docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.

ansible/inventory/host_vars/oberon.incus.yml

@@ -0,0 +1,134 @@
+---
+# Oberon Configuration
+
+services:
+  - alloy
+  - docker
+  - hass
+  - mcp_switchboard
+  - openwebui
+  - rabbitmq
+  - searxng
+  - smtp4dev
+
+# Alloy
+alloy_log_level: "warn"
+rabbitmq_syslog_port: 51402
+searxng_syslog_port: 51403
+
+# MCP Switchboard Configuration
+mcp_switchboard_user: mcpsb
+mcp_switchboard_group: mcpsb
+mcp_switchboard_directory: /srv/mcp_switchboard
+mcp_switchboard_port: 22785
+mcp_switchboard_docker_host: "tcp://miranda.incus:2375"
+mcp_switchboard_db_host: portia.incus
+mcp_switchboard_db_port: 5432
+mcp_switchboard_db_name: mcp_switchboard
+mcp_switchboard_db_user: mcpsb
+mcp_switchboard_db_password: "{{ vault_mcp_switchboard_db_password }}"
+mcp_switchboard_rabbitmq_host: localhost
+mcp_switchboard_rabbitmq_port: 5672
+mcp_switchboard_rabbitmq_user: rabbitmq
+mcp_switchboard_rabbitmq_password: "{{ vault_mcp_switchboard_rabbitmq_password }}"
+mcp_switchboard_secret_key: "{{ vault_mcp_switchboard_secret_key }}"
+
+# Open WebUI Configuration
+openwebui_user: openwebui
+openwebui_group: openwebui
+openwebui_directory: /srv/openwebui
+openwebui_cors_allow_origin: https://openwebui.ouranos.helu.ca
+openwebui_port: 22088
+openwebui_host: puck.incus
+openwebui_secret_key: "{{ vault_openwebui_secret_key }}"
+openwebui_enable_signup: true
+openwebui_enable_email_login: false
+
+# OAuth/OIDC Configuration (Casdoor SSO)
+openwebui_oauth_client_id: "{{ vault_openwebui_oauth_client_id }}"
+openwebui_oauth_client_secret: "{{ vault_openwebui_oauth_client_secret }}"
+openwebui_oauth_provider_name: "Casdoor"
+openwebui_oauth_provider_url: "https://id.ouranos.helu.ca/.well-known/openid-configuration"
+
+# Database Configuration
+openwebui_db_host: portia.incus
+openwebui_db_port: 5432
+openwebui_db_name: openwebui
+openwebui_db_user: openwebui
+openwebui_db_password: "{{ vault_openwebui_db_password }}"
+
+# API Keys
+openwebui_openai_api_key: "{{ vault_openwebui_openai_api_key }}"
+openwebui_anthropic_api_key: "{{ vault_openwebui_anthropic_api_key }}"
+openwebui_groq_api_key: "{{ vault_openwebui_groq_api_key }}"
+openwebui_mistral_api_key: "{{ vault_openwebui_mistral_api_key }}"
+
+# Ollama Configuration
+ollama_api_base_url: ""
+openwebui_ollama_api_key: ""
+
+# SSL Configuration
+openwebui_enable_https: false
+openwebui_ssl_cert_path: ""
+openwebui_ssl_key_path: ""
+
+# Logging
+openwebui_log_level: info
+
+# RabbitMQ Config
+rabbitmq_user: rabbitmq
+rabbitmq_group: rabbitmq
+rabbitmq_directory: /srv/rabbitmq
+rabbitmq_amqp_port: 5672
+rabbitmq_management_port: 25582
+rabbitmq_password: "{{ vault_rabbitmq_password }}"
+
+# Redis password
+redis_password: "{{ vault_redis_password }}"
+
+# SearXNG Configuration
+searxng_user: searxng
+searxng_group: searxng
+searxng_directory: /srv/searxng
+searxng_port: 22083
+searxng_base_url: http://oberon.incus:22083/
+searxng_instance_name: "Agathos Search"
+searxng_secret_key: "{{ vault_searxng_secret_key }}"
+
+# SearXNG OAuth2-Proxy Sidecar
+# Note: Each host supports at most one OAuth2-Proxy sidecar instance
+# (binary shared at /usr/local/bin/oauth2-proxy, unique systemd unit per service)
+searxng_oauth2_proxy_dir: /etc/oauth2-proxy-searxng
+searxng_oauth2_proxy_version: "7.6.0"
+searxng_proxy_port: 22073
+searxng_domain: "ouranos.helu.ca"
+searxng_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
+searxng_oauth2_redirect_url: "https://searxng.ouranos.helu.ca/oauth2/callback"
+
+# OAuth2 Credentials (from vault)
+searxng_oauth2_client_id: "{{ vault_searxng_oauth2_client_id }}"
+searxng_oauth2_client_secret: "{{ vault_searxng_oauth2_client_secret }}"
+searxng_oauth2_cookie_secret: "{{ vault_searxng_oauth2_cookie_secret }}"
+
+# smtp4dev Configuration
+smtp4dev_user: smtp4dev
+smtp4dev_group: smtp4dev
+smtp4dev_directory: /srv/smtp4dev
+smtp4dev_port: 22085
+smtp4dev_smtp_port: 22025
+smtp4dev_imap_port: 22045
+smtp4dev_syslog_port: 51405
+
+# Home Assistant Configuration
+hass_user: hass
+hass_group: hass
+hass_directory: /srv/hass
+hass_media_directory: /srv/hass/media
+hass_port: 8123
+hass_version: "2026.2.0"
+hass_db_host: portia.incus
+hass_db_port: 5432
+hass_db_name: hass
+hass_db_user: hass
+hass_db_password: "{{ vault_hass_db_password }}"
+hass_metrics_token: "{{ vault_hass_metrics_token }}"