Rules now read from AGENIX_RULES/agenix-rules.nix

[giorgiga]

As discussed in #204, this switches from $RULES/secrets.nix to $AGENIX_RULES/agenix-rules.nix.

[giorgiga]

I didn't add integration tests or update the existing ones, because I don't fully understand how they work... @ryantm, can you provide some guidance?

I run the tests interactively and saw that /tmp is setup with secrets and a rules file, but grep -r secrets.nix test/ prints nothing and I don't get how the test environment is setup.

(also, I just realised I've missed a bunch of references to secrets.nix - will fix that later) done

[giorgiga]

It just occurred to me that I didn't mention I introduced another change besides changing RULES to AGENIX_RULES and secrets.nix to agenix-rules.nix: instead of just looking for agenix-rules.nix in the current directory, with this PR agenix also looks for the rules file in parents directories.

This is is implemented using readlink -f, which works with GNU readlink, busybox and whatever readlink macos currently uses, but does not work in macos prior to 12.3 (Monterey, released in 2021) and could possibly still not work in some BSD (I don't have BSDs at hand to check - I did find -f in the openBSD manpage for readlink however).

...and of course dirname "$cwd" is more straightforward and less problematic (ie: better™) than readlink -f "$cwd/.."... IDK why it didn't occur to me at the time :) I'm udating the PR again

[giorgiga]

@ryantm this PR is intended to be ready for review - please instruct me if I'm missing something (let me be clear: it's no problem if the PR just stuck in the review queue and I don't intend to be pressuring anyone, I just wanna make sure I've submitted this properly)