I think you are overcomplicating and undercomplicating things at once.
Proper VPNs will allow split tunneling — only the traffic that needs to go through the VPN will go through the VPN.
So, the solution would be:
- Set up a VPN capable of split tunneling — vanilla Wireguard and tailscale should work
- Set up split horizon DNS so that you get are pointed to the internal/VPN-facing IP address of your server while connected to the VPN *???
- Profit
So on my workstation / daily driver box: