diff --git a/README.org b/README.org
new file mode 100644
index 0000000..70ed757
--- /dev/null
+++ b/README.org
@@ -0,0 +1,78 @@
+#+title: README
+#+author: Evie Litherland-Smith
+#+email: evie@xenia.me.uk
+Nix home-manager configuration files.
+
+Can be used on any Linux-based system if the package manager [[https://nixos.org/][nix]] is
+installed, but works best with [[https://git.xenia.me.uk/pixelifytica/nixos.git][a NixOS system]].
+
+* Password store setup
+** Transfer GPG key(s)
+#+begin_src bash
+  # Export keys on existing machine
+  gpg -a --export > publickeys.asc
+  gpg -a --export-secret-keys > privatekeys.asc
+  # Import key on new machine
+  gpg --import privatekeys.asc
+  gpg --import publickeys.asc
+  # Edit (for each key) to set trust
+  gpg --edit-key evie@xenia.me.uk
+#+end_src
+** Clone password-store repository
+#+begin_src bash
+  git -c credential.helper='' clone https://git.xenia.me.uk/pixelifytica/pass $PASSWORD_STORE_DIR
+#+end_src
+* Email setup
+** Proton
+*** Bridge
+Run src_bash{protonmail-setup-bridge} to automate this process.
+
+Run bridge in CLI mode to login, wait for initial sync and get app password
+#+begin_src bash
+  nix run nixpkgs#protonmail-bridge -- -c
+  # Follow prompts to login and get password
+#+end_src
+
+Restart using ~swaymsg~:
+#+begin_src bash
+  nix shell nixpkgs#protonmail-bridge -c swaymsg exec "protonmail-bridge -n"
+#+end_src
+
+**** uidvalidity issue
++Remove uid lines from .mbsyncrc (in each mail directory) and delete .uidvalidity, re-run mbsync to fix+
+Above might be duplicating mail, faster to just delete local maildirs and let them re-sync.
+
+*** Password
+Get password from ~protonmail-bridge~, save to ~password-store~:
+#+begin_src bash
+  pass insert mbsync/$(hostname)/proton
+  # Insert pass at prompt
+#+end_src
+** iCloud
+*** Password
+If not already done, save password to ~password-store~:
+#+begin_src bash
+  pass insert mbsync/$(hostname)/icloud
+  # Insert pass at prompt
+#+end_src
+This will be synced across devices so only needs doing once
+** Outlook
+*** Password
+If not already done, save password to ~password-store~:
+#+begin_src bash
+  pass insert mbsync/$(hostname)/outlook
+  # Insert pass at prompt
+#+end_src
+This will be synced across devices so only needs doing once
+*** Configuration
+Run src_bash{davmail-setup} to automate this process.
+
+On first run (or if token expires), stop systemd service and run manually to complete manual auth. Token will stay valid for a little while (no idea how long specifically).
+#+begin_src bash
+  # Restart service to ensure ~/.davmail.properties exists
+  systemctl --user restart davmail.service
+  # Run to use manual authentication
+  systemctl --user stop davmail.service && davmail -notray ~/.davmail.properties
+  # Restart again so that service picks up available ports
+  systemctl --user restart davmail.service
+#+end_src