Thank you, Anav ! Good point 
For the start : General view of Network Diagram with WG server .
Iโm not trying to implement WireGuard peers in a Hub and Spoke topology 
And for sake of simplicity, Admin VLAN99 can have internet access as in my configuration file above , Idealy may be not, as an example of how to restrict some VLAN segments from Internet access :
Router configuration :
Have it updated
What I was thinking to have it as simple as possible, as itโs up to undrstanding a concept of running WG server in VLAN segmented network, thatโs why I do not showing Mail Server VLAN30 accessible from Office VLAN20
Iโm not showing configuration for managed switch as itโs out of scope of this question.