Maybe? Quite possibly it seems. I'm not famiilar with it too much.
tinyzimmer
It's extremely similar to Tailscale, and they are a major source of inspiration for a lot of the functionality.
The main difference is I am using a controller-less setup where each node maintains the state of their mesh via raft consensus. If a controller server goes down, another node will pick up the leader responsibilities. When requests come in that need to mutate network state, nodes will automatically forward the request to the leader node for you.
So kinda like a Tailscale - where you can disconnect and branch off at any time. Think...federated networks.
So it will work with clients behind NATs. By default the network is a little different from similar solutions in that not everyone is directly connected peer to peer. The default behavior is to branch off from the server you joined (with traffic to the rest of the network routed through them). Then via the admin API (or configuration/RBAC that needs to be better documented) you can tweak the topology by putting "edges" between devices. If there is no direct connectivity between the devices they will use ICE tunnels to connect. One of the APIs that can be exposed on nodes helps with candidate negotiation, and another one can be a TURN server if you want. Sorta demonstrated here https://github.com/webmeshproj/webmesh/tree/main/examples/direct-peerings but it's a fake test because it happens on docker networks.
To your second question, there has to be someone accessible currently. But I've included an idea of a Peer Discovery API server that devices can optionally expose. In that vein you could have a node that just provides peer discovery and nothing else.
It's kinda pointless though because the server running the API has to be a member of the cluster already - so in that way they become a "central server". I want to add more options, such as SRV lookups. Always happy for help and more ideas too :)
Samesies. Using three monitors on KDE for about 2 years now with no issues.
Almost certainly. At its core - everything happening could be accomplished with just regular configuration files. It's just a suite around maintaining the state basically.
I was considering adding FRR or BGP to the mix at some point - but it hasn't proven necessary yet.