feat: switch from rage to age

[ryantm]

Why

• Someone said age works better with password protected keys, requiring entering the password less often.
• We switched to rage from age in https://github.com/ryantm/agenix/commit/07ce686870f52a7397164b755d721bc85f110aac because it was limiting recipients to 20. This was fixed https://github.com/FiloSottile/age/issues/139

What changed

• Switch from rage back to age (the reference implementation) in all the spots
• Update the docs to show how to switch back to Rage

[n8henrie]

I looked at the most recent Darwin failure and it looks like https://github.com/LnL7/nix-darwin/issues/149 -- I should be able to take a look later today (as I recall you don't have a Darwin system).

[n8henrie]

Sorry, I accidentally pushed to the wrong remote so reset to your last commit and force-pushed to revert.

[n8henrie]

I think the problem is that we're specifying this nix config in the cachix installer, then using the default nix config when installing nix-darwin (with sudo ... activate), and nix-darwin is noticing that it would be clobbering that config and refusing (actually is a little more sophisticated, it validates the context with known default configs from common nix installation methods: https://github.com/LnL7/nix-darwin/blob/4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d/modules/nix/default.nix#L666).

One possible fix would be to specify any necessary system-wide nix settings as part of the nix-darwin module and just rm /etc/nix/nix.conf prior to the activate command, which should then succeed at installing its own config.

Alternatively, I suppose we could:

1. mv /etc/nix/nix.conf{,.bak}
2. activate
3. mv /etc/nix/nix.conf{.bak,}
4. restart the nix daemon

[n8henrie]

https://github.com/LnL7/nix-darwin/issues/149

[n8henrie]

@ryantm that seems to do the trick. Let me know what you think.