update readme

README.md

@@ -16,7 +16,8 @@ These configurations can import shared modules stored in the modules directory
 ```
 ├── modules
 │   ├── nixin.nix
-│   └── users.nix
+│   ├── users.nix
+│   └── wireguard-client.nix
 ```
 
 The file `nixpkgs.json` contains the revision of nixpkgs to use. See the tips section for how to update it  
@@ -27,7 +28,15 @@ The servers mush be accessible with ssh as `root` or as a user with passwordless
 
 Secrets are stored in a sub directory of a separate git repository, managed with [passwordstore](https://www.passwordstore.org/)  
 This directory must available at ` ~/.password-store/nixin-password-store/krops`. (This is also defined in `krops.nix`)  
-When building the configuration on the server, the secrets files are decrypted and copied to the /var/srv/secret directory
+When building the configuration on the server, the secrets files are decrypted and copied to server into the /var/srv/secret directory
+Referencing a secret file path in the configuration is done like this :  
+```nix
+privateKeyFile = toString <secrets/wg-private.key>;
+```
+If instead the content of the file needs to be substituted into the configuration it can be done like this :   
+```nix
+security.pki.certificates = [ (builtins.readFile toString <secrets/ca-bundle.crt>) ];
+```
 
 Sample `/var/src` on a server after configuration deployment : 
 ```sh