INeedMana

Personally, I would do this in docker. That way you can have clearer separation between services and networks. But it’s not a hard requirement.

I would just do it, as you wrote. For example, on the account of jellyfin server, configure the tailscaleA client, then wireguard client, etc. Set those up as separate user services/processes/system services if root permissions needed and that’s it. Then on other services set the needed connections separately.
It might be handy to set up traefik, so things served via vpns can go through the same routes as local traffic, so you use the same path as your users do

When you have a service that serves something on a port, you are not limited to only one connection. It can be accessed through different clients, the only needed part is that those clients connect to their respective vpn networks and pass the traffic correctly

I don’t see a need for a separate device for that routing

AFAIK connecting to the VPN was the functionality of that older desktop app. Now they only added mobile apps

The option to connect a client to the VPN has been there in webgui since at least a month

AFAIK it always has been one https://dbtechreviews.com/2025/01/15/exploring-pangolin-the-self-hosted-cloudflare-tunnel-alternative/

It’s a WireGuard VPN with a bunch of automation to make using it as a reverse proxy easier

It’s great that Obtainium exists but that’s not my point. Behind pangolin is a company. Which in a way claims to be “one of us” - distributes open source code, with one of proper licenses, etc. Yet, when they deliver a binary, they only put it on big tech service. They didn’t say “f-droid coming”, which is normal as putting up f-droid builds sometimes takes time, not even “f-droid will be evaluated”. Maybe I’ve become a hardliner but in my book thats a few “sus points” from me

I use pangolin. I use their cloud offer and I’m preparing to move to self-hosted one. But I say: don’t throw away wireguard notes yet, pangolin might enshittify once they get a following

No f-droid? I’m very disappointed