diff --git a/README.org b/README.org
index fe13b45..dd8a472 100644
--- a/README.org
+++ b/README.org
@@ -1,7 +1,7 @@
 * Setup
 ** Dependencies
-- terraform
-- docker
+- [[https://developer.hashicorp.com/terraform/install][terraform]]
+- [[https://www.docker.com/][docker]]
 - bash
 
 ** Configuration
diff --git a/config/apps.config.tmpl b/config/apps.config.tmpl
index a074e9b..c215616 100644
--- a/config/apps.config.tmpl
+++ b/config/apps.config.tmpl
@@ -1,12 +1,12 @@
-ROOT_DOMAIN=example.com
-APP_CONFIGS="nextcloud,nextcloud wg-easy,wg-easy"
-NEXTCLOUD_ADMIN_USER=admin
-NEXTCLOUD_ADMIN_PASSWORD=
-NEXTCLOUD_POSTGRES_DB=nextcloud
-NEXTCLOUD_POSTGRES_USER=nextcloud
-NEXTCLOUD_POSTGRES_PASSWORD=
-NEXTCLOUD_REDIS_PASSWORD=
-BACKBLAZE_KEY_ID=
-BACKBLAZE_APPLICATION_KEY=
-BACKBLAZE_BUCKET_URL=
-RESTIC_PASSWORD=
\ No newline at end of file
+ROOT_DOMAIN=  # example.com :: the root of the domain that all apps should be subdomains of
+APP_CONFIGS="nextcloud,nextcloud wg-easy,wg-easy" # apps to deploy and their corresponding sub-domain (app,sub-domain)
+NEXTCLOUD_ADMIN_USER=admin # admin user for nextcloud, can be whatever you want
+NEXTCLOUD_ADMIN_PASSWORD=  # the password for the nextcloud admin user
+NEXTCLOUD_POSTGRES_DB=nextcloud # recommended to leave as 'nextcloud'. The postgres db nextcloud uses
+NEXTCLOUD_POSTGRES_USER=nextcloud # recommended to leave as 'nextcloud'. The postgres user nextcloud uses
+NEXTCLOUD_POSTGRES_PASSWORD= # should be a secure, randomly generated, postgres compatible password, stored in the config so it isn't lost on re-deployment but otherwise unneeded
+NEXTCLOUD_REDIS_PASSWORD= # should be a secure, randomly generated, redis compatible password, stored in the config so it isn't lost on re-deployment but otherwise unneeded
+BACKBLAZE_KEY_ID= # the key ID for a application key created on backblaze that has permissions for the bucket in BACKBLAZE_BUCKET_URL
+BACKBLAZE_APPLICATION_KEY= # the application key for the application key created on backblaze
+BACKBLAZE_BUCKET_URL= # the full URL for the backblaze bucket, found on the backblaze UI for the bucket
+RESTIC_PASSWORD= # should be a secure, randomly generated, restic compatible password. Used for making encrypted backups of the application data
\ No newline at end of file
diff --git a/config/production.tfvars.tmpl b/config/production.tfvars.tmpl
index 7a9a4d1..3571527 100644
--- a/config/production.tfvars.tmpl
+++ b/config/production.tfvars.tmpl
@@ -1,12 +1,12 @@
-server_type = "s-2vcpu-2gb"
+server_type = "s-2vcpu-2gb" # the digital ocean server type to deploy
 
 do_token = "" # token from "API" settings on DigitalOcean
 
-cloudflare_api_token = ""
-cloudflare_zone_id = ""
-cloudflare_account_id = ""
+cloudflare_api_token = "" # corresponding API token should allow modifying DNS settings for the Nassella configured domain
+cloudflare_zone_id = "" # corresponding zone ID for API token for the Nassella configured domain
+cloudflare_account_id = "" # corresponding account ID for API token
 
-cluster_name           = "mycluster"
-datacenter             = "sfo3"
-ssh_keys               = [""] # paste contents of id_rsa.pub
-flatcar_stable_version = "4230.2.1"
+cluster_name           = "mycluster" # currently only used as the name of the machine on DigitalOcean
+datacenter             = "sfo3" # datacenter to deploy the droplet to
+ssh_keys               = [""] # unused
+flatcar_stable_version = "4230.2.1" # (source <(curl -sSfL https://stable.release.flatcar-linux.net/amd64-usr/current/version.txt); echo "${FLATCAR_VERSION_ID}")