The rc.d script for wireguard currently only supports stop and start. This means that when we deploy a new configuration for our wireguard server from Ansible, the interface is brought down and recreated, causing a small interruption in traffic for all clients.
'wg syncconf' provides an interface to apply only the needed changes, and should be called on reload. However, it does not allow an Address= line under the [Interface] section. The rc.d script must be changed to set the address itself, after wg-quick creates the interface.
I have a fix for this working on our server but it's not mergeable as-is as it depends on bash. It would be great to see a solution for this upstream.
Created attachment 212491 [details]
Proposed patch to add reload functionality to wireguard rc.d script
Adding a patch to address this. This is tested working in our setup.
This will use the 'wg syncconf' functionality to reload all peer and key settings, but will skip the interface address configuration and other wg-quick specific stuff. So changing the interface address will still require a restart.