indeed the wireguard was thought for a server gateway perspective.
rules for the wireguard network should be added only on the main router of the network so they are propagated to all clients.
Could the masq reload issue be resolved by adding PartOf=masq.service to /usr/lib/systemd/system/wg-quick@.service?
partly. the start/stop will handle the situation. for the restart not sure but it should too, if wireguard is stopped.
for the reload i do not hink it will do anything but should test.
better approach would be to add those rules in the masq script at the right spot
. check jow it is done with open vpn s2s when snat is enabled.
and it could be an option to enable it.
way it was done on top of being unstable was forcing it on other network while it was working. failing ip based tests for services such as zabbix agent/ zabbix server