Distrobox is a better fit for this meme. Without it, one needs to manually configure devices and namespaces. Which is not that difficult, but distrobox create makes it trivial.

Flatpak provides similar sandboxing capabilities and you can use TopGrade to manage all updates.

Kitty has tabs

WireGuard supports mesh as well, but it requires to manually configure all the keys and all the IPs on all devices.

There is wgsd, which supposedly makes WireGuard mesh networking easier, but I haven’t tried it.

Is this like Tailscale? Maybe closer to Headscale, as tinc seems to be completely self hosted.

I think the OP is looking for a decentralized alternative to something like Nord/Express/Mullvad to hide their traffic, and not a way to connect their devices together.