docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.

ansible/inventory/group_vars/all/vars.yml

@@ -0,0 +1,107 @@
+# Red Panda Approved Sandbox Environment Variables
+remote_user: robert
+remote_group: robert
+deployment_environment: "agathos"
+ansible_python_interpreter: /usr/bin/python3
+
+# Incus configuration (matches terraform.tfvars)
+incus_project_name: agathos
+incus_storage_pool: default
+
+# Gitea Runner
+act_runner_version: "0.2.13"
+gitea_runner_instance_url: "https://gitea.ouranos.helu.ca"
+
+# Release versions for staging playbooks
+anythingllm_rel: master
+athena_rel: master
+athena_mcp_rel: master
+argos_rel: master
+arke_rel: master
+angelia_rel: master
+kairos_rel: master
+kairos_mcp_rel: master
+spelunker_rel: master
+mcp_switchboard_rel: master
+kernos_rel: master
+# PyPI release version (no 'v' prefix) - https://pypi.org/project/open-webui/
+openwebui_rel: 0.8.3
+
+# MCP URLs
+argos_mcp_url: http://miranda.incus:25534/mcp
+angelia_mcp_url: https://ouranos.helu.ca/mcp/
+angelia_mcp_auth: "{{ vault_angelia_mcp_auth }}"
+caliban_mcp_url: http://caliban.incus:22021/mcp
+gitea_mcp_url: http://miranda.incus:25535/mcp
+gitea_mcp_access_token: "{{ vault_gitea_mcp_access_token }}"
+github_personal_access_token: "{{ vault_github_personal_access_token }}"
+grafana_mcp_url: http://miranda.incus:25533/mcp
+huggingface_mcp_token: "{{ vault_huggingface_mcp_token }}"
+neo4j_mcp_url: http://circe.helu.ca:22034/mcp
+nike_mcp_url: http://puck.incus:22031/mcp
+korax_mcp_url: http://korax.helu.ca:22021/mcp
+rommie_mcp_url: http://caliban.incus:22031/mcp
+
+# Monitoring and Logging (internal endpoints on Prospero)
+loki_url: http://prospero.incus:3100/loki/api/v1/push
+prometheus_remote_write_url: http://prospero.incus:9090/api/v1/write
+syslog_format: "rfc3164"
+# Docker configuration
+docker_gpg_key_url: https://download.docker.com/linux/debian/gpg
+docker_gpg_key_path: /etc/apt/keyrings/docker.asc
+docker_gpg_key_checksum: sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570
+
+# RabbitMQ provisioning config
+rabbitmq_vhosts:
+  - name: kairos
+  - name: spelunker
+
+rabbitmq_users:
+  - name: kairos
+    password: "{{ kairos_rabbitmq_password }}"
+    tags: []
+  - name: spelunker
+    password: "{{ spelunker_rabbitmq_password }}"
+    tags: []
+
+rabbitmq_permissions:
+  - vhost: kairos
+    user: kairos
+    configure_priv: .*
+    read_priv: .*
+    write_priv: .*
+  - vhost: spelunker
+    user: spelunker
+    configure_priv: .*
+    read_priv: .*
+    write_priv: .*
+
+# SMTP (smtp4dev on Oberon)
+smtp_host: oberon.incus
+smtp_port: 22025
+smtp_from: noreply@ouranos.helu.ca
+smtp_from_name: "Agathos"
+
+# Release directory paths
+github_dir: ~/gh
+repo_dir: ~/dv
+rel_dir: ~/rel
+
+# Vault Variable Mappings
+kairos_rabbitmq_password: "{{ vault_kairos_rabbitmq_password }}"
+spelunker_rabbitmq_password: "{{ vault_spelunker_rabbitmq_password }}"
+caliban_x11vnc_password: "{{ vault_caliban_x11vnc_password }}"
+grafana_service_account_token: "{{ vault_grafana_service_account_token }}"
+
+# Home Assistant
+hass_metrics_token: "{{ vault_hass_metrics_token }}"
+
+# Namecheap DNS API (for certbot DNS-01 validation)
+namecheap_username: "{{ vault_namecheap_username }}"
+namecheap_api_key: "{{ vault_namecheap_api_key }}"
+
+# OAuth2-Proxy Vault Mappings (used for SearXNG auth)
+# Note: These must be set in vault.yml after configuring Casdoor application
+# vault_oauth2_proxy_client_id: "<from-casdoor-application>"
+# vault_oauth2_proxy_client_secret: "<generate with: python3 -c 'import secrets; print(secrets.token_urlsafe(32))'>"
+# vault_oauth2_proxy_cookie_secret: "<generate with: python3 -c 'import secrets; print(secrets.token_urlsafe(32))'>"