bitcoin-cli: split into own file, and fix broken path to config file when running as user

hosts/by-name/servo/services/cryptocurrencies/bitcoin.nix

@@ -86,7 +86,6 @@ in
   systemd.services.bitcoind-mainnet.requires = [ "tor.service" ];
   systemd.services.bitcoind-mainnet.serviceConfig.RestartSec = "30s";  #< default is 0
 
-  sane.users.colin.fs.".bitcoin/bitcoin.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets."bitcoin.conf".path;
   sops.secrets."bitcoin.conf" = {
     mode = "0600";
     owner = "colin";

hosts/common/programs/assorted.nix

@@ -410,14 +410,6 @@ in
 
     backblaze-b2 = {};
 
-    bitcoin-cli.packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.bitcoind "bin/bitcoin-cli";
-    bitcoin-cli.sandbox.method = "bwrap";
-    bitcoin-cli.sandbox.autodetectCliPaths = "existing";  #< for `bitcoin-cli -datadir=/var/lib/...`
-    bitcoin-cli.sandbox.extraHomePaths = [
-      ".config/bitcoin/bitcoin.conf"
-    ];
-    bitcoin-cli.sandbox.net = "all";  # actually needs only localhost
-
     blanket.buildCost = 1;
     blanket.sandbox.method = "bwrap";
     blanket.sandbox.whitelistAudio = true;

hosts/common/programs/bitcoin-cli.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  sane.programs.bitcoin-cli = {
+    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.bitcoind "bin/bitcoin-cli";
+    sandbox.method = "bwrap";
+    sandbox.autodetectCliPaths = "existing";  #< for `bitcoin-cli -datadir=/var/lib/...`
+    sandbox.extraHomePaths = [
+      ".bitcoin/bitcoin.conf"
+    ];
+    sandbox.net = "all";  # actually needs only localhost
+    secrets.".bitcoin/bitcoin.conf" = ../../../secrets/servo/bitcoin.conf.bin;
+  };
+}

hosts/common/programs/default.nix

@@ -12,6 +12,7 @@
     ./ausyscall.nix
     ./avahi.nix
     ./bemenu.nix
+    ./bitcoin-cli.nix
     ./blast-ugjka
     ./bonsai.nix
     ./brave.nix