I’m not sure if they realize it yet, but Tailscale seems to work extremely well for polycules. Each user can have their own single-user Tailnet and explicitly share specific machines with other people. Both parties have to consent to sharing a device; either party can revoke this consent. The device owner can further restrict accessible ports through ACLs. Tailscale runs on prettymuch anything if you try hard and believe in yourself. This entire use case, up to this point, fits in Tailscale...
