I wanted my own rustdesk relay not to be publically-usable.
After setting up an innernet server on a VPS, I can run the rustdesk “ID server” and relay server inside the wireguard tunnel (bound to the wireguard ip address of the innernet service/network interface), such that rustdesk clients connect to these only (which is to say, all rustdesk connections are encrypted with wireguard).
On the VPS:
sudo ./hbbs -r [innernet-server-ip]
sudo ./hbbr
Note: The rustdesk binaries for running your own “ID server” and relay server are called called “hbbs”, and “hbbr”, respectively)