secrets.nix: note down what happends

secrets.nix

@@ -1,3 +1,20 @@
+/*
+  Because I'm way too lazy I'm automatically generating the secret files config.
+  Secrets can be found below
+    hosts/${hostname}/secrets/*.age
+
+  Pubkeys can be found for the specific host below
+    hosts/${hostname}/ssh.pub
+  The users have their keys below
+    users/${username}/ssh.pub
+
+  Secrets get encrypted for the host they are in and the users specified.
+
+  Every host with a secrets directory has an entry for a secret called "new".
+  This exist to overcome the chicken and egg problem.
+  Create a secret with them name new in the specific secrets directory and rename it afterwards with the suffix .age.
+*/
+
 let
   pubkeysFor = directory: let
     instances = builtins.attrNames (builtins.readDir directory);