Looks good, wireguard offers excellent performances.
Two remarks however:
- be careful with the use of 10.x addresses, you may fall in conflict with some ISP. They should use 100.64.0.0/10 but several don’t,
- if the address of the wg server is not guaranteed to be immutable you should check the state of the wg tunnel periodically. Take a look at this post for more information.