feat(secrets)!: Replace sops with agenix-rekey
sops-nix is tending to be fairly complex for our use-cases, which adds
difficulty to deploying, maintaining our wrapper module, keeping
".env.bin" files, etc.
agenix-rekey is a lot simpler.
notable in this commit is the `// { outputPath = ...; }` hack in
flake.nix. This is needed due to snowfall-lib otherwise butchering paths
such that agenix-rekey is unable to show us what secrets exist with
`agenix edit`, etc... companion to that is the lib.snowfall.fs stuff in
the secrets/default.nix file
Change-Id: Id3e79cfc7d37a7b7de7b8cc42f7392c4d8bd07c5
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/801
Reviewed-by: Skyler Grey <minion@clicks.codes>
Tested-by: Skyler Grey <minion@clicks.codes>
diff --git a/secrets/keys/minion/iyubikey.pub b/secrets/keys/minion/iyubikey.pub
new file mode 100644
index 0000000..ec49feb
--- /dev/null
+++ b/secrets/keys/minion/iyubikey.pub
@@ -0,0 +1,7 @@
+# Serial: 24039462, Slot: 1
+# Name: MINION_iYUBIKEY
+# Created: Sun, 21 Jul 2024 12:57:17 +0000
+# PIN policy: Once (A PIN is required once per session, if set)
+# Touch policy: Always (A physical touch is required for every decryption)
+# Recipient: age1yubikey1qfczekkv6thu32q5fv272pmzca86rqf4pn4083h9qvfgytrmycquqz23c3d
+AGE-PLUGIN-YUBIKEY-1YMGXUQVZEHAJFXGQ57UKA