I use Yggdrasil now with a whitelist of public keys. Though I'm thinking about redoing my architecture in general to make key distribution easier, have more automated DNS entries and also use the tunnel for any node to node communication.
Before that I tried Tailscale with Headscale, but I didn't want to have a single node responsible for the network and discovery.
Most VMs only run containers, but I have supporting services on every host as well. Stuff like the mesh VPN, monitoring agent or firewall.
If I want a quick overview, a quick systemctl status will tell me everything I need to know.
I've been managing my containers using the older mechanism (systemd-generate) since I started and it's great. You get the reliable service start of systemd and its management interface. Monitoring is consistent with all your other services and you have your logs in exactly one location.
I really wouldn't want a separate interface or service manager just because I'm running containers.
Manjaro does "stability" by delaying everything by two weeks. That doesn't really help at all and might hurt you for security updates, because those will wait the same two weeks.
They require a lot of driver work to get everything working. Many of their chips for example only support h264 hardware decoding at the moment, although they would be capable of h265 as well. Another example would be the PineTab 2, which now after a few years has working wifi and an alpha bluetooth driver. Yes, it's always getting better, but very slowly and it might well take another few years until you can just run a mainline kernel with full hardware functionality.
If ES6 is just a refreshed Skyrim I really see no reason to buy it. There are much more interesting RPGs than the Bethesda style nowadays.