add comprehensive documentation for all Ansible roles

- Add main README with infrastructure overview and usage instructions
- Document bootstrap role for server initialization and security hardening
- Document common role for shared server configuration
- Document cron role for scheduled tasks and automation
- Document docker role with detailed service descriptions and deployment patterns
- Include MMDL service documentation with setup requirements
- Add troubleshooting guides and security considerations

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

roles/bootstrap/README.md

@@ -0,0 +1,41 @@
+# Bootstrap Role
+
+## Purpose
+Performs initial server setup and hardening for new Ubuntu/Debian servers.
+
+## What It Does
+
+### User Management
+- Creates a new user account with sudo privileges (specified by `created_username` variable)
+- Configures passwordless sudo for the sudo group
+- Sets up SSH key authentication using your local `~/.ssh/id_ed25519.pub` key
+- Disables root password authentication
+
+### System Packages
+- Installs `aptitude` for better package management
+- Installs essential packages:
+  - `curl` - HTTP client
+  - `vim` - Text editor
+  - `git` - Version control
+  - `ufw` - Uncomplicated Firewall
+
+### Security Configuration
+- Configures UFW firewall to:
+  - Allow SSH connections
+  - Enable firewall with default deny policy
+- Hardens SSH configuration
+
+## Variables Required
+- `created_username`: The username to create (typically set in bootstrap.yml)
+- `tailscale_key`: Tailscale authentication key (prompted during playbook run)
+
+## Dependencies
+- Requires the `artis3n.tailscale` role for VPN setup
+- Requires your SSH public key at `~/.ssh/id_ed25519.pub`
+
+## Usage
+```bash
+ansible-playbook bootstrap.yml -i hosts.yml
+```
+
+This role is designed to be run once on a fresh server before deploying other services.