first pass at outboard secrets

- a module to fetch them with http(s)
- a service using templating to consume them
- update an example to use it

needs service restarts
needs other services to use the template mechanism
needs tidying up

modules/secrets/outboard.nix

@@ -0,0 +1,19 @@
+{
+  liminix, lib, http-fstree, serviceFns
+}:
+{ name, url, interval } :
+let
+  inherit (liminix.services) oneshot longrun;
+in longrun {
+  inherit name;
+  buildInputs = [ http-fstree ];
+  # this script runs once and expects the service superviser
+  # to restart it
+  run = ''
+    . ${serviceFns}
+    ( in_outputs ${name}
+      ${http-fstree}/bin/http-fstree ${url} .
+      sleep ${builtins.toString (interval * 60)}
+    )
+  '';
+}