readme: add actual content

README.md

@@ -1 +1,47 @@
-# NixOS configurations of the FabLab Bad Windsheim
+# Nix Gscheits
+
+NixOS configurations of the FabLab Bad Windsheim
+
+## General
+
+This project uses Nix Flakes
+which currently are only available in unstable Nix.
+
+To make the project more accessible to users of stable nix,
+a compatibility layer is provided.
+If you use [direnv](https://direnv.net/),
+a wrapper for unstable nix should transparently be added to the shell.
+This might only work if you are a [trusted user](https://nixos.org/manual/nix/stable/#conf-trusted-users).
+
+Secrets for NixOS machines are managed with sops using [sops-nix](https://github.com/Mic92/sops-nix).
+The gpg keys are stored in `keys`
+and a flake app is provided for conveniently displaying the fingerprint of a stored key:
+`nix run .#showKeyFingerprint machines/raven`
+
+### Directory structure
+
+ * `machines`: NixOS configurations for machines.
+ * `modules`: Modules that either alter default values
+   or add modules that can be enabled via options.
+ * `pkgs`: nixpkgs overlay for packages not in nixpkgs.
+
+## Deployment
+
+The deployment uses [krops](https://github.com/krebs/krops)
+(more precisely [Mic92’s fork with flake support](https://github.com/Mic92/krops)).
+
+If your public key is installed for root on the target system,
+deploying is as easy as `nix run .#deploy/hostname`.
+
+Building a configuration locally is possible by running `nixos-rebuild build --flake .#HOSTNAME`
+or on systems with stable Nix (using the compatibility wrapper) `nix build .#nixosConfigurations.HOSTNAME.config.system.build.toplevel`.
+
+## License
+
+This project is licensed under the MIT license.
+For details, please see the [COPYING](./COPYING) file.
+
+Note: The MIT license does not apply to the built packages or system closures,
+only to the source files in this repository.
+It also might not apply to patches included in this repository,
+which may be derivative works.