Following on from this discussion: https://reddthat.com/post/6044040 I finally updated my VPS setup - deleted everything and started fresh with a whole new approach. I decided to make a full writeup for anyone that might find it useful or at least mildly interesting. I’m not an expert in any of the concepts that I wrote about so looking forward to the many many ways that I can improve! Many thanks!
I should have prefaced my situation better: I live in a country where the ISP censors certain websites and online services. The closest Linode is not on my continent (so the latency is noticeable). So my need to be connected to the Wireguard VPN really depends on what I’m doing. Having a split DNS system is seamless and I only activate the VPN manually as needed (both at home and when I’m out) Otherwise I would have just asked my ISP for a static IP, opened some ports and installed tailscale for everything else.