Automate /opt↔repo sync, protect installers from overwrites, and add systemd unit

[01rabbit]

Summary

• Add automation to keep runtime config under /opt/azazel/config synchronized with the repository, prevent installers from clobbering repository-managed files, and add a systemd unit to run the linking on boot.
• Remove obsolete version: from deploy/docker-compose.yml and include several workspace fixes (menus, docs, systemd units, scripts).

What I changed

• Added:
  • scripts/link_opt_to_repo.sh — backs up existing files and creates symlinks from /opt/azazel/config/* to the repository deploy/ files (auto-includes files under deploy/).
  • scripts/prevent_installer_overwrite.sh — helper to detect repo-managed symlinked config files.
  • systemd/link-opt.service — oneshot systemd unit to run the linking script at boot (enabled).
• Updated:
  • scripts/install_azazel_complete.sh — integrated overwrite guard for /etc/docker/daemon.json.
  • scripts/install_suricata_env.sh.deprecated — same guard integrated.
  • deploy/docker-compose.yml — removed obsolete top-level version: key.
• Committed additional previously unstaged workspace edits (menus, docs, deploy configs, systemd units, sanity scripts).

Why

• Centralizing configuration in the repository reduces configuration drift and makes changes applied immediately to runtime locations.
• Preventing installers from blindly overwriting files that are managed by the repo avoids accidental breaks (for example, the runc entry that previously caused dockerd to fail).
• Running the linking step at boot removes manual steps after updates or reboots.

Testing performed

• Verified Docker daemon starts after fixing /etc/docker/daemon.json (backup created).
• Confirmed iptables/DOCKER chains present and that docker-compose can create the network.
• Executed scripts/link_opt_to_repo.sh and confirmed symlinks created in /opt/azazel/config with backups in /opt/azazel/config/*.bak.*.
• Enabled and ran link-opt.service and confirmed it exits successfully.
• Performed docker-compose up -d from repository deploy/ (resolved name conflicts by removing existing containers) and verified containers started.

Migration / rollback notes

• Backups of overwritten files are stored as /opt/azazel/config/<name>.bak.<timestamp>. Restore by moving the backup back into place and disabling link-opt.service if needed.
• If you prefer not to run repo-managed files from /opt, do not enable link-opt.service and restore backups.
• Installer scripts now skip writing daemon.json if it is symlinked to the repo; if you want the installer to override, remove the symlink before running.

Files changed (high level)

• Added: scripts/link_opt_to_repo.sh, scripts/prevent_installer_overwrite.sh, systemd/link-opt.service
• Modified: scripts/install_azazel_complete.sh, scripts/install_suricata_env.sh.deprecated, deploy/docker-compose.yml
• Also committed other workspace updates (menus, docs, deploy configs, etc.) in a separate commit on this branch.

Notes / follow-ups

• Consider CI to validate config changes before applying to runtime.
• Optionally extend link_opt_to_repo.sh to support more directories or to perform safe rsync-style updates for larger config sets.
• If you want, I can open the PR on GitHub and use this description as the PR body.