Take a networking class. You have numerous fundamental misunderstandings and make wild assumptions on bridging gaps that has specific requirements to occur, which also requires a complete lack of any other security methods.
Take a networking class, please. You need it.
Edit: You're mad and still down voting, I want to point out you dont even understand the link you provided.
You should probably read that. But looooooong before then, you should take an actual class on networking.
You need it.
Just to have a straightforward reply....
Let's start with the concept piece, which you dont need to explicitly follow, but is a decent ref. You dont need to use this explicitly, this is more about how far/close to enterprise you want, whether its for fun, for practice, whatever. From an enterprise perspective, you'll typically have:
There are MANY variations and unique versions of this. This is more or less a typical enterprise with we home media uses mixed in.
Now for structure purposes, you basically would have:
OK so there are the generics, let's go back to yours.
192.168.1.x - sounds like default to me. Risky to use for proxmox and network management on a vlan generic endpoints will land in. If you have a different one for default - great! Ignore this. If its management, id move Proxmox into 200 instead.
192.168.100.x - solid choice to group up your externally facing riskier stuff and funnel it all through one connection. I'd make sure when that connection goes down everything else loses connectivity - confirm that kill switch works. Bind their network interfaces to the virtual network that goes to your VPN connection (I'm assuming a docker container here).
192.168.200.x - yup, logical group, makes sense to do. I'd probably put your hypervisor here.
Now LXC vs Docker.... I'd call that mostly preference. I prefer LXC. I also keep things at a stable version and upgrade when needed, not automatically. If you want automated, your best bet is docker. If you want rock stable, and d9nt mind.manual updates, LXC is great. You can automate some with ansible and the like, but that can be a lot to set up for minimal need. YMMV.
Anything I build from source (honestly, most of what I do) I put in an LXC. Anything I take someone else's image (rare, but happens), is docker. I have a local git repo I keep synced to projects on codeberg, github, and the like, so my setups are all set to build from that local repo. Makes sure I've got the latest if something is taken down, but also a local spot to make changes, test, etc for anything I may push back upstream.
Hope that helps!
Edit: Forgot to talk security!
OK first off, figure out your threat model. Where would threats come from? How serious would they be? What risks are worth taking, which are not?
Security is an ogre (onion) - its got layers. For example, I have zero concern with region blocking. No one is hitting my network from China, so I'm not allowing some random to try and get in.
What I am concerned about is user credentialing for access - one login for all services, MFA is hard required, and I don't do text/email as MFA - that's baby town frolics levels of security, I don't like it.
Best way to think of it is a row of bikes. A thief is going to come by and steal one. Which one will they go for?
Do you need to have 7 bike locks and encase the whole thing in concrete? Or do you need to be enough of a pain in the ass (u lock, braided steel cable or chain looped through the wheel and frame) that the other bike (with a $5 cable lock you can pop open with a bic pen).