From 7218ed9bceaa593eb0fa490b4e13089a998228b2 Mon Sep 17 00:00:00 2001
From: javalsai <jvssxxi@gmail.com>
Date: Mon, 4 May 2026 01:16:14 +0200
Subject: [PATCH] docs: add sections and fix typos/errors

---
 docs/GETTING_STARTED.md |  8 +++++++-
 docs/README.md          |  2 +-
 docs/SECRETS.md         | 12 +++++++++---
 docs/SETUP.md           |  8 +++++++-
 4 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md
index 98f97a6..645b300 100644
--- a/docs/GETTING_STARTED.md
+++ b/docs/GETTING_STARTED.md
@@ -16,13 +16,19 @@ To test the environment, you can launch a virtualized NixOS system derived from
 nix run '.#nixosConfigurations.<system>.config.system.build.vm'
 ```
 
-Here, `<system>` refers to the hostname of the system you want to test (e.g., tuxcord-ca).
+Here, `<system>` refers to the hostname of the system you want to test (e.g., tuxcord-test).
 
 Note that this will create a `qcow2` image file in the current directory. Nix will automatically manage changes to the configuration and update the image file accordingly while keeping part of its mutable state (e.g., root bash history).
 
 > [!WARNING]
 > Not all changes are applied automatically. Updates such as user passwords changes or modifications to the filesystem layout will require deleting the image file so that Nix can re-create it from scratch.
 
+# Access
+
+The initial password for the `root` account is `tuxcord`.
+
+SSH login is enabled for the configured user keys, if using the VM test configuration, yo will have to use the bridged IP.
+
 # Tooling
 
 Tooling used to aid in development.
diff --git a/docs/README.md b/docs/README.md
index a9bc2ec..eff8730 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -42,7 +42,7 @@ Host specific configuration can be found at `nixos/hosts/tuxcord-XX`. This is us
 
 To learn how to get started, refer to the [Getting Started guide](./GETTING_STARTED.md).
 
-The guide contains basic instructions as to how to use Nix for this repository, as well as tools to help in certain tasks, some of this tools might be assumed accross document resources.
+The guide contains basic instructions as to how to use Nix for this repository, as well as tools to help in certain tasks, some of this tools might be assumed across document resources.
 
 It might also be useful to read the [installation section](#installation) to learn how to configure your testing environment.
 
diff --git a/docs/SECRETS.md b/docs/SECRETS.md
index 3f515a2..9d098a3 100644
--- a/docs/SECRETS.md
+++ b/docs/SECRETS.md
@@ -6,14 +6,20 @@ Secrets are managed with `agenix` in the `agenix/` directory. This allows to dec
 
 The `agenix` help menu is already very helpful, but here you have a survival guide:
 
-- `agenix` commands should run relative to the `agenix/` direcotry.
+- `agenix` commands should run relative to the `agenix/` directory.
 - `agenix -d` allows you to descrypt such file if you possess any of the decryption keys.
 - `agenix -e` decrypts (if present) and opens the file in your editor to re-encrypt when exited.
 - `agenix -r` re-encypts `*.age` files in the case you ever change its decryption keys.
 
 # Secrets
 
-<!-- TODO: missing ntfy.sh secret docs -->
+There is a `ntfy.age` secret file which contents look like:
+
+```sh
+NTFY_TOPIC=readable-name_XXXXXXXXXX
+```
+
+This secret file is meant to be sources by shells before using [ntfy.sh](<https://ntfy.sh/>) to push important notifications. This topic could contain sensitive information and must be kept secret amongst administrators.
 
 ## DNS TSIG Keys
 
@@ -24,5 +30,5 @@ These keys can be generated using `tsig-keygen <key-name>` (historically they we
 When DNS is enabled for a host, it will look for `dns/${fqdn}/${zone}.key` secrets.
 
 - The key whose zone matches the `${fqdn}` will be allowed to tramit updates for all the domain.
-- Keys restrained to a specific `${subdomain}` will only be allowed to edit records of such subdomain.
+- Keys restrained to a specific `${zone}` will only be allowed to edit records of such zone.
 - All keys must be named with the zone they affect, final dot included, so that (e.g. `tuxcord.net/javalsai.tuxcord.net.key` must be generated by `tsig-keygen javalsai.tuxcord.net.`).
diff --git a/docs/SETUP.md b/docs/SETUP.md
index ae9006e..c02a151 100644
--- a/docs/SETUP.md
+++ b/docs/SETUP.md
@@ -2,7 +2,13 @@
 
 The first configuration of the server needs some configuration of its mutable state:
 
-Setup also heavily relies on the secrets configured, make sure you [undestand agenix](./SECRETS.md) good enough.
+Setup also heavily relies on the secrets configured, make sure you [understand agenix](./SECRETS.md) good enough.
+
+# Root Password
+
+The `root` password is `tuxcord` by default on all system configurations. For security, it's important to remember to change it as soon as an installation is done.
+
+The root account is intended to be kept active in case there ever is the need to perform a TTY login. But this will be rare so do keep a security complex password saved somewhere and don't share it beyond the necessary amount.
 
 # SSH Keys