use ssh host key as identityfile on tempest

reencrypt secrets and use personal key for mail

modules/common/mail/default.nix

@@ -104,7 +104,7 @@
 
             # Used to login and send and receive emails
             passwordCommand =
-              "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
+              "${pkgs.age}/bin/age --decrypt --identity ~/.ssh/id_ed25519 ${
                 pkgs.writeText "mailpass.age"
                 (builtins.readFile ../../../private/mailpass.age)
               }";

modules/nixos/services/wireguard.nix

@@ -38,7 +38,7 @@
     };
 
     # Create private key file for wireguard
-    secrets.wireguard = {
+    secrets.wireguard = lib.mkIf config.wireguard.enable {
       source = ../../../private/wireguard.age;
       dest = "${config.secretsDirectory}/wireguard";
     };