feat(secrets): Migration from agenix to sops-nix + secrets in private repo

[NovaViper]

Going back to sops-nix since it finally has yubikey support via age plugins! Also in the process, I plan on moving all secrets from this repo into a private one (based EmergentMind's nix-secrets template).
It shouldn't be that difficult but I anticipate a few issues:

• If sops-nix actually properly supports the age plugins I took the changes that @brianmcgee made in his initial PR and updated the PR to the latest version of sops-nix aswell as variable conflict bugs. These modifications have been incorporated into the new PR
• Can I make sure nix-secrets gets decrypted via git-crypt before evaluation as the nix-secrets flake is cloned? This is necessary for the evaluation secrets This is impossible from what I was told on the NixOS Discord server
• Will this require some more bootstrapping for the iso/dev shell for the main repo? 👀

A few things I learned between #6 and this PR

• Agenix-rekey would've worked perfectly with the agenix implementation however I later found out with the way agenix functions, you'd have to create a git-submodule inside the repo.. which causes a slew of other issues
• Again, git-crypt with multiple keys/rekeying is extremely annoying since it literally doesn't support it currently

Goal Checklist:

• Disable all references to agenix
• Move agenix secrets over into sops
• Remove git-crypt
• Create nix-secrets repo
• Merge documentation and tooling changes made in second PR over into this one
  Stretch Goals:
• Switch back to authinfo for Emacs
• Rotate gpg keys

[NovaViper]

I can get sops the package itself to work.. but sops-nix actually uses a custom Go package for installing secrets 😬 So this may actually be impossible to get working with sops (at least until I can figure out a different way of bridging it or until sops-nix itself gets support)

[NovaViper]

Finally got it working but the devshell fails to initialize with this error

direnv: loading ~/Documents/NixConfig/.envrc
direnv: using flake
error:
       … while calling the 'derivationStrict' builtin
         at <nix/derivation-internal.nix>:37:12:
           36|
           37|   strict = derivationStrict drvAttrs;
             |            ^
           38|

       … while evaluating derivation 'nix-shell'
         whose name attribute is located at /nix/store/lfi38xy85xji8vmfjkqrq6lpy4g0sai2-source/pkgs/stdenv/generic/make-derivation.nix:438:13

       … while evaluating attribute 'nativeBuildInputs' of derivation 'nix-shell'
         at /nix/store/lfi38xy85xji8vmfjkqrq6lpy4g0sai2-source/pkgs/stdenv/generic/make-derivation.nix:490:13:
          489|             depsBuildBuild = elemAt (elemAt dependencies 0) 0;
          490|             nativeBuildInputs = elemAt (elemAt dependencies 0) 1;
             |             ^
          491|             depsBuildTarget = elemAt (elemAt dependencies 0) 2;

       (stack trace truncated; use '--show-trace' to show the full, detailed trace)

       error: infinite recursion encountered
       at /nix/store/2ryxcg9kzlm2xbvcvg19mwhpsczlr68z-source/pkgs/sops/default.nix:4:4:
            3|     fetchFromGitHub,
            4| }: sops.overrideAttrs {
             |    ^
            5|

Also I need to remember to change all of the path links to the secrets to nix-secrets

[NovaViper]

Another horrific discovery, the PR Im basing off of doesn't have the needed changes on the home-manager module 😭

[NovaViper]

I'm moving on to implementing agenix-rekey in addition to moving the secrets to nix-secrets

[NovaViper]

I decided to come back to this. I actually got the age support added into the home-manager (and even nix-darwin) modules of sops-nix!

[NovaViper]

Got the main chunks of the sops-nix migration done, so now just carrying over the other smaller changes from the second PR

[NovaViper]

Think I'm just about satisfied with the changes, will go ahead and merge ❤️

[NovaViper]

Oops I merged it wrong 😭