feat: more operator guide

docs/operator/deploy.md

@@ -0,0 +1,64 @@
+---
+sidebar_position: 50
+sidebar_label: Deploy CDR Link
+---
+
+# Deploy the CDR Link Stack
+
+## Set up the Ansible inventory and host variables
+
+Create `$HOME/ops/inventory`:
+
+```ini
+[cdr_link]
+example.cdr.link
+```
+
+Create `$HOME/ops/group_vars/all.yml` if you use our baseline role and integrate with Identity Management:
+
+```yaml
+---
+ipaserver_domain: CHANGEME
+ipaserver_realm: CHANGEME
+ipaserver_netbios_name: CHANGEME
+```
+
+Create `$HOME/ops/host_vars/example.cdr.link.yml`:
+
+```yaml
+---
+baseline_second_disk_device: /dev/sdb  # This is the device path for the data volume
+baseline_home_luks_passphrase: CHANGEME
+ipaclient_otp: CHANGEME  # This is the OTP generated in the IdM step and is not sensitive after use
+podman_link_podman_rootless_user: link_example  # This is the user you created in the IdM step
+podman_link_postgres_zammad_password: CHANGEME
+podman_link_postgres_link_password: CHANGEME
+podman_link_postgres_root_password: CHANGEME
+podman_link_zammad_redis_password: CHANGEME
+podman_link_opensearch_password: CHANGEME
+podman_link_nextauth_secret: CHANGEME
+```
+
+:::warning
+Do not store sensitive values in the `host_vars` file in plaintext, use lookup plugins to look up the secret values
+using your secrets management solution of choice.
+:::
+
+The variables prefixed with `baseline_` and `ipaclient_` are only applicable if you are using our baseline role with
+Identity Management integration.
+If you manage your own hardening and use local users and groups you can omit these.
+The user you reference in `podman_link_podman_rootless_user` must exist before continuing.
+
+## Execute the Ansible playbook
+
+If you are using our baseline role:
+
+```shell
+ansible-playbook -i inventory sr2.apps.link
+```
+
+If you manage your own hardening and identity management, use the `link` tag to only run the CDR Link stack deployment:
+
+```shell
+ansible-playbook -i inventory sr2.apps.link --tags link
+```