This week I learned a new wireguard-management utility called “innernet”.
Once I played with innernet enough to understand how it worked (and the first couple of experiments didn’t go all that well, but hey, that’s how you learn), I got a little bolder and set up a rustdesk relay inside the wireguard-encrypted subnet which innernet sets up for you: