docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.

ansible/inventory/host_vars/prospero.incus.yml

@@ -0,0 +1,141 @@
+---
+# Prospero Configuration - PPLG Observability & Admin Stack
+# Services: pplg (PgAdmin, Prometheus, Loki, Grafana + HAProxy + OAuth2-Proxy)
+
+services:
+  - alloy
+  - pplg
+
+# Alloy
+alloy_log_level: "warn"
+
+# ============================================================================
+# PPLG HAProxy Configuration
+# ============================================================================
+
+pplg_haproxy_user: haproxy
+pplg_haproxy_group: haproxy
+pplg_haproxy_uid: 800
+pplg_haproxy_gid: 800
+pplg_haproxy_domain: "ouranos.helu.ca"
+pplg_haproxy_cert_path: /etc/haproxy/certs/ouranos.pem
+pplg_haproxy_stats_port: 8404
+pplg_haproxy_syslog_port: 51405
+
+# ============================================================================
+# Grafana
+# ============================================================================
+
+# Grafana Datasources
+prometheus_datasource_name: Prospero-Prometheus
+prometheus_host: prospero.incus
+prometheus_port: 9090
+prometheus_datasource_uid: prospero-prometheus
+loki_datasource_name: Prospero-Loki
+loki_host: prospero.incus
+loki_port: 3100
+loki_datasource_uid: prospero-loki
+
+# Grafana Users
+grafana_admin_name: "{{ vault_grafana_admin_name }}"
+grafana_admin_login: "{{ vault_grafana_admin_login }}"
+grafana_admin_password: "{{ vault_grafana_admin_password }}"
+grafana_viewer_name: "{{ vault_grafana_viewer_name }}"
+grafana_viewer_login: "{{ vault_grafana_viewer_login }}"
+grafana_viewer_password: "{{ vault_grafana_viewer_password }}"
+
+# Grafana OAuth (Casdoor SSO)
+grafana_oauth_enabled: true
+grafana_oauth_name: "Casdoor"
+grafana_oauth_client_id: "{{ vault_grafana_oauth_client_id }}"
+grafana_oauth_client_secret: "{{ vault_grafana_oauth_client_secret }}"
+grafana_oauth_auth_url: "https://id.ouranos.helu.ca/login/oauth/authorize"
+grafana_oauth_token_url: "https://id.ouranos.helu.ca/api/login/oauth/access_token"
+grafana_oauth_api_url: "https://id.ouranos.helu.ca/api/userinfo"
+grafana_oauth_scopes: "openid profile email"
+grafana_root_url: "https://grafana.ouranos.helu.ca"
+grafana_oauth_allow_sign_up: true
+grafana_oauth_skip_tls_verify: false
+
+# ============================================================================
+# Prometheus
+# ============================================================================
+
+prometheus_user: prometheus
+prometheus_group: prometheus
+prometheus_scrape_interval: 15s
+prometheus_evaluation_interval: 15s
+alertmanager_host: prospero.incus
+alertmanager_port: 9093
+loki_metrics_port: 3100
+prometheus_targets:
+  - 'oberon.incus:9100'
+  - 'portia.incus:9100'
+  - 'ariel.incus:9100'
+  - 'puck.incus:9100'
+  - 'puck.incus:25571'
+  - 'miranda.incus:9100'
+  - 'sycorax.incus:9100'
+  - 'prospero.incus:9100'
+  - 'rosalind.incus:9100'
+
+# Prometheus OAuth2-Proxy Sidecar
+prometheus_proxy_port: 9091
+prometheus_oauth2_proxy_dir: /etc/oauth2-proxy-prometheus
+prometheus_oauth2_proxy_version: "7.6.0"
+prometheus_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
+prometheus_oauth2_client_id: "{{ vault_prometheus_oauth2_client_id }}"
+prometheus_oauth2_client_secret: "{{ vault_prometheus_oauth2_client_secret }}"
+prometheus_oauth2_cookie_secret: "{{ vault_prometheus_oauth2_cookie_secret }}"
+
+# ============================================================================
+# Alertmanager
+# ============================================================================
+
+alertmanager_user: prometheus
+alertmanager_group: prometheus
+alertmanager_resolve_timeout: 5m
+alertmanager_group_wait: 30s
+alertmanager_group_interval: 5m
+alertmanager_repeat_interval: 4h
+pushover_user_key: "{{ vault_pushover_user_key }}"
+pushover_api_token: "{{ vault_pushover_api_token }}"
+pushover_priority: 1
+pushover_retry: 30
+pushover_expire: 3600
+
+# ============================================================================
+# Loki
+# ============================================================================
+
+loki_user: loki
+loki_group: loki
+loki_data_dir: /var/lib/loki
+loki_config_dir: /etc/loki
+loki_config_file: config.yml
+loki_grpc_port: 9096
+
+# ============================================================================
+# PgAdmin (Gunicorn - no Apache)
+# ============================================================================
+
+pgadmin_user: pgadmin
+pgadmin_group: pgadmin
+pgadmin_port: 5050
+pgadmin_data_dir: /var/lib/pgadmin
+pgadmin_log_dir: /var/log/pgadmin
+pgadmin_email: "{{ vault_pgadmin_email }}"
+pgadmin_password: "{{ vault_pgadmin_password }}"
+
+# PgAdmin OAuth (Casdoor SSO)
+pgadmin_oauth_client_id: "{{ vault_pgadmin_oauth_client_id }}"
+pgadmin_oauth_client_secret: "{{ vault_pgadmin_oauth_client_secret }}"
+
+# ============================================================================
+# Casdoor Metrics (for Prometheus scraping)
+# ============================================================================
+
+casdoor_metrics_host: "titania.incus"
+casdoor_metrics_port: 22081
+casdoor_prometheus_access_key: "{{ vault_casdoor_prometheus_access_key }}"
+casdoor_prometheus_access_secret: "{{ vault_casdoor_prometheus_access_secret }}"