readme update

README.md

@@ -15,6 +15,8 @@
 - Multiple dev versions
 - Multiple config directories
 - Debugger must work
+- Observation - telegraf/promtail
+- Utility - portainer, watchtower
 
 ## Usage
 
@@ -36,3 +38,22 @@ Activated with `.devenv/state/venv/bin/activate`. Used in VSCode for type hints,
     - `python -m ipykernel install --user --name devenv --display-name "Python (devenv)"`
 - Run jupyter notebook on the side with a `uv run jupyter notebook` command
 - Use the link with the token to connect the jupyter notebook kernel to it
+
+## Mechanics
+
+### SSH Connection
+
+SSH keys are pre-authorized from `secrets/authorized_keys` which contains the public keys for desktop, laptop, and phone.
+
+### SOPS
+
+- `secrets/secrets.yaml` contains the encrypted keys.
+- There needs to be a `~/.config/sops/age/keys.txt` file with the age secret key. This file has to be manually placed.
+- `sops.yaml` indicates to SOPS that the yaml file is encrypted with that secret key.
+- `sops-ad` is a convenience script for editing the secrets.yaml file.
+
+## Setup
+
+`secrets/secrets.yaml` needs to have
+
+- `telegraf_influx_token`

scripts/default.nix

@@ -8,5 +8,6 @@
     '')
     (pkgs.writeShellScriptBin "ads" "nix develop --no-pure-eval $(readlink -f /etc/nixos)")
     (pkgs.writeShellScriptBin "link-nix" "${builtins.readFile ./link-nix.sh}")
+    (pkgs.writeShellScriptBin "sops-ad" "sops $(readlink -f /etc/nixos)/secrets/secrets.yaml")
   ];
 }