seemed to have fucked up the copying from the example, let's try this and the iptable commands should work (tested them locally)

nixos/hosts/wheatley/configuration.nix

@@ -228,6 +228,8 @@
           FwMark = 51820;
         };
 
+        listenPort = 51820;
+
         postUp = ''
           ${pkgs.iproute2}/bin/ip rule add from 192.168.2.43 table main
           ${pkgs.iptables}/bin/iptables -t mangle -A PREROUTING -i end0 -j CONNMARK --set-mark 51820
@@ -258,17 +260,17 @@
         # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
         postUp = ''
           ${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s wg0 -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
           ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s wg0 -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
         '';
 
         # Undo the above
         preDown = ''
           ${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s wg0 -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
           ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s wg0 -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
         '';
 
         privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;