nixos/wireguard: exclude local ips

modules/nixos/services/vpn/wireguard/client.nix

@@ -4,6 +4,11 @@ let
   cfg = config.local.services.vpn.wireguard;
 
   addrsViaDefaultInterface = import ./defaultInterfaceAddrs.secret.nix;
+
+  ipRouteParams = ''
+    addr=`${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
+    interface=`${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
+  '';
 in
 {
   options.local.services.vpn.wireguard = with lib; {
@@ -45,18 +50,12 @@ in
         # Path to the private key file.
         privateKeyFile = cfg.privateKeyFile;
 
-        postUp = ''
+        postUp = ipRouteParams + lib.concatLines (map
-          addr=`${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
-          interface=`${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
-        '' + lib.concatLines (map
           (addr: "${pkgs.iproute2}/bin/ip route add ${addr} via $addr dev $interface || true")
           addrsViaDefaultInterface
         );
 
-        preDown = ''
+        preDown = ipRouteParams + lib.concatLines (map
-          addr=`${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
-          interface=`${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
-        '' + lib.concatLines (map
           (addr: "${pkgs.iproute2}/bin/ip route del ${addr} via $addr dev $interface || true")
           addrsViaDefaultInterface
         );