networking

Context

I have a WireGuard network, which consists of some VPSs, some in-premise servers (in different premises) and some user devices (like PCs, laptops and phones). All the servers are running Debian or NixOS.

Port forwarding is only possible in VPSs, as all other devices run behind NAT/CGNAT networks.

In the current configuration, all WireGuard traffic is going through a central VPS. So, every time I need to reboot it, the entire network collapses.

Goal

I want to share the WireGuard configuration between my VPSs, and load balance the traffic between them. Since I don't have a floating IP, I am probably going to add all VPSs IPs to a domain name and let the clients decide which VPS to use.

I don't want to have separate keys on each VPS, as this makes it more time consuming to onboard new devices. It's easier to add a single VPS key to each device, and have their keys in a single shared VPS config.

Problem

Is there any way to allow the communication of 2 devices/servers, that are connected to separate VPSs?

If it's necessary, one option is to sacrifice the communication between the user devices, and configure some additional layer(s) for the servers, like OSPF or VXLAN. However, even in this case, I need the servers to be plug'n'play. I wouldn't like to reconfigure the other servers, every time a server is added or removed to/from the network (except, of course, for the WireGuard key that would need to be added/removed in the VPSs).

Relying on external services, like Tailscale is not an option.