make all age use conditional

hosts/h001/mods/nixarr.nix

@@ -1,7 +1,16 @@
 {
   config,
+  lib,
   ...
 }:
+let
+  hasSecret =
+    secret:
+    let
+      secrets = config.age.secrets or { };
+    in
+    secrets ? ${secret} && secrets.${secret} != null;
+in
 {
   config = {
     nixarr = {
@@ -9,7 +18,7 @@
       mediaDir = "/drives/wd10/nixarr/media";
       stateDir = "/var/lib/nixarr/state";
 
-      vpn = {
+      vpn = lib.mkIf (hasSecret "us_chi_wg") {
         enable = true;
         wgConf = config.age.secrets.us_chi_wg.path;
       };

hosts/h001/mods/oauth2-proxy.nix

@@ -1,6 +1,7 @@
 {
   inputs,
   config,
+  lib,
   ...
 }:
 let
@@ -10,11 +11,17 @@ let
     system = "x86_64-linux";
     config.allowUnfree = true;
   };
+  hasSecret =
+    secret:
+    let
+      secrets = config.age.secrets or { };
+    in
+    secrets ? ${secret} && secrets.${secret} != null;
 in
 {
   disabledModules = [ declaration ];
   imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
-  config = {
+  config = lib.mkIf (hasSecret "oauth2_proxy_key_file") {
     services.oauth2-proxy = {
       enable = true;
       httpAddress = "http://127.0.0.1:4180";

hosts/h001/mods/openwebui.nix

@@ -1,6 +1,7 @@
 {
   inputs,
   config,
+  lib,
   ...
 }:
 let
@@ -10,12 +11,18 @@ let
     system = "x86_64-linux";
     config.allowUnfree = true;
   };
+  hasSecret =
+    secret:
+    let
+      secrets = config.age.secrets or { };
+    in
+    secrets ? ${secret} && secrets.${secret} != null;
 in
 {
   disabledModules = [ declaration ];
   imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
   options = { };
-  config = {
+  config = lib.mkIf (hasSecret "openwebui_env") {
     services.nginx.virtualHosts."chat.joshuabell.xyz" = {
       addSSL = true;
       sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";