feat: try rework

system/sops.nix

@@ -0,0 +1,14 @@
+{ lib, ... }:
+
+let
+  secretData = import ../intermediate/secrets.nix;
+in
+{
+  sops = {
+    age.keyFile = "/var/lib/sops-nix/key.txt";
+    secrets = secretData.byName;
+  };
+
+  warnings = lib.optional (secretData.missing != [])
+    "Some SOPS source files are missing or not yet encrypted; no runtime secrets will be provisioned for: ${builtins.concatStringsSep ", " (map (item: builtins.concatStringsSep "_" item.path) secretData.missing)}";
+}