secrets: fix: don't generate secrets if no secrets are defined

nixosModules/clanCore/flake-module.nix

@@ -66,12 +66,14 @@
             description = ''
               script to upload secrets to the deployment server
             '';
+            default = "${pkgs.coreutils}/bin/true";
           };
           generateSecrets = lib.mkOption {
             type = lib.types.path;
             description = ''
               script to generate secrets
             '';
+            default = "${pkgs.coreutils}/bin/true";
           };
           vm.config = lib.mkOption {
             type = lib.types.attrs;

nixosModules/clanCore/secrets/password-store.nix

@@ -13,7 +13,8 @@ in
   config = lib.mkIf (config.clanCore.secretStore == "password-store") {
     clanCore.secretsDirectory = config.clan.password-store.targetDirectory;
     clanCore.secretsUploadDirectory = config.clan.password-store.targetDirectory;
-    system.clan.generateSecrets = pkgs.writeScript "generate-secrets" ''
+    system.clan.generateSecrets = lib.mkIf (config.clanCore.secrets != { }) (
+      pkgs.writeScript "generate-secrets" ''
         #!/bin/sh
         set -efu
 
@@ -50,7 +51,8 @@ in
             '') (lib.attrValues v.secrets)}
           fi)
         '') "" config.clanCore.secrets}
-    '';
+      ''
+    );
     system.clan.uploadSecrets = pkgs.writeScript "upload-secrets" ''
       #!/bin/sh
       set -efu

nixosModules/clanCore/secrets/sops.nix

@@ -25,7 +25,7 @@ in
   config = lib.mkIf (config.clanCore.secretStore == "sops") {
     clanCore.secretsDirectory = "/run/secrets";
     clanCore.secretsPrefix = config.clanCore.machineName + "-";
-    system.clan = {
+    system.clan = lib.mkIf (config.clanCore.secrets != { }) {
 
       generateSecrets = pkgs.writeScript "generate-secrets" ''
         #!${pkgs.python3}/bin/python