Add readme and cleanup a bit

3 files changed, 27 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..9204a23
--- /dev/null
+++ b/README.md
@@ -0,0 +1,27 @@
+# Deuxfleurs on NixOS!
+
+This repository contains code to run Deuxfleur's infrastructure on NixOS.
+
+It sets up the following:
+
+- A Wireguard mesh between all nodes
+- Consul, with TLS
+- Nomad, with TLS
+
+The following scripts are available here:
+
+- `genpki.sh`, a script to generate Consul and Nomad's TLS PKI (run this once only)
+- `deploy.sh`, the main script that updates the NixOS config and sets up all of the TLS secrets
+- `upgrade.sh`, a script to upgrade NixOS
+- `tlsproxy.sh`, a script that allows non-TLS access to the TLS-secured Consul and Nomad, by running a simple local proxy with socat
+- `tlsenv.sh`, a script to be sourced (`source tlsenv.sh`) that configures the correct environment variables to use the Nomad and Consul CLI tools with TLS
+
+Stuff should be started in this order:
+
+- `app/core`
+- `app/frontend`
+- `app/garage-staging`
+
+At this point, we are able to have a systemd service called `mountgarage` that mounts Garage buckets in `/mnt/garage-staging`. This is used by the following services that can be launched afterwards:
+
+- `app/im`
diff --git a/env.sh b/tlsenv.sh
index 8681e8c..8681e8c 100644
--- a/env.sh
+++ b/tlsenv.sh
diff --git a/sslproxy.sh b/tlsproxy.sh
index aa0006a..aa0006a 100755
--- a/sslproxy.sh
+++ b/tlsproxy.sh