networking.wireguard: added allowedIpsAsRoutes boolean to control peer routes

Sometimes (especially in the default route case) it is required to NOT
add routes for all allowed IP ranges. One might run it's own custom
routing on-top of wireguard and only use the wireguard addresses to
exchange prefixes with the remote host.

nixos/modules/services/networking/wireguard.nix

@@ -95,6 +95,14 @@ let
         type = with types; listOf (submodule peerOpts);
       };
 
+      allowedIPsAsRoutes = mkOption {
+        example = false;
+        default = true;
+        type = types.bool;
+        description = ''
+          Determines whether to add allowed IPs as routes or not.
+        '';
+      };
     };
 
   };
@@ -217,11 +225,11 @@ let
 
             "${ipCommand} link set up dev ${name}"
 
-            (map (peer:
+            (lib.optional (values.allowedIPsAsRoutes != false) (map (peer:
             (map (allowedIP:
             "${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}"
             ) peer.allowedIPs)
-            ) values.peers)
+            ) values.peers))
 
             values.postSetup
           ]);