I use librewolf from the aur so I’m not sure if this would apply (or if you’ve already tried it), but try moving the “native-messaging-hosts” directory from the “.mozilla” directory to your waterfox directory in your home and then symlinking the waterfox directory to “.mozilla”

KeepassXC technically only has support for Firefox (and other mainstream browsers) so it always puts the required files for the integration into that “.mozilla” directory.

Speaking purely on speculation, waterfox in a flatpak should already have read/write access to whatever folder in your home it uses for user data so I’m assuming that the difference in where keepass puts the “native-messaging-hosts” is what’s causing your issue.

If that’s not it though, you could likely use bubblejail to tweak the permissions of the waterfox container to grant it access to those folders. Or double check that browser integration is enabled in keepass.

https://tailscale.com/kb/1054/dns

A good frame of reference would be the VPS that lemmy.world is running on imo. Looks like they upgraded to a 4 core/16gb setup to handle the influx of users, so if your instance is running under 1k users, I believe those specs would be sufficient.

If it starts chugging, I wonder how well it’d work to run the server on the laptop and the DB on a VPS (or vice versa).