docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.

ansible/nextcloud/config.php.j2

@@ -0,0 +1,40 @@
+<?php
+$CONFIG = array (
+  'instanceid' => '{{ nextcloud_instance_id | default("") }}',
+  'passwordsalt' => '{{ nextcloud_password_salt | default("") }}',
+  'secret' => '{{ nextcloud_secret | default("") }}',
+  'trusted_domains' => 
+  array (
+    0 => 'rosalind.incus',
+    1 => '{{ nextcloud_domain }}',
+  ),
+  'datadirectory' => '{{ nextcloud_data_dir }}',
+  'dbtype' => 'pgsql',
+  'version' => '',
+  'overwrite.cli.url' => 'https://{{ nextcloud_domain }}',
+  'dbname' => '{{ nextcloud_db_name }}',
+  'dbhost' => '{{ nextcloud_db_host }}:{{ nextcloud_db_port }}',
+  'dbport' => '',
+  'dbtableprefix' => 'oc_',
+  'dbuser' => '{{ nextcloud_db_user }}',
+  'dbpassword' => '{{ nextcloud_db_password }}',
+  'installed' => true,
+  'memcache.local' => '\\OC\\Memcache\\Memcached',
+  'memcache.distributed' => '\\OC\\Memcache\\Memcached',
+  'memcached_servers' => 
+  array (
+    0 => 
+    array (
+      0 => 'localhost',
+      1 => 11211,
+    ),
+  ),
+  'memcached_options' => 
+  array (
+    'prefix' => 'nc_',
+  ),
+  'maintenance' => false,
+  'theme' => '',
+  'loglevel' => 2,
+  'default_phone_region' => 'US',
+);

ansible/nextcloud/deploy.yml

@@ -0,0 +1,195 @@
+---
+- name: Deploy Nextcloud
+  hosts: ubuntu
+  become: true
+  tasks:
+    - name: Check if host has nextcloud service
+      ansible.builtin.set_fact:
+        has_nextcloud_service: "{{ 'nextcloud' in services | default([]) }}"
+
+    - name: Skip hosts without nextcloud service
+      ansible.builtin.meta: end_host
+      when: not has_nextcloud_service
+
+    - name: Install required packages for Nextcloud
+      ansible.builtin.apt:
+        name:
+          - apache2
+          - libapache2-mod-php
+          - php-gd
+          - php-pgsql
+          - php-curl
+          - php-mbstring
+          - php-intl
+          - php-gmp
+          - php-bcmath
+          - php-xml
+          - php-imagick
+          - php-zip
+          - php-memcached
+          - memcached
+          - libmagickcore-6.q16-6-extra
+          - unzip
+          - curl
+          - bzip2
+          - acl
+        state: present
+        update_cache: true
+
+    - name: Ensure Memcached is running
+      ansible.builtin.service:
+        name: memcached
+        state: started
+        enabled: true
+
+    - name: Create Nextcloud data directory
+      ansible.builtin.file:
+        path: "{{ nextcloud_data_dir }}"
+        state: directory
+        owner: www-data
+        group: www-data
+        mode: '0750'
+
+    - name: Check if Nextcloud is already installed
+      ansible.builtin.stat:
+        path: /var/www/nextcloud/version.php
+      register: nextcloud_installed
+
+    - name: Download Nextcloud tarball
+      ansible.builtin.get_url:
+        url: https://download.nextcloud.com/server/releases/latest.tar.bz2
+        dest: /tmp/nextcloud-latest.tar.bz2
+        mode: '0644'
+      when: not nextcloud_installed.stat.exists
+
+    - name: Extract Nextcloud tarball
+      ansible.builtin.unarchive:
+        src: /tmp/nextcloud-latest.tar.bz2
+        dest: /tmp/
+        remote_src: true
+      when: not nextcloud_installed.stat.exists
+
+    - name: Copy Nextcloud to web root
+      ansible.builtin.copy:
+        src: /tmp/nextcloud/
+        dest: /var/www/nextcloud/
+        remote_src: true
+        owner: www-data
+        group: www-data
+        mode: preserve
+      when: not nextcloud_installed.stat.exists
+
+    - name: Set proper ownership for Nextcloud directory
+      ansible.builtin.file:
+        path: /var/www/nextcloud
+        state: directory
+        owner: www-data
+        group: www-data
+        recurse: true
+
+    - name: Template Apache VirtualHost configuration
+      ansible.builtin.template:
+        src: nextcloud.conf.j2
+        dest: /etc/apache2/sites-available/nextcloud.conf
+        owner: root
+        group: root
+        mode: '0644'
+      notify: reload apache
+
+    - name: Disable default Apache site
+      ansible.builtin.command:
+        cmd: a2dissite 000-default.conf
+      args:
+        removes: /etc/apache2/sites-enabled/000-default.conf
+      notify: reload apache
+
+    - name: Enable Nextcloud Apache site
+      ansible.builtin.command:
+        cmd: a2ensite nextcloud.conf
+      args:
+        creates: /etc/apache2/sites-enabled/nextcloud.conf
+      notify: reload apache
+
+    - name: Enable required Apache modules
+      ansible.builtin.command:
+        cmd: "a2enmod {{ item }}"
+      loop:
+        - rewrite
+        - headers
+        - env
+        - dir
+        - mime
+      notify: reload apache
+      register: apache_mods
+      changed_when: "'already enabled' not in apache_mods.stdout"
+
+    - name: Check if Nextcloud is already configured
+      ansible.builtin.stat:
+        path: /var/www/nextcloud/config/config.php
+      register: nextcloud_config
+
+    - name: Run Nextcloud installation
+      become_user: www-data
+      ansible.builtin.command:
+        cmd: >
+          php /var/www/nextcloud/occ maintenance:install
+          --database "pgsql"
+          --database-name "{{ nextcloud_db_name }}"
+          --database-host "{{ nextcloud_db_host }}"
+          --database-port "{{ nextcloud_db_port }}"
+          --database-user "{{ nextcloud_db_user }}"
+          --database-pass "{{ nextcloud_db_password }}"
+          --admin-user "{{ nextcloud_admin_user }}"
+          --admin-pass "{{ nextcloud_admin_password }}"
+          --data-dir "{{ nextcloud_data_dir }}"
+      when: not nextcloud_config.stat.exists
+      no_log: true
+
+    - name: Add trusted domain
+      become_user: www-data
+      ansible.builtin.command:
+        cmd: "php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value={{ nextcloud_domain }}"
+      changed_when: false
+
+    - name: Configure Memcached
+      become_user: www-data
+      ansible.builtin.command:
+        cmd: "php /var/www/nextcloud/occ config:system:set memcache.local --value='\\OC\\Memcache\\Memcached'"
+      changed_when: false
+
+    - name: Configure Memcached server
+      become_user: www-data
+      ansible.builtin.command:
+        cmd: "php /var/www/nextcloud/occ config:system:set memcache.distributed --value='\\OC\\Memcache\\Memcached'"
+      changed_when: false
+
+    - name: Configure cron job for Nextcloud
+      ansible.builtin.cron:
+        name: "Nextcloud background jobs"
+        minute: "*/5"
+        user: www-data
+        job: "php /var/www/nextcloud/cron.php"
+        state: present
+
+    - name: Set Nextcloud background job mode to cron
+      become_user: www-data
+      ansible.builtin.command:
+        cmd: "php /var/www/nextcloud/occ background:cron"
+      changed_when: false
+
+    - name: Ensure Apache is running
+      ansible.builtin.service:
+        name: apache2
+        state: started
+        enabled: true
+
+  handlers:
+    - name: reload apache
+      ansible.builtin.service:
+        name: apache2
+        state: reloaded
+
+    - name: restart apache
+      ansible.builtin.service:
+        name: apache2
+        state: restarted

ansible/nextcloud/nextcloud.conf.j2

@@ -0,0 +1,22 @@
+Listen {{ nextcloud_web_port }}
+
+<VirtualHost *:{{ nextcloud_web_port }}>
+  ServerAdmin webmaster@{{ nextcloud_domain }}
+  ServerName {{ nextcloud_domain }}
+  ServerAlias rosalind.incus
+  
+  DocumentRoot /var/www/nextcloud
+
+  <Directory /var/www/nextcloud/>
+    Require all granted
+    AllowOverride All
+    Options FollowSymLinks MultiViews
+
+    <IfModule mod_dav.c>
+      Dav off
+    </IfModule>
+  </Directory>
+
+  ErrorLog ${APACHE_LOG_DIR}/nextcloud_error.log
+  CustomLog ${APACHE_LOG_DIR}/nextcloud_access.log combined
+</VirtualHost>