I understand the complexity of having a functional email is hard and many people often advice against self hosting this part, but still I want to give it a try before giving up.

The main motive is to get rid of google as much as possible, regain control of my privacy and my data as much as possible.

I rarely send out email at all, I'd say less than 100 a month, I'm not using email for business communication anyway, it's mostly for receiving account info, receipts, etc. And I surely don't send any sketchy email as well, if anytime I need to send email it's mostly to inquiry about some stuff.

So with that usage I'm thinking I could get by of using SMTP relay to handle the email sending, and handle the incoming email on my own, so probably just a cheap vps running mailcow or mail-in-a-box then use a cheap relay like amazon ses.

Is this a workable idea or am I missing out something?

Before someone ask why not just use vpn like tailscale/wireguard because the app I wanted to expose are shared to my family, and I want it to be easy for them without needing to setup anything on client side.

I use Cloudflare Tunnel for some of my not so important apps, which is fine, but now I wanted to make immich photos backup available for my family as well, which I don't feel as comfortable to trust cloudflare with since they can decrypt any traffic go through them. (Plus it's against their TOS to host non html and high bandwidth application, and they have 100mb post limit)

Which now l am looking for a better solution that check all these boxes - End to end encryption without need to trust third party not to spy on my traffic - No client side configuration

A few solutions I can think of: 1. Directly expose the service, which expose my public ip and port (which I'll probably put myself as a target for all the bot scanning and bruteforce attempt)(I am no networking expert, best I can do is setup some firewall rules, fail2ban, and use bridge network for all my container including reverse proxy, but still because I'm not expert so I don't feel like I should do this)

1. Use a cheap or even free tier VPS, install tailscale and reverse proxy on it, then at my home unraid server broadcast the ip/subnet of services i want to expose, then harden the vps as much as i know. (probably the easiest solution i can implement, but not sure if it's battle tested, or am I not knowing some kind of risk with this setup)(also I'll have to trust oracle not to hijack my vps and spy my passthrough traffic, which they probably won't but again it's technically possible for them)

2. Some other better solution or better selfhosted tunneling solution. maybe something listed on awesome-tunneling?

For people that care about privacy and selfhost as much as possible for that reason, how do you handle offiste backup for some important data such as your private files and photos?

From what I understand it's best to keep some offsite backup in case of floods/fire/etc, but I am curious how everyone do that, for example do you backup your files periodically to zero knowledge cloud providers like Proton/Mega/Sync/pCloud/etc

Or do you encrypt your files (which requires you to safe keep a lot of different passphrases/passwords) before backing them up to any remote storage?

(I'm asking this as I'm backing up something to b2 with rclone crypt, but damn, it is so slow or maybe my cpu is just too old)