Hello, I want to configure my both desktop and laptop with topology from following image, really no clue about linux networking:

• What should i use for networking? looks like systemd.networkd and networkmanager exists, but i was daily driving networkmanager while not knowing networkd, one of friend suggests to use networkd, looks like nixpkgs nixos module is quite decent than networkmanager. If networkd, should i scare about WIFI/wireless network usage there?
• the idea is:
  • create physical-named group, adding wlan0 and eth0 to group
  • create nordvpn nixos container(nspawnd, i believe) and network group, uses physical as upstream network, exposing to own network group
  • create cloudflare nixos container and network group, uses nordvpn as upstream network, exposing to own network group.
  • create tailscale nixos container and network group, uses physical as upstream network, exposing to own network group.
  • create main network group which does:
    • uses physical/nordvpn/cloudflare as network upstream. easily swappable
    • merges tailscale's internal IP range
    • all processes/userspace programs that didnt set explict network configuration should go towards here.
• while researching the article(as nested vpn) shows running custom systemd services which invoke netns command, i believe there must be the another way to configure this; there are many raw resources on linux networking, not sure each things fit my specific use case, so I'm asking: what approach would be ideal?