sops: initialize age_plugins early

This avoids re-initializing the Flake object deep in the tree, which in turn leads to issue when overriding the Flake for testing, eg the URl would reset.

pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py

@@ -7,7 +7,7 @@ from clan_lib.ssh.remote import Remote
 from clan_cli.secrets.folders import sops_secrets_folder
 from clan_cli.secrets.machines import add_machine, has_machine
 from clan_cli.secrets.secrets import decrypt_secret, encrypt_secret, has_secret
-from clan_cli.secrets.sops import generate_private_key
+from clan_cli.secrets.sops import generate_private_key, load_age_plugins
 
 from . import SecretStoreBase
 
@@ -32,6 +32,7 @@ class SecretStore(SecretStoreBase):
             / f"{self.machine.name}-age.key",
             priv_key,
             add_groups=self.machine.deployment["sops"]["defaultGroups"],
+            age_plugins=load_age_plugins(self.machine.flake),
         )
         add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)
 
@@ -47,13 +48,14 @@ class SecretStore(SecretStoreBase):
             value,
             add_machines=[self.machine.name],
             add_groups=groups,
+            age_plugins=load_age_plugins(self.machine.flake),
         )
         return path
 
     def get(self, service: str, name: str) -> bytes:
         return decrypt_secret(
-            self.machine.flake_dir,
             sops_secrets_folder(self.machine.flake_dir) / f"{self.machine.name}-{name}",
+            age_plugins=load_age_plugins(self.machine.flake),
         ).encode("utf-8")
 
     def exists(self, service: str, name: str) -> bool: