make all age use conditional

flakes/common/nix_modules/remote_lio_builds.nix

@@ -1,17 +1,26 @@
 {
   config,
+  lib,
   ...
 }:
+let
+  hasSecret =
+    secret:
+    let
+      secrets = config.age.secrets or { };
+    in
+    secrets ? ${secret} && secrets.${secret} != null;
+in
 {
   # Remote build off home lio computer
-  programs.ssh.extraConfig = ''
+  programs.ssh.extraConfig = lib.mkIf (hasSecret "nix2lio") ''
     Host lio_
       PubkeyAcceptedKeyTypes ssh-ed25519
       ServerAliveInterval 60
       IPQoS throughput
       IdentityFile ${config.age.secrets.nix2lio.path}
   '';
-  nix = {
+  nix = lib.mkIf (hasSecret "nix2lio") {
     distributedBuilds = true;
     buildMachines = [
       {

flakes/common/nix_modules/tailnet.nix

@@ -1,11 +1,20 @@
 {
   config,
   pkgs,
+  lib,
   ...
 }:
+let
+  hasSecret =
+    secret:
+    let
+      secrets = config.age.secrets or { };
+    in
+    secrets ? ${secret} && secrets.${secret} != null;
+in
 {
   environment.systemPackages = with pkgs; [ tailscale ];
-  services.tailscale = {
+  services.tailscale = lib.mkIf (hasSecret "headscale_auth") {
     enable = true;
     openFirewall = true;
     useRoutingFeatures = "client";