I don’t know your setupand I’m not networking guru, but perhaps you could bridge your wireguard connection with your physical network.
Doing that would mean that whomever you share the wireguard connection with would be able to access your entire network, such as your router.
That could be a bad thing if you have not changed your devices default login credentials.
Sorry, I wasn’t clear enough before. My bad. Your friend needs to do the bridging, or do like you said, rent a vps, put wireguard on it and have your friend connect to the vps. I’ve never done it, however I’ve seen people host other services that way when they are stuck behind a CGNAT.