Replace agenix with sops-nix

flake-parts/scripts/bootstrap.sh

@@ -34,13 +34,14 @@ cleanup() {
 trap cleanup EXIT
 
 # Create directory where age key will go.
-# Nixos-anwhere creates a kind of overlay and retains this structure on the final file system.
-mkdir "$temp/etc"
+# Nixos-anywhere creates a kind of overlay and retains this structure on the final file system.
+mkdir -p "$temp/root/.config/sops/age"
 
-secret-tool lookup age-identity "$servername" > "$temp/etc/age_ed25519"
+# Extract and copy server's age key.
+sops -d --extract "[\"${servername}\"]" secrets/serverKeys.yaml > "$temp/root/.config/sops/age/keys.txt"
 
 # Set the correct permissions
-chmod 600 "$temp/etc/age_ed25519"
+chmod 600 "$temp/root/.config/sops/age/keys.txt"
 
 # Install NixOS to the host system with our age identity
 nixos-anywhere --extra-files "$temp" --flake ".#${servername}" "root@${hostname}"

flake-parts/scripts/default.nix

@@ -16,7 +16,7 @@ in
 {
   packages.bootstrap = createScript {
     name = "bootstrap";
-    runtimeInputs = with pkgs; [ libsecret coreutils nixos-anywhere ];
+    runtimeInputs = with pkgs; [ sops coreutils nixos-anywhere ];
     scriptPath = ./bootstrap.sh;
   };