Nice article, cool ideas.

I rely on IPv6 for my infrastructure: my home network and servers are all publically routable via IPv6.

I use something similar to OP's IPv6 setup to provide my smartphone with IPv6 connectivity too, so smartphone is able to reach my infra.

It's not clear what OP is getting by exposing public servers using Wireguard internally. Why not just assign servers IPv6 addresses at layer 3 and route as normal?

Given the vast majority of my infra has publically routable IPv6, it would be nice if I could keep/use that addressing layer, but benefit from Wireguard (it's modern crypto, and stateless design) without having to adopt the Wireguard addressing layer.

I guess I'm looking for something like Wireguard-without-addressing, or IPsec-transport-mode-but-stateless.