Yes it is called Tailscale which is built upon Wireguard.
Use Tailscale as a mesh-based VPN for your devices. Assign one device as your Tailscale exit node. Run the NextDNS CLI on that device.
Any device running Tailscale can, if enabled, route their traffic out (encrypted via Wireguard) via the device assigned as an exit node. Since that exit node is running NextDNS you can have all of the DNS requests going out under the DOH configuration for that exit node.
Wireguard VPN + NextDNS :-)
Typical setup would be a VPS as the exit node.
I'm not sure what you mean, these are two different things, unless you mean an application like WireGuard's applications but with built-in DNS-over-HTTPS (which does not exist at the time of writing, with exception of some VPN provider applications like SurfShark but that one does not allow custom DOH/DOT hostname like NextDNS to be used) you gotta setup two different things in order to use an encrypted DNS protocol with a VPN protocol like WireGuard
Examples would be:
Windows -> YogaDNS with NextDNS resolver, then you can use any VPN provider and protocol, it is recommended to use YogaDNS with DNS-over-HTTPS, then you can use WireGuard, OpenVPN, etc to your liking.
iOS: This is only possible with IVPN, WireGuard is registered as a configuration profile so this conflicts with a would-be DNS app like DNSCloak or AdGuard Pro.
For other VPN services you would require the use of IKEv2 protocol as iOS registers those as a Personal VPN, allowing the VPN Configuration slot to be taken in by DNSCloak for instance.
Android: This depends on the type of Android that you have, the most common behavior is that VPNs override Private DNS, for ROMs like GrapheneOS, you can use Private DNS (DNS-over-TLS) and then use the VPN of your choosing with WireGuard like Mullvad or ProtonVPN.