I’d also change your terminology, OP; There’s a Flint version 2 now.
So it’s my understanding there’s CG-NAT in play for Flint 02? Given your goal is only to have Client Device → Flint 02 → VPN ↔ [WAN/Public Internet} ↔ VPN → Flint 01 → Client Devices, your use case is a variation of a Site-to-Site/WireGuard configuration… even though you won’t be able to connect into Flint 02’s LAN/devices connect to it.
Substitute Flint 02, which is behind CG-NAT in your case, for the WG Client router in the following HOW-TO:
(If that doesn’t work due to something w/ CG-NAT, there’s Tailscale to fall back on but that presents a whole new set of hurdles as GL support for it is still marked ‘beta’.)