don't enable cloudflare-dyndns unless domain list is non-empty

modules/nixos/services/cloudflare.nix

@@ -98,22 +98,25 @@ in {
     services.transmission.settings.rpc-whitelist =
       builtins.concatStringsSep "," ([ "127.0.0.1" ] ++ cloudflareIpRanges);
 
-    services.cloudflare-dyndns = {
+    services.cloudflare-dyndns = lib.mkIf
+      ((builtins.length config.services.cloudflare-dyndns.domains) > 0) {
         enable = true;
         proxied = true;
         deleteMissing = true;
         apiTokenFile = config.secrets.cloudflare-api.dest;
       };
 
-    # Wait for secret to exist
-    systemd.services.cloudflare-dyndns = {
+    # Wait for secret to exist to start
+    systemd.services.cloudflare-dyndns =
+      lib.mkIf config.services.cloudflare-dyndns.enable {
         after = [ "cloudflare-api-secret.service" ];
         requires = [ "cloudflare-api-secret.service" ];
       };
 
     # Run a second copy of dyn-dns for non-proxied domains
     # Adapted from: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/cloudflare-dyndns.nix
-    systemd.services.cloudflare-dyndns-noproxy = {
+    systemd.services.cloudflare-dyndns-noproxy =
+      lib.mkIf ((builtins.length config.cloudflare.noProxyDomains) > 0) {
         description = "CloudFlare Dynamic DNS Client (no proxy)";
         after = [ "network.target" "cloudflare-api-secret.service" ];
         requires = [ "cloudflare-api-secret.service" ];
@@ -130,7 +133,8 @@ in {
           StateDirectory = "cloudflare-dyndns-noproxy";
           EnvironmentFile = config.services.cloudflare-dyndns.apiTokenFile;
           ExecStart = let
-          args = [ "--cache-file /var/lib/cloudflare-dyndns-noproxy/ip.cache" ]
+            args =
+              [ "--cache-file /var/lib/cloudflare-dyndns-noproxy/ip.cache" ]
               ++ (if config.services.cloudflare-dyndns.ipv4 then
                 [ "-4" ]
               else