docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.

ansible/casdoor/deploy.yml

@@ -0,0 +1,155 @@
+---
+# -----------------------------------------------------------------------------
+# Casdoor Deployment Playbook
+# -----------------------------------------------------------------------------
+# Deploys Casdoor SSO Docker container
+# Host: titania.incus (Incus container)
+# Endpoint: id.ouranos.helu.ca via HAProxy on Titania
+#
+# Prerequisites:
+# - postgresql_ssl must be deployed first (provides the database)
+# - Docker must be installed
+# - Alloy must be configured for syslog
+#
+# Secrets are fetched from Ansible Vault via group_vars/all/vault.yml
+# -----------------------------------------------------------------------------
+
+- name: Deploy Casdoor
+  hosts: ubuntu
+  tasks:
+    - name: Check if host has casdoor service
+      ansible.builtin.set_fact:
+        has_casdoor_service: "{{ 'casdoor' in services | default([]) }}"
+
+    - name: Skip hosts without casdoor service
+      ansible.builtin.meta: end_host
+      when: not has_casdoor_service
+
+    # -------------------------------------------------------------------------
+    # Create User and Group (system-assigned UID/GID)
+    # -------------------------------------------------------------------------
+
+    - name: Create casdoor group
+      become: true
+      ansible.builtin.group:
+        name: "{{ casdoor_group }}"
+        system: true
+
+    - name: Create casdoor user
+      become: true
+      ansible.builtin.user:
+        name: "{{ casdoor_user }}"
+        comment: "Casdoor service account"
+        group: "{{ casdoor_group }}"
+        system: true
+        create_home: false
+        shell: /usr/sbin/nologin
+
+    - name: Add ansible_user to casdoor group
+      become: true
+      ansible.builtin.user:
+        name: "{{ ansible_user }}"
+        groups: "{{ casdoor_group }}"
+        append: true
+
+    # -------------------------------------------------------------------------
+    # Query uid/gid for Docker container user
+    # -------------------------------------------------------------------------
+
+    - name: Get casdoor user uid
+      ansible.builtin.shell: |
+        getent passwd {{ casdoor_user }} | cut -d: -f3
+      register: casdoor_uid_result
+      changed_when: false
+
+    - name: Get casdoor group gid
+      ansible.builtin.shell: |
+        getent group {{ casdoor_group }} | cut -d: -f3
+      register: casdoor_gid_result
+      changed_when: false
+
+    - name: Set uid/gid facts
+      ansible.builtin.set_fact:
+        casdoor_uid: "{{ casdoor_uid_result.stdout }}"
+        casdoor_gid: "{{ casdoor_gid_result.stdout }}"
+
+    # -------------------------------------------------------------------------
+    # Create Directories
+    # -------------------------------------------------------------------------
+
+    - name: Create casdoor base directory
+      become: true
+      ansible.builtin.file:
+        path: "{{ casdoor_directory }}"
+        owner: "{{ casdoor_user }}"
+        group: "{{ casdoor_group }}"
+        state: directory
+        mode: '0750'
+
+    - name: Create casdoor conf directory
+      become: true
+      ansible.builtin.file:
+        path: "{{ casdoor_directory }}/conf"
+        owner: "{{ casdoor_user }}"
+        group: "{{ casdoor_group }}"
+        state: directory
+        mode: '0750'
+
+    # -------------------------------------------------------------------------
+    # Template Configuration Files
+    # -------------------------------------------------------------------------
+
+    - name: Template docker-compose.yml
+      become: true
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ casdoor_directory }}/docker-compose.yml"
+        owner: "{{ casdoor_user }}"
+        group: "{{ casdoor_group }}"
+        mode: '0640'
+      notify: restart casdoor
+
+    - name: Template app.conf
+      become: true
+      ansible.builtin.template:
+        src: app.conf.j2
+        dest: "{{ casdoor_directory }}/conf/app.conf"
+        owner: "{{ casdoor_user }}"
+        group: "{{ casdoor_group }}"
+        mode: '0640'
+      notify: restart casdoor
+
+    - name: Template init_data.json
+      become: true
+      ansible.builtin.template:
+        src: init_data.json.j2
+        dest: "{{ casdoor_directory }}/conf/init_data.json"
+        owner: "{{ casdoor_user }}"
+        group: "{{ casdoor_group }}"
+        mode: '0640'
+      notify: restart casdoor
+
+    # -------------------------------------------------------------------------
+    # Reset SSH Connection (apply group changes)
+    # -------------------------------------------------------------------------
+
+    - name: Reset SSH connection to apply group changes
+      ansible.builtin.meta: reset_connection
+
+    # -------------------------------------------------------------------------
+    # Start Services
+    # -------------------------------------------------------------------------
+
+    - name: Start Casdoor service
+      become: true
+      community.docker.docker_compose_v2:
+        project_src: "{{ casdoor_directory }}"
+        state: present
+        pull: always
+
+  handlers:
+    - name: restart casdoor
+      become: true
+      community.docker.docker_compose_v2:
+        project_src: "{{ casdoor_directory }}"
+        state: restarted