Secrets are managed using sops + age.
This repo expects an encrypted file: secrets/secrets.yaml
It should contain:
On a target server you also need: /var/lib/sops-nix/key.txt (age private key)
