Move helium to sops-nix

hosts/helium/configuration.nix

@@ -1,15 +1,22 @@
-{ pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 {
   custom.home_wg_suffix = "2";
   system.autoUpgrade.allowReboot = lib.mkForce false;
 
+  sops.secrets.priv-netflix-wg.sopsFile = ../../secrets/helium/netflix-wg.yaml;
+
   networking = {
     wg-quick.interfaces = {
       wg1 = {
         autostart = false;
         address = [ "10.100.0.7/24" ];
         dns = [ "1.1.1.1" ];
-        privateKeyFile = "/persist/secrets/wireguard/priv-netflix";
+        privateKeyFile = config.sops.secrets.priv-netflix-wg.path;
         listenPort = 51820;
 
         peers = [