nix-configs/secrets.md

how should the secret generation thingamajig work:

- read all systemd.service.$service.encrypedSecrets.NAME_OF_ENV_VAR
```nix
{
  systemd.services.meows.encrypedSecrets.MEOW = {
    random = true; # grenerates 64 chars of random data
    random = 20; # generates 20 chars of random data
  }; # if random not set, expect age file at hosts/$host/secrets/$serviceName-$NAME_OF_ENV_VAR.age
}
```