diff --git a/README.md b/README.md
index 8a345f8..abe1c0c 100644
--- a/README.md
+++ b/README.md
@@ -5,11 +5,30 @@ hosting hruday.me via terraform
 ---
 
 
-Add `dotenv` to .envrc after other nix stuff, and store keys in .env, which is fine for a testing project.
+~~Add `dotenv` to .envrc after other nix stuff, and store keys in .env, which is fine for a testing project.~~
+
+Don't add dotenv.
+Workflow is to just use the `dev` branch or anything else, then only actually deploy via PR to `master`.
+PR to master is a great deployment strategy, no notes.
+
+Currently manages hruday.me and deepakmallubhotla.com, creating buckets which match the domain names.
+The content of the sites are managed externally, in their own repos which deploy by uploading to the S3 bucket created here.
+
+## adding a domain
+
+Not an ideal process, so we should improve.
+
+1. Acquire domain name, manually atm.
+2. let Cloudflare manage DNS by setting nameservers (following the wizard in cf works with no DNS records required before we get here!) etc., also manual
+3. Add domain name to relevant Gitea variable, should be easy.
+4. Bucket will be created, empty. If you want an easy start you can manually upload to the bucket.
+5. Deploy with whatever method you want, can include a build process or anything else. Follow hruday.me as a guide maybe
+
 
 
 ## Todos
-- [ ] better secrets management
+- [x] better secrets management
 - [x] ci
-- [ ] test ci permissions with a real terraform apply (not in ci)
+- [x] test ci permissions with a real terraform apply (not in ci)
 - [ ] can we make a lower-weight runner? ubuntu-latest is heavy and still requires ~1m for providers
+- [ ] For new domain should provide a default set of content in the bucket? or does that cost more for the extra creates, for a local project we may not care
diff --git a/variables.tf b/variables.tf
index 104a327..9c590d5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,7 +4,7 @@ variable "aws_region" {
 }
 
 variable "site_domains" {
-  type        = list(any)
+  type        = list(string)
   description = "The domain name of these sites, which will be mapped over"
 }