fix: agenix on nix-darwin, update flake.nix

secrets/darwin.nix

@@ -53,11 +53,33 @@
   };
 
   # activationScripts are executed every time you run `nixos-rebuild` / `darwin-rebuild`.
-  # but not when you reboot the system, so currently you need to run those commands manually after reboot...
-  #
-  # /etc/agenix/* will be created after the first time you run `nixos-rebuild` / `darwin-rebuild` successfully.
-  # so you may need to comment out the following lines if it's the first time you run `nixos-rebuild` / `darwin-rebuild` on a new system.
-  system.activationScripts.postUserActivation.text = ''
-    sudo chmod 644 /etc/agenix/*
+  system.activationScripts.postActivation.text = ''
+    chmod 644 /etc/agenix/*
+  '';
+  # When you eboot the system, only these scripts will be executed:
+  #    https://github.com/LnL7/nix-darwin/blob/4eb1c549a9d4/modules/services/activate-system/default.nix6
+  # So we need to add the following line to the script:
+  launchd.daemons.activate-system.script = ''
+    set -e
+    set -o pipefail
+    export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
+
+    systemConfig=$(cat ${config.system.profile}/systemConfig)
+
+    # Make this configuration the current configuration.
+    # The readlink is there to ensure that when $systemConfig = /system
+    # (which is a symlink to the store), /run/current-system is still
+    # used as a garbage collection root.
+    ln -sfn $(cat ${config.system.profile}/systemConfig) /run/current-system
+
+    # Prevent the current configuration from being garbage-collected.
+    ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
+
+    ${config.system.activationScripts.etcChecks.text}
+    ${config.system.activationScripts.etc.text}
+    ${config.system.activationScripts.keyboard.text}
+
+    # The following line is added by me
+    ${config.system.activationScripts.postActivation.text}
   '';
 }