yubikey identity always takes precedence

[TRPB]

I've followed the instructions here to add a yubikey as an identity.

I've set:

  age.identityPaths = [
    "/etc/ssh/ssh_host_ed25519_key"
    "/path/to/identities/yubikey.txt"
  ];

This works fine and I can decrypt the secrets with either the yubikey or the ssh key.

I'd like to use the ssh key if it's available and give that priority so I don't need to enter the pin and touch the yubikey for every secret.

The problem is, with both keys set it asks me Please insert YubiKey with serial [id] (press [1] for "YubiKey is plugged in" or [2] for "Skip this YubiKey") for every secret (and I have about 6 of them).

If I press 2 for each secret they're decrypted using the ssh key successfully. I'd like to be able to specify identity key precedence so that the ssh key is used if it's available and the yubikey is a fallback.

context: In the case of a system failure I'll have the config repo and secrets folder from backup, then I can reinstall as long as I have the yubikey without needing to worry about the machine's SSH host key. Pressing the yubikey for every secret every nixos-rebuild switch is rather tedious but I'd be find doing that for a system reinstall.