Zotero is selfhostable, isn't it?
Take a look at RAM and CPU usage. Those VMs are extremely useful but have limits: swapspace is almost mandatory, lightweight custom images like debian recommendable, and CPU load should be kept low.
On the last point consider that you have just 1/8 of oCPU guaranteed, indeed the VM has two CPUs but these are for short time bursts. If CPU time is abused the hypervisor will severely throttle the instance possibly locking it (keyword: steal time).
With proper configuration there shouldn't be any problems with running reverse proxies. I have caddy running on arch and SWAG running on debian on those VMs alongside with many other containers without issues.
It's something I am looking for since years without luck. If your resources are just spaces and desks you might take a look at https://seatsurfing.app/
I always hoped to find something more complex, with per user and per resource limits and custom rules, but I found only a few closed source Saas solutions in this sense.
Use docker on arch. It is perfectly fine for one server. The need for release based distributions strictly comes only when managing many servers where updates should be unattended.
I tried netmaker, nebula, and ended up using netbird. My issue with all the others was traversing my corporate network. Netmaker and Nebula UDP hole punching failed while Netbird just did it without issues by relying on coturn.
I did not test headscale, which could have worked by using DERP relays, because user space wireguard on Linux clients and registry editing to make the client work on Windows are a setback for me. Also, access control is far less user friendly with respect to what netmaker and netbird developed.
The only thing to know before selfhosting netbird is that it requires an identity provider, zitadel as installed by default or any other selfhostable solutions take a lot of resources so if running on a base VPS one should look instead for a managed IDP.