feat: more operator guide

docs/operator/architecture.md

@@ -20,7 +20,9 @@ network namespaces.
 
 Both
 [discretionary access controls](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/configuring_basic_system_settings/managing-file-system-permissions_configuring-basic-system-settings)
-and SELinux are used to prevent lateral movement between containers should a container be compromised, with particular
+and
+[SELinux](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/using_selinux/index)
+are used to prevent lateral movement between containers should a container be compromised, with particular
 attention given to the messaging channels WhatsApp and Signal.
 No container runs its application as the inside "root" user, which is an unprivileged user on the host.
 
@@ -33,7 +35,7 @@ prevent later investigation, and automatically shut down instances where there i
 ## Components
 
 The following diagram shows the dependency relationships between the components of CDR Link.
-If you use our [Ansible role](./deploy) for deployment then these will be automatically configured.
+If you use our [Ansible role](./deploy.md) for deployment then these will be automatically configured.
 The Link stack containers are
 [OCI](https://opencontainers.org/) compliant containers and you can run these with alternatives
 such as [Docker Compose](https://docs.docker.com/compose/) however we would not be able to provide support for this
@@ -48,8 +50,8 @@ The service definitions are in `.container` units within the Quadlet directory a
 ```mermaid
 flowchart TD
     bridge-worker.service --> bridge-postgresql.service
-    bridge-worker.service --> bridge-whatsapp.service
-    bridge-worker.service --> signal-cli-rest-api.service
+    bridge-worker.service -.-> bridge-whatsapp.service
+    bridge-worker.service -.-> signal-cli-rest-api.service
 
     link.service --> bridge-postgresql.service
     link.service --> bridge-worker.service