added secureHost flag

modules/servers/synapse.nix

@@ -22,12 +22,12 @@ in
     synapse = setup.mkOptions "synapse" "pYLemuAfsrzNBaH77xSu" 8008;
     element = setup.mkOptions "element" "55a608953f6d64c199" 5345;
   };
-  config = {
+  config = lib.mkIf (cfg.enable && config.my.secureHost) {
     my.servers = {
       synapse = { inherit domain; };
       element = { inherit domain; };
     };
-    sops.secrets = lib.mkIf cfg.enable {
+    sops.secrets = {
       synapse = {
         sopsFile = ../../secrets/env.yaml;
         owner = "matrix-synapse";
@@ -50,7 +50,7 @@ in
       };
     };
     networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
-    services = lib.mkIf cfg.enable {
+    services = {
       matrix-synapse = {
         enable = true;
         extraConfigFiles = [