docs/mesh-vpn: Document inventory usage

docs/site/getting-started/mesh-vpn.md

@@ -18,6 +18,45 @@ Clan
 If you select multiple network technologies at the same time. e.g. (zerotier + yggdrassil)
 You must choose one of them as primary network and the machines are always connected via the primary network.
 
+This guide shows you how to configure `zerotier` either through `NixOS Options` directly, or Clan's `Inventory` System.
+
+
+=== "**Inventory**"
+    ## 1. Choose the Controller
+
+    The controller is the initial entrypoint for new machines into the vpn.
+    It will sign the id's of new machines.
+    Once id's are signed, the controller's continuous operation is not essential.
+    A good controller choice is nevertheless a machine that can always be reached for updates - so that new peers can be added to the network.
+
+    For the purpose of this guide we have two machines:
+
+    - The `controller` machine, which will be the zerotier controller.
+    - The `new_machine` machine, which is the machine we want to add to the vpn network.
+
+    ## 2. Configure the Inventory
+    ```nix
+    clan.inventory = {
+      services.zerotier.default = {
+        roles.controller.machines = [
+          "controller"
+        ];
+        roles.peer.machines = [
+          "new_machine"
+        ];
+      };
+    };
+    ```
+    
+    ## 3. Apply the Configuration
+    Update the `controller` machine:
+
+    ```bash
+    clan machines update controller
+    ```
+
+
+=== "**NixOS Options**"
     ## 1. Set-Up the VPN Controller
 
     The VPN controller is initially essential for providing configuration to new