hosts/carbon: Do not fall back IPv6 traffic via VPN, if no native IPv6 is available

hosts/carbon/wg-clerie.nix

@@ -5,5 +5,6 @@
     enable = true;
     ipv6s = [ "2a01:4f8:c0c:15f1::8111/128" ];
     ipv4s = [ "10.20.30.111/32" ];
+    defaultViaVPN = false;
   };
 }

modules/wg-clerie/default.nix

@@ -25,6 +25,11 @@ in
         default = [];
         description = "IPv4 interface addresses";
       };
+      defaultViaVPN = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Use VPN default route for a protocol, if that protocol is unavailable in the underlay";
+      };
     };
   };
 
@@ -45,7 +50,9 @@ in
         { rule = "to 2a01:4f8:c0c:15f1::1/128 ipproto udp dport 51820 unreachable"; prio = 20001; }
         # Try direct routing first, fallback to VPN
         { rule = "lookup main"; prio = 21000; }
+      ] ++ (if cfg.defaultViaVPN then [
         { rule = "lookup wg-clerie"; prio = 21001; }
+      ] else []) ++ [
         { rule = "unreachable"; prio = 22000; }
       ];
       rules4 = (concatMap (ip: [
@@ -57,7 +64,9 @@ in
         { rule = "to 78.47.183.82/32 ipproto udp dport 51820 unreachable"; prio = 20001; }
         # Try direct routing first, fallback to VPN
         { rule = "lookup main"; prio = 21000; }
+      ] ++ (if cfg.defaultViaVPN then [
         { rule = "lookup wg-clerie"; prio = 21001; }
+      ] else []) ++ [
         { rule = "unreachable"; prio = 22000; }
       ];
     };