Update the readme

readme.md

@@ -58,7 +58,13 @@ I use sops with age to encrypt keys etc in git.
 Before pushing encrypted keys up, we'll need to re-encrypt them with a new key.  
 From a shell with sops and age installed, and an already known key under `$HOME/.config/sops/age/keys.txt` (or `%AppData%\sops\age\keys.txt`), create a new key in this repo `age-keygen -o age.agekey`.
 
-Add that new public key to the `.sops.yaml`, and push the secret key to the cluster with:
+Add that new public key to the `.sops.yaml`
+
+In fish you can updatekeys in every secret (can just change to the bash equivalent if using bash)  
+`for file in $(grep --include="*.yaml" -lr "sops:"); sops updatekeys -y $file; end`
+
+Then push the secret key to the cluster with:
+(This will need to be done after the initial flux bootstrap to get the namespace created, bt the keys should be updated first)
 
 ```sh
 cat age.agekey |
@@ -68,10 +74,6 @@ kubectl create secret generic sops-age \
 ```
 
 Delete age.agekey after sending it to the cluster.  
-Then update the encryption with `sops updatekeys -y apps/gluetun/secret.yaml`.
-
-In fish you can updatekeys in every secret (can just change to the bash equivalent if using bash)  
-`for file in $(grep --include="*.yaml" -lr "sops:"); sops updatekeys -y $file; end`
 
 ### Using sops
 
@@ -90,6 +92,11 @@ Install flux and everything in this repo with the following:
 
 - `flux bootstrap git --private-key-file=/config/.ssh/gitea --url ssh://git@gitea.home.joemonk.co.uk:2222/joe/gitops.git --branch main --path=clusters/kairos`
 
+### Reconcile
+
+If changes aren't being brought across correctly (maybe the sops key has been updated after the flux bootstrap...), force a reconciliation with `flux reconcile source git flux-system`  
+TODO - I don't actually know if this works, or it's just a timed thing that coincides
+
 ## DNS
 
 We need to point a dns server to the server so we can access things via hostname rather than needing complex routing.