secrets: migrate build-time secrets to agenix runtime

- coturn: switch static-auth-secret to static-auth-secret-file
- matrix: switch registration_token and turn_secret to file-based
- murmur: switch password to environmentFile with agenix
- p2pool: move public wallet address to service-configs.nix

services/matrix.nix

@@ -21,7 +21,7 @@
       port = [ service_configs.ports.private.matrix.port ];
       server_name = service_configs.https.domain;
       allow_registration = true;
-      registration_token = lib.strings.trim (builtins.readFile ../secrets/matrix_reg_token);
+      registration_token_file = config.age.secrets.matrix-reg-token.path;
 
       new_user_displayname_suffix = "";
 
@@ -37,7 +37,7 @@
       ];
 
       # TURN server config (coturn)
-      turn_secret = config.services.coturn.static-auth-secret;
+      turn_secret_file = config.age.secrets.matrix-turn-secret.path;
       turn_uris = [
         "turn:${service_configs.https.domain}?transport=udp"
         "turn:${service_configs.https.domain}?transport=tcp"