# Node01 Secrets Directory

This directory contains TLS certificates and cluster configuration for node01.

## Files

### Required (to be populated by S3 - TLS Certificate Generation)

- `ca.crt` - Certificate Authority certificate (shared across all nodes)
- `node01.crt` - Node01 TLS certificate
- `node01.key` - Node01 TLS private key (permissions: 0400)

### Already Present

- `cluster-config.json` - Cluster configuration for Raft bootstrap

## Permissions

After copying certificates:

```bash
chmod 644 ca.crt
chmod 644 node01.crt
chmod 400 node01.key
chown root:root *
```

## Provisioning

These files will be deployed to `/etc/nixos/secrets/` during nixos-anywhere provisioning (S5).