Grammar

README.md

@@ -72,6 +72,7 @@ id\_rsa\_operator_pub is baked into the image generated by Packer (see `nixos/ni
 ### NixOS
 #### Building NixOS Images (Snapshots) with Packer
 The `nixos` target in the `Makefile` wraps around the execution of Packer to build a NixOS image from the default Ubuntu 20.04 image provider by Hetzner Cloud.
+The `nixos` target in the `Makefile` wraps around the execution of Packer to build a NixOS image from the default Ubuntu 20.04 image provided by Hetzner Cloud.
 Two arguments may be supplied, `VERSION=` to specify the desired NixOS release (see [NixOS Release Notes](https://nixos.org/manual/nixos/stable/release-notes.html)) and `BUILD=` with which you can track versions of the images that have been created.
 
 Example:
@@ -159,6 +160,7 @@ The following sections assume the environment to be called 'production'.
 
 #### Configure Environment in `config.json` and `secrets.json`
 Set the environment name and desired NixOS image/snapshot ID in `config.json`:
+Set the environment name, domain names and desired NixOS image/snapshot ID in `config.json`:
 ```json
 {
   "terraform_packer_environment": "production"
@@ -240,8 +242,8 @@ $ journalctl -u hetzner-certbot
 You can access Vault on port 9443 via any hostname behind the load balancer [https://guidelines.ch:9443/](https://guidelines.ch:9443/).
 As a first step, you will need to create a master key (set) which is used to unseal Vault on each startup.
 To use just one master key, initialize Vault with "Key shares" and "Key threshold" both set to "1".
-The "initial root token" is used to authenticate as an administrator with the Vault API or web UI
-The "key" is used to unseal Vault upon startup.
+The "initial root token" is used to authenticate as an administrator with the Vault API or web UI.
+The "key" is used to unseal Vault in case it has been sealed (manually or due to a restart).
 You can now set up the key-value based secret engine which is supported by the [settings](https://gitlab.com/infektcommon/settings) package.
 Be sure to use V2 of the KV engine.
 See the [Vault documentation](https://www.vaultproject.io/docs).
@@ -257,7 +259,7 @@ Key (will be hidden):
 
 ##### Unseal Vault Automatically on Startup
 You can manually write the created master key to `/mnt/data/vault-root-token`.
-If this file exists and contains a valid master key, it Vault will be unsealed automatically.
+If this file exists and contains a valid master key, Vault will be unsealed automatically on startup.
 
 #### Configuring Elasticsearch
 Kibana can be accessed on port 8443 via any hostname behind the load balancer [https://guidelines.ch:8443/](https://guidelines.ch:9443/).

deploymentagent/README.md

@@ -55,7 +55,7 @@ make clean
    }
 ]
 ```
-If the same app is specified multiple times, the last entry in the list take precedence.
+If the same app is specified multiple times, the last entry in the list takes precedence.
 
 ### Deployment state
 
@@ -143,7 +143,7 @@ curl -u'testuser:testpass' -i -XPOST localhost:8080/deploy -d '[{"app":"alpine",
     "DeploymentSpec": [
       {
         "app": "alpine",
-        "version": "latst"
+        "version": "latest"
       },
       {
         "app": "alpine",