is simply an identifier, and is for your own reference.
-
-.. cfgcmd:: set system login user <username> authentication public-keys <identifier> key <key>
-
-   Assign the SSH public key portion `<key>` identified by per-key
-   `<identifier>` to the local user `<username>`.
-
-.. cfgcmd:: set system login user <username> authentication public-keys <identifier> type <type>
-
-   Every SSH public key portion referenced by `<identifier>` requires the
-   configuration of the `<type>` of public-key used. This type can be any of:
-
-   * ``ecdsa-sha2-nistp256``
-   * ``ecdsa-sha2-nistp384``
-   * ``ecdsa-sha2-nistp521``
-   * ``ssh-dss``
-   * ``ssh-ed25519``
-   * ``ssh-rsa``
-
-   .. note:: You can assign multiple keys to the same user by using a unique
-      identifier per SSH key.
-
-.. cfgcmd:: loadkey <username> <location>
-
-   SSH keys can not only be specified on the command-line but also loaded for
-   a given user with `<username>` from a file pointed to by `<location>.` Keys
-   can be either loaded from local filesystem or any given remote location
-   using one of the following :abbr:`URIs (Uniform Resource Identifier)`:
-
-   * ``<file>`` - Load from file on local filesystem path
-   * ``scp://<user>@<host>:/<file>`` - Load via SCP from remote machine
-   * ``sftp://<user>@<host>/<file>`` - Load via SFTP from remote machine
-   * ``ftp://<user>@<host>/<file>`` - Load via FTP from remote machine
-   * ``http://<host>/<file>`` - Load via HTTP from remote machine
-   * ``tftp://<host>/<file>`` - Load via TFTP from remote machine
-
-Example
--------
-
-In the following example, both `User1` and `User2` will be able to SSH into
-VyOS as user ``vyos`` using their very own keys.
-
-.. code-block:: none
-
-  set system login user vyos authentication public-keys 'User1' key "AAAAB3Nz...KwEW"
-  set system login user vyos authentication public-keys 'User1' type ssh-rsa
-  set system login user vyos authentication public-keys 'User2' key "AAAAQ39x...fbV3"
-  set system login user vyos authentication public-keys 'User2' type ssh-rsa
-
-
-RADIUS
-======
-
-In large deployments it is not reasonable to configure each user individually
-on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication
-Dial-In User Service)` servers as backend for user authentication.
-
-Configuration
--------------
-
-.. cfgcmd:: set system login radius server <address> secret <secret>
-
-   Specify the `<address>` of the RADIUS server user with the pre-shared-secret
-   given in `<secret>`. Multiple servers can be specified.
-
-.. cfgcmd:: set system login radius server <address> port <port>
-
-   Configure the discrete port under which the RADIUS server can be reached.
-   This defaults to 1812.
-
-.. cfgcmd:: set system login radius server <address> timeout <timeout>
-
-   Setup the `<timeout>` in seconds when querying the RADIUS server.
-
-.. cfgcmd:: set system login radius server <address> disable
-
-   Temporary disable this RADIUS server. It won't be queried.
-
-.. cfgcmd:: set system login radius source-address <address>
-
-   RADIUS servers could be hardened by only allowing certain IP addresses to
-   connect. As of this the source address of each RADIUS query can be
-   configured. If this is not set, incoming connections to the RADIUS server
-   will use the nearest interface address pointing towards the server - making
-   it error prone on e.g. OSPF networks when a link fails and a backup route is
-   taken.
-
-.. hint:: If you want to have admin users to authenticate via RADIUS it is
-   essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without
-   the attribute you will only get regular, non privilegued, system users.
-
-
-
-Login Banner
-============
-
-You are able to set post-login or pre-login banner messages to display certain
-information for this system.
-
-.. cfgcmd:: set system login banner pre-login <message>
-
-   Configure `<message>` which is shown during SSH connect and before a user is
-   logged in.
-
-.. cfgcmd:: set system login banner post-login <message>
-
-   Configure `<message>` which is shown after user has logged in to the system.
-
-.. note:: To create a new line in your login message you need to escape the new
-   line character by using ``\\n``.