There are quite a few open source wg clients out there, maybe you can get some ideas from those. Defguard, netbird come to mind.

I just want to avoid all that custom client stuff.

I don't have a solution, but I was experimenting on having a unique network url that would show different content depending if you're hitting it via the wireguard connection or not. Pretty basic stuff, just firewall rules and nginx proxying. Add the (hub) endpoint to client's AllowedIPs and route traffic on the hub depending on the networ interface and port the traffic is coming from.

So the client would connect to the wg network and open up the network page (eg. home.rudasn.wirehub.org).

If the connection is established, they would see a welcome message or whatever (if they need to update their config maybe a link to get their new one).

If the connection is not via the wg tunnel, they would see a message to first connect to the wireguard vpn. And if it's their first time, directions on how to install the official client and get their config from their admin (via wirehub.org or whatnot).

It's nice to have that automated via a custom client, but I don't think it's such a huge issue - if you would only update configs for client devices sporadically and have the server peers polling for updates every x seconds.

The downside of custom client apps is another security layer to consider, which nobody has the time for.