feat(3p/agenix): update to 2022-05-16 and add to niv

The new version brings the new secretsDir setting which means we no
longer have to hardcode /run/agenix everywhere.

Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: sterni <sternenseemann@systemli.org>

users/grfn/bbbg/module.nix

@@ -64,7 +64,7 @@ in
         serviceConfig = {
           DynamicUser = true;
           Restart = "always";
-          EnvironmentFile = "/run/agenix/bbbg";
+          EnvironmentFile = config.age.secretsDir + "/bbbg";
         };
 
         environment = {
@@ -88,7 +88,7 @@ in
 
         serviceConfig = {
           Type = "oneshot";
-          EnvironmentFile = "/run/agenix/bbbg";
+          EnvironmentFile = config.age.secretsDir + "/bbbg";
         };
 
         environment = {

users/grfn/system/system/machines/mugwump.nix

@@ -153,7 +153,7 @@ with lib;
     zone = "gws.fyi";
     protocol = "cloudflare";
     username = "root@gws.fyi";
-    passwordFile = "/run/agenix/ddclient-password";
+    passwordFile = config.age.secretsDir + "/ddclient-password";
     quiet = true;
   };
 
@@ -161,7 +161,7 @@ with lib;
 
   security.acme.certs."metrics.gws.fyi" = {
     dnsProvider = "cloudflare";
-    credentialsFile = "/run/agenix/cloudflare";
+    credentialsFile = config.age.secretsDir + "/cloudflare";
     webroot = mkForce null;
   };
 
@@ -272,8 +272,8 @@ with lib;
       value = {
         inherit name;
         enable = true;
-        tokenPath = "/run/agenix/buildkite-token";
-        privateSshKeyPath = "/run/agenix/buildkite-ssh-key";
+        tokenPath = config.age.secretsDir + "/buildkite-token";
+        privateSshKeyPath = config.age.secretsDir + "/buildkite-ssh-key";
         runtimePackages = with pkgs; [
           docker
           nix