docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.

ansible/docker/deploy.yml

@@ -0,0 +1,99 @@
+---
+- name: Deploy Docker
+  hosts: ubuntu
+  become: true
+  tasks:
+  - name: Check if host has docker service
+    ansible.builtin.set_fact:
+      has_docker_service: "{{'docker' in services}}"
+
+  - name: Skip hosts without docker service
+    ansible.builtin.meta: end_host
+    when: not has_docker_service
+    
+  - name: Add Docker repository
+    ansible.builtin.deb822_repository:
+      name: docker
+      types: [deb]
+      uris: https://download.docker.com/linux/ubuntu
+      suites: ["{{ ansible_distribution_release }}"]
+      components: [stable]
+      signed_by: https://download.docker.com/linux/ubuntu/gpg
+      state: present
+
+  - name: Update apt and install docker-ce
+    ansible.builtin.apt:
+      name: docker-ce
+      state: latest
+      update_cache: true
+
+  - name: Enable and start docker service
+    ansible.builtin.systemd:
+      name: docker
+      enabled: true
+      state: started
+
+  - name: Add ansible_user to docker group
+    ansible.builtin.user:
+      name: "{{ansible_user}}"
+      groups: docker
+      append: true
+
+  - name: Check if Docker API should be enabled
+    ansible.builtin.set_fact:
+      enable_docker_api: "{{ docker_api_enabled | default(false) }}"
+
+  - name: Configure Docker daemon for API exposure
+    ansible.builtin.copy:
+      content: |
+        {
+          "hosts": ["unix:///var/run/docker.sock", "tcp://{{ docker_api_host }}:{{ docker_api_port }}"],
+          "log-driver": "json-file",
+          "log-opts": {
+            "max-size": "10m",
+            "max-file": "3"
+          }
+        }
+      dest: /etc/docker/daemon.json
+      owner: root
+      group: root
+      mode: '644'
+    when: enable_docker_api
+    notify: restart docker
+
+  - name: Create systemd override directory
+    ansible.builtin.file:
+      path: /etc/systemd/system/docker.service.d
+      state: directory
+      mode: '755'
+
+  - name: Create AppArmor workaround for Incus nested Docker
+    ansible.builtin.copy:
+      content: |
+        [Service]
+        Environment=container="setmeandforgetme"
+      dest: /etc/systemd/system/docker.service.d/apparmor-workaround.conf
+      owner: root
+      group: root
+      mode: '644'
+    notify: restart docker
+
+  - name: Create systemd override for Docker API
+    ansible.builtin.copy:
+      content: |
+        [Service]
+        ExecStart=
+        ExecStart=/usr/bin/dockerd
+      dest: /etc/systemd/system/docker.service.d/override.conf
+      owner: root
+      group: root
+      mode: '644'
+    when: enable_docker_api
+    notify: restart docker
+
+  handlers:
+  - name: restart docker
+    ansible.builtin.systemd:
+      name: docker
+      state: restarted
+      daemon_reload: true