docs/mesh-vpn: Document inventory usage

docs/site/getting-started/mesh-vpn.md

@@ -18,14 +18,53 @@ Clan
 If you select multiple network technologies at the same time. e.g. (zerotier + yggdrassil)
 You must choose one of them as primary network and the machines are always connected via the primary network.
 
-## 1. Set-Up the VPN Controller
+This guide shows you how to configure `zerotier` either through `NixOS Options` directly, or Clan's `Inventory` System.
 
-The VPN controller is initially essential for providing configuration to new
-peers. Once addresses are allocated, the controller's continuous operation is not essential.
 
-1. **Designate a Machine**: Label a machine as the VPN controller in the clan,
+=== "**Inventory**"
+    ## 1. Choose the Controller
+
+    The controller is the initial entrypoint for new machines into the vpn.
+    It will sign the id's of new machines.
+    Once id's are signed, the controller's continuous operation is not essential.
+    A good controller choice is nevertheless a machine that can always be reached for updates - so that new peers can be added to the network.
+
+    For the purpose of this guide we have two machines:
+
+    - The `controller` machine, which will be the zerotier controller.
+    - The `new_machine` machine, which is the machine we want to add to the vpn network.
+
+    ## 2. Configure the Inventory
+    ```nix
+    clan.inventory = {
+      services.zerotier.default = {
+        roles.controller.machines = [
+          "controller"
+        ];
+        roles.peer.machines = [
+          "new_machine"
+        ];
+      };
+    };
+    ```
+    
+    ## 3. Apply the Configuration
+    Update the `controller` machine:
+
+    ```bash
+    clan machines update controller
+    ```
+
+
+=== "**NixOS Options**"
+    ## 1. Set-Up the VPN Controller
+
+    The VPN controller is initially essential for providing configuration to new
+    peers. Once addresses are allocated, the controller's continuous operation is not essential.
+
+    1. **Designate a Machine**: Label a machine as the VPN controller in the clan,
        referred to as `<CONTROLLER>` henceforth in this guide.
-2. **Add Configuration**: Input the following configuration to the NixOS
+    2. **Add Configuration**: Input the following configuration to the NixOS
        configuration of the controller machine:
        ```nix
        clan.core.networking.zerotier.controller = {
@@ -33,24 +72,24 @@ peers. Once addresses are allocated, the controller's continuous operation is no
          public = true;
        };
        ```
-3. **Update the Controller Machine**: Execute the following:
+    3. **Update the Controller Machine**: Execute the following:
        ```bash
        clan machines update <CONTROLLER>
        ```
        Your machine is now operational as the VPN controller.
 
-## 2. Add Machines to the VPN
+    ## 2. Add Machines to the VPN
 
-To introduce a new machine to the VPN, adhere to the following steps:
+    To introduce a new machine to the VPN, adhere to the following steps:
 
-1. **Update Configuration**: On the new machine, incorporate the following to its
+    1. **Update Configuration**: On the new machine, incorporate the following to its
        configuration, substituting `<CONTROLLER>` with the controller machine name:
        ```nix
        { config, ... }: {
          clan.core.networking.zerotier.networkId = builtins.readFile (config.clan.core.settings.directory + "/machines/<CONTROLLER>/facts/zerotier-network-id");
        }
        ```
-1. **Update the New Machine**: Execute:
+    1. **Update the New Machine**: Execute:
        ```bash
        $ clan machines update <NEW_MACHINE>
        ```
@@ -93,7 +132,7 @@ To introduce a new machine to the VPN, adhere to the following steps:
                      ```
                      Substitute `<ID>` with the ZeroTier ID obtained previously.
 
-2. **Verify Connection**: On the `new_machine`, re-execute:
+    2. **Verify Connection**: On the `new_machine`, re-execute:
        ```bash
        $ sudo zerotier-cli info
        ```