From e78a33bd489b4169c77a0390fc0b3f0a1c084f71 Mon Sep 17 00:00:00 2001
From: Fabrice Bellamy <12b@distrilab.fr>
Date: Thu, 19 Dec 2024 18:30:31 +0100
Subject: [PATCH] update readme

---
 README.md | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index cc36374..d6426bb 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,8 @@ These configurations can import shared modules stored in the modules directory
 ```
 ├── modules
 │   ├── nixin.nix
-│   └── users.nix
+│   ├── users.nix
+│   └── wireguard-client.nix
 ```
 
 The file `nixpkgs.json` contains the revision of nixpkgs to use. See the tips section for how to update it  
@@ -27,7 +28,15 @@ The servers mush be accessible with ssh as `root` or as a user with passwordless
 
 Secrets are stored in a sub directory of a separate git repository, managed with [passwordstore](https://www.passwordstore.org/)  
 This directory must available at ` ~/.password-store/nixin-password-store/krops`. (This is also defined in `krops.nix`)  
-When building the configuration on the server, the secrets files are decrypted and copied to the /var/srv/secret directory
+When building the configuration on the server, the secrets files are decrypted and copied to server into the /var/srv/secret directory
+Referencing a secret file path in the configuration is done like this :  
+```nix
+privateKeyFile = toString <secrets/wg-private.key>;
+```
+If instead the content of the file needs to be substituted into the configuration it can be done like this :   
+```nix
+security.pki.certificates = [ (builtins.readFile toString <secrets/ca-bundle.crt>) ];
+```
 
 Sample `/var/src` on a server after configuration deployment : 
 ```sh