feat: configure age plugins for SOPS in buildClan

lib/build-clan/interface.nix

@@ -108,6 +108,14 @@ in
       default = { };
     };
 
+    secrets = lib.mkOption {
+      type = types.submodule { imports = [ ./secrets/interface.nix ]; };
+      description = ''
+        Secrets related options such as AGE plugins required to encrypt/decrypt secrets using the CLI.
+      '';
+      default = { };
+    };
+
     pkgsForSystem = lib.mkOption {
       type = types.functionTo (types.nullOr types.attrs);
       default = _system: null;
@@ -165,6 +173,7 @@ in
           clanModules = lib.mkOption { type = lib.types.raw; };
           source = lib.mkOption { type = lib.types.raw; };
           meta = lib.mkOption { type = lib.types.raw; };
+          secrets = lib.mkOption { type = lib.types.raw; };
           clanLib = lib.mkOption { type = lib.types.raw; };
           all-machines-json = lib.mkOption { type = lib.types.raw; };
           machines = lib.mkOption { type = lib.types.raw; };

lib/build-clan/module.nix

@@ -219,6 +219,7 @@ in
     templates = config.templates;
     inventory = config.inventory;
     meta = config.inventory.meta;
+    secrets = config.secrets;
 
     source = "${clan-core}";
 

lib/build-clan/secrets/interface.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  ...
+}:
+let
+  inherit (lib) types;
+in
+{
+  options = {
+    age.plugins = lib.mkOption {
+      type = types.listOf (types.strMatching "age-plugin-.*");
+      default = [ ];
+      description = ''
+        A list of age plugins which must be available in the shell when encrypting and decrypting secrets.
+      '';
+    };
+  };
+}