modules/wireguard: del ip route when wireguard is stopping

hosts/asus-gl553vd/configs/imp.nix

@@ -26,6 +26,8 @@
         delete_subvolume_recursively "$i"
     done
 
+    echo 1 | tee /btrfs_tmp/root/sys/class/leds/asus\:\:kbd_backlight/brightness
+
     btrfs subvolume create /btrfs_tmp/root
     umount /btrfs_tmp
     rm -r /btrfs_tmp
@@ -51,7 +53,6 @@
         "/etc/ssh/ssh_host_rsa_key.pub"
         "/etc/ssh/ssh_host_ed25519_key"
         "/etc/ssh/ssh_host_ed25519_key.pub"
-        "/sys/class/leds/asus\:\:kbd_backlight/brightness"
       ];
     };
     "/persistent/docker" = lib.mkIf config.virtualisation.docker.enable {

modules/nixos/services/vpn/wireguard/client.nix

@@ -2,6 +2,11 @@
 
 let
   cfg = config.local.services.vpn.wireguard;
+
+  addrsViaDefaultInterface = [
+    # cache.nixos.org
+    "151.101.86.217/32"
+  ];
 in
 {
   options.local.services.vpn.wireguard = with lib; {
@@ -46,9 +51,18 @@ in
         postUp = ''
           addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
           interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
-          # don't use wg with cache.nixos.org
+        '' + lib.concatLines (map
-          ${pkgs.iproute}/bin/ip route add 151.101.86.217/32 via $addr dev $interface
+          (addr: "${pkgs.iproute}/bin/ip route add ${addr} via $addr dev $interface") 
-        '';
+          addrsViaDefaultInterface
+        );
+
+        preDown = ''
+          addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
+          interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
+        '' + lib.concatLines (map
+          (addr: "${pkgs.iproute}/bin/ip route del ${addr} via $addr dev $interface") 
+          addrsViaDefaultInterface
+        );
 
         peers = [
           # For a client configuration, one peer entry for the server will suffice.