I haven't read the last few pages so maybe this work around to access docker containers has already been posted. I added the following to to my iptables on my router.
iptables -t nat -A PREROUTING -d 192.168.20.13 -j DNAT --to 192.168.2.13
iptables -t nat -A POSTROUTING -s 192.168.2.13 -d 10.253.0.0/24 -j SNAT --to 192.168.20.13
192.168.2.13 in this case is my actual pihole docker. 192.168.20.13 is a fake private network IP address. You can choose any private ip address that's not actually used on your network. I just chose to turn 2 to 20 for simplicity.
then set your peer dns in wireguard to the fake ip address
1. when a request comes in on the fake address unraid doesn't know where to route it so sends it to your default gateway
2. your router sees the fake destination and changes it to your real pihole and routes it
3. pihole responds to the default gateway because it doesn't know where 10.253.0.0/24 is
4. the router sees the POSTROUTING rule and changes the source IP from pihole to the fake IP so your device gets the response from the same fake IP it requested it from.
This also means if you want to go to the admin interface it's at the fake ip 192.168.20.13/admin in my case. This should work for all dockers, you just have to add entries in iptables for each.
Now that I think of it, i should have added -s 10.253.0.0/24 to the PREROUTING so it was only rerouting for the wireguard ips, but that shouldn't hurt anything.