From 899b70fcfc2b442bd2e29e84ad7494dadc51f0eb Mon Sep 17 00:00:00 2001
From: Jet <jet@extremist.software>
Date: Mon, 16 Feb 2026 22:39:22 -0800
Subject: [PATCH] docs: improve readme with domains and key gen info

---
 README.md | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 391c84c..e490571 100644
--- a/README.md
+++ b/README.md
@@ -3,17 +3,20 @@
 nixos config for the hetzner vps.
 
 services:
-- forgejo (git)
-- stalwart (mail)
-- searx (search)
-- conduit (matrix)
-- minecraft (fabric + optimization mods)
+- forgejo (git.extremist.software)
+- stalwart (mail.extremist.software)
+- searx (search.extremist.software)
+- conduit (matrix.extremist.software)
+- minecraft (extremist.software)
 - caddy (reverse proxy)
-- grafana/prometheus (monitoring)
+- grafana/prometheus (status.extremist.software)
 
 deploy:
 `nix run github:nix-community/nixos-anywhere -- --flake .#extremist-software --impure root@<ip>`
 
 secrets:
-copy `secrets.nix.example` to `secrets.nix` and fill it in.
-repo uses impure build cause i dont want to manage encrypted secret files in git right now.
+1. copy `secrets.nix.example` to `secrets.nix`.
+2. fill in values (generate random keys for searx/tailscale).
+3. `tailscaleKey` must be a **reusable** key.
+
+repo uses `impure` build to load `secrets.nix` directly. no encrypted secrets in git.