In your example the src would be the "machine that is behind a NAT". That's the one the peer relay enable access to. And then all your other devices (that laptop) can reach it through the peer relay.

I was also a bit confused on the meaning of src/dst in the grants. The naming didn't match my thinking.