move secrets from sops lookup plugin to sops vars plugin

This makes secret configuration and usage a good bit cleaner.

resources/chaosknoten/netbox/netbox/configuration.py.j2

@@ -3,7 +3,7 @@ DATABASE = {
   "HOST": "localhost",
   "NAME": "netbox",
   "USER": "netbox",
-  "PASSWORD": "{{ lookup('community.sops.sops', 'resources/chaosknoten/netbox/secrets.yaml', extract='[\"DATABASE_PASSWORD\"]') }}",
+  "PASSWORD": "{{ netbox__db_password }}",
 }
 REDIS = {
     "tasks": {
@@ -23,7 +23,7 @@ REDIS = {
       "SSL": False,
     },
 }
-SECRET_KEY = "{{ lookup('community.sops.sops', 'resources/chaosknoten/netbox/secrets.yaml', extract='[\"SECRET_KEY\"]') }}"
+SECRET_KEY = "{{ secret__netbox_secret_key }}"
 SESSION_COOKIE_SECURE = True
 
 # CCCHH ID (Keycloak) integration.
@@ -38,7 +38,7 @@ SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = (
 )
 SOCIAL_AUTH_KEYCLOAK_KEY = "netbox"
 SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB"
-SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.sops.sops', 'resources/chaosknoten/netbox/secrets.yaml', extract='[\"SOCIAL_AUTH_KEYCLOAK_SECRET\"]') }}"
+SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ secret__netbox_social_auth_keycloak_secret }}"
 # Use custom OIDC group and role mapping pipeline functions added in via
 # netbox__custom_pipeline_oidc_group_and_role_mapping.
 # The default pipeline this is based on can be found here: