docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.

ansible/arke/deploy.yml

@@ -0,0 +1,181 @@
+---
+- name: Deploy Arke Proxy Server
+  hosts: arke
+  vars:
+    ansible_common_remote_group: "{{arke_group}}"
+    allow_world_readable_tmpfiles: true
+  tasks:
+  - name: Create Arke group
+    become: true
+    ansible.builtin.group:
+      name: "{{arke_group}}"
+      state: present
+
+  - name: Create arke user
+    become: true
+    ansible.builtin.user:
+      name: "{{arke_user}}"
+      group: "{{arke_group}}"
+      home: "{{arke_directory}}"
+      shell: /bin/bash
+      system: true
+      create_home: false
+
+  - name: Add remote_user to arke group
+    become: true
+    ansible.builtin.user:
+      name: "{{remote_user}}"
+      groups: "{{arke_group}}"
+      append: true
+
+  - name: Create required directories
+    become: true
+    ansible.builtin.file:
+      path: "{{arke_directory}}"
+      owner: "{{arke_user}}"
+      group: "{{arke_group}}"
+      state: directory
+      mode: '750'
+
+  - name: Ensure tar is installed for unarchive task
+    become: true
+    ansible.builtin.apt:
+      name:
+        - tar
+      state: present
+      update_cache: true
+
+  - name: Ensure Python, Python Dev, Venv module is installed
+    become: true
+    ansible.builtin.apt:
+      name: [python3,python3-venv,python3-dev]
+      state: present
+      update_cache: true
+
+  - name: Transfer and unarchive git archive
+    become: true
+    ansible.builtin.unarchive:
+      src: "~/rel/arke_{{arke_rel}}.tar"
+      dest: "{{arke_directory}}"
+      owner: "{{arke_user}}"
+      group: "{{arke_group}}"
+      mode: '550'
+    notify: restart arke
+
+  - name: Ensure media directories are writable
+    become: true
+    ansible.builtin.file:
+      path: "{{arke_directory}}/media/generated_images"
+      owner: "{{arke_user}}"
+      group: "{{arke_group}}"
+      state: directory
+      mode: '750'
+
+  - name: Create virtual environment for Arke
+    become: true
+    become_user: "{{arke_user}}"
+    ansible.builtin.command: 
+      cmd: "python3 -m venv {{arke_directory}}/.venv/"
+      creates: "{{arke_directory}}/.venv/bin/activate"
+
+  - name: Install wheel in virtual environment
+    become: true
+    become_user: "{{arke_user}}"
+    ansible.builtin.pip:
+      name:
+        - wheel
+      state: latest
+      virtualenv: "{{arke_directory}}/.venv"
+
+  - name: Install pyproject.toml dependencies in virtualenv
+    become: true
+    become_user: "{{arke_user}}"
+    ansible.builtin.pip:
+      chdir: "{{arke_directory}}"
+      name: .
+      virtualenv: "{{arke_directory}}/.venv"
+      virtualenv_command: python3 -m venv
+
+  - name: Install Memcached
+    become: true
+    ansible.builtin.apt:
+      name: memcached
+      state: present
+      update_cache: true
+
+  - name: Ensure Memcached is running
+    become: true
+    ansible.builtin.service:
+      name: memcached
+      state: started
+      enabled: true
+
+  - name: Template Arke .env configuration
+    become: true
+    ansible.builtin.template:
+      src: .env.j2
+      dest: "{{arke_directory}}/.env"
+      owner: "{{arke_user}}"
+      group: "{{arke_group}}"
+      mode: '640'
+    notify: restart arke
+
+  - name: Template systemd service file
+    become: true
+    ansible.builtin.template:
+      src: arke.service.j2
+      dest: /etc/systemd/system/arke.service
+      owner: root
+      group: root
+      mode: '644'
+    notify: restart arke
+
+  - name: Enable and start arke service
+    become: true
+    ansible.builtin.systemd:
+      name: arke
+      enabled: true
+      state: started
+      daemon_reload: true
+
+  - name: Ensure Arke metrics endpoint is open to Prometheus (manual step if not using ufw)
+    ansible.builtin.debug:
+      msg: |
+        Ensure the host's firewall allows inbound TCP on port 8000 from sao.helu.ca for Prometheus scraping.
+        If using ufw:
+          sudo ufw allow from <sao.helu.ca_ip> to any port 8000 proto tcp
+
+  - name: Reminder - Update Prometheus scrape config on sao.helu.ca
+    ansible.builtin.debug:
+      msg: |
+        Add the following job/target to your Prometheus configuration on sao.helu.ca:
+        - job_name: 'arke'
+          static_configs:
+            - targets: ['<arke_host>:{{arke_port}}']
+
+  - name: Validate Arke health endpoints
+    ansible.builtin.uri:
+      url: "http://localhost:{{arke_port}}/health"
+      status_code: 200
+      return_content: true
+    register: health_check
+    retries: 5
+    delay: 5
+    until: health_check.status == 200
+
+  - name: Validate Arke /metrics endpoint
+    ansible.builtin.uri:
+      url: "http://localhost:{{arke_port}}/metrics"
+      status_code: 200
+      return_content: false
+    register: metrics_check
+    retries: 5
+    delay: 5
+    until: metrics_check.status == 200
+
+  handlers:
+  - name: restart arke
+    become: true
+    ansible.builtin.systemd:
+      name: arke
+      state: restarted