WireGuard LaunchD Startup

no.corporate.wireguard.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>no.corporate.wireguard</string>
    <key>RunAtLoad</key><true/>
    <key>OnDemand</key><false/>
    <key>Disabled</key><false/>
    <key>WatchPaths</key>
    <array>
        <string>/usr/local/etc/wireguard</string>
    </array>
    <key>WorkingDirectory</key>
    <string>/usr/local/etc/wireguard</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/wg-quick</string>
        <string>up</string>
        <string>/usr/local/etc/wireguard/wg0.conf</string>
    </array>
    <key>EnvironmentVariables</key>
    <dict>
        <key>PATH</key>
        <string>/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
    </dict>
</dict>
</plist>

Mostly years of habit? Under Operation, there is something of a description of the loading process, starting.

A job cannot be started unless it is loaded. Normally this loading happens during boot. General understanding of launchd loading is that the entry for your job is loaded automatically unless otherwise specified and starting/stopping the job happens given certain conditions like time, or some other trigger. What do I want? Load and start, continue running indefinitely. Stop at shutdown or in the rare instance I want it to go away. Load/Unload and the 'RunAtLoad' key have been working to achieve my goals.

Wireguard CLI on macos is not 100% compatible with macOS. Requires Go and a newer Bash than Apple will ship due to GPL. Wireguard offers the GUI version of the client that is macOS compatible, but then it doesn't run the way you want it to if you want a 'daemon'.