diff --git a/README.org b/README.org
index 7bd2568..67a8d8e 100644
--- a/README.org
+++ b/README.org
@@ -35,6 +35,9 @@ multi-instance, multi-user webapp that invokes the "base" as
 needed. The "base" can be run separately from the webapp. The webapp
 automatically generates the configs the "base" needs to run.
 
+The Makefile at the root of this source tree is the point of interface
+for everything and all commands are run via make.
+
 ** "Base" Terraform Layer
 
 The project is designed so that if you want to just manage a single
@@ -44,6 +47,43 @@ but also so that when developing the Terraform and Docker Compose
 setup it can be done and tested without needing to deal with the web
 app as well.
 
+The "base" layer is made up of the following: Flatcar Linux, Docker
+Compose, Terraform, and a Makefile with a set of BASH scripts.
+
+*** Flatcar Linux
+
+The deployed instance runs on Flatcar Linux. Flatcar is a "read only"
+Linux distribution designed to only run containers and nothing
+else. Flatcar is used because it provides a high-level of security and
+the OS itself auto-updates on a two-week schedule. Also, being "read
+only" it is much more difficult for an external attacker to attack and
+much harder for a user that does not know what they are doing to "mess
+up".
+
+*** Docker Compose
+
+Each individual supported web app (like NextCloud, Ghost, etc) runs
+via Docker and is configured via Docker Compose. (The docker compose
+files are all in the "all-apps" directory in this source tree).
+
+The Flatcar Linux config contains a systemd unit (service file) that
+runs "docker compose". The Makefile copies all selected apps' docker
+compose files from all-apps/ to app/. The systemd unit runs all the
+docker compose files in the app/ directory. (The app/ directory is
+what actually gets copied to the Flatcar linux install, not the
+all-apps/ directory.)
+
+The docker compose setup is specific and needs further documentation
+here (to cover things like the shared load-balancer network setup and
+how persistent storage is handled).
+
+*** Terraform
+
+Terraform is used to actually manage the deployed instances. Currently
+it is a static terraform config controlled only via terraform
+variables (see config/production.tfvars.tmpl). The terraform commands
+are run via the Makefile.
+
 ** Webapp
 
 The webapp is used both to provide a more "user-friendly" interface