feat: implement repository-wide secrets

modules/core/default.nix

@@ -77,12 +77,6 @@ in {
 
   users.mutableUsers = false;
 
-  # Setup to use Secrets
-  rekey.forceRekeyOnSystem = "x86_64-linux";
-  rekey.hostPubkey = ../../secrets/pubkeys + "/${config.networking.hostName}.pub";
-  rekey.masterIdentities = [../../secrets/yk1-nix-rage.pub];
-  rekey.extraEncryptionPubkeys = [../../secrets/backup.pub];
-
   home-manager = {
     useGlobalPkgs = true;
     useUserPackages = true;

modules/core/nix.nix

@@ -1,4 +1,4 @@
-{
+{pkgs, ...}: {
   nix = {
     settings = {
       auto-optimise-store = true;
@@ -23,6 +23,8 @@
       builders-use-substitutes = true
       experimental-features = nix-command flakes recursive-nix
       flake-registry = /etc/nix/registry.json
+      plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
+      extra-builtins-file = ${../../nix/extra-builtins.nix}
     '';
     optimise.automatic = true;
     gc.automatic = true;