feat: migrate to agenix for secret management

flake.nix

@@ -10,7 +10,8 @@
     mymx.url = "git+https://git.extremist.software/jet/mymx";
     mymx.inputs.nixpkgs.follows = "nixpkgs";
 
-
+    agenix.url = "github:ryantm/agenix";
+    agenix.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs = { self, nixpkgs, disko, ... }@inputs: {
@@ -20,6 +21,7 @@
       modules = [
         disko.nixosModules.disko
         inputs.mymx.nixosModules.default
+        inputs.agenix.nixosModules.default
 
         ./disk-config.nix
         ./configuration.nix
@@ -29,11 +31,12 @@
     devShells.x86_64-linux.default = let
       pkgs = nixpkgs.legacyPackages.x86_64-linux;
       deploy = pkgs.writeShellScriptBin "nhs" ''
-        nh os switch --hostname extremist-software --target-host root@extremist-software --impure path:. "$@"
+        nh os switch --hostname extremist-software --target-host root@extremist-software path:. "$@"
       '';
     in pkgs.mkShell {
-      packages = [ 
-        pkgs.nh 
+      packages = [
+        pkgs.nh
+        inputs.agenix.packages.x86_64-linux.default
         deploy
       ];
     };