Ideally you'd want to be running Tor with transparent proxying of all traffic on a physically separate (and locked down) host. I believe there are guides on how to do all that on a raspberry pi out there.
On your primary browsing/whatever machine, I believe (but have not exhaustively researched) that it would still make sense to run inside a VM/container, because that would provide a much more 'generic' set of system characteristics (MAC address, clock jitter stats, CPUinfo, etc) than your actual hardware. It does provide a greater attack surface, so you'd have to weigh up the value of potentially masking physical identity vs likelihood of gaining root due to VM exploits.
There's also the risk of overconfidence because of these measures, which might lead you to overlook important details in the host OS, or in your communication habits.
On your primary browsing/whatever machine, I believe (but have not exhaustively researched) that it would still make sense to run inside a VM/container, because that would provide a much more 'generic' set of system characteristics (MAC address, clock jitter stats, CPUinfo, etc) than your actual hardware. It does provide a greater attack surface, so you'd have to weigh up the value of potentially masking physical identity vs likelihood of gaining root due to VM exploits.
There's also the risk of overconfidence because of these measures, which might lead you to overlook important details in the host OS, or in your communication habits.