You might try ZeroTier. You’ll each need a tiny client app, but its super easy to install and setup, and extremely secure. Free to use with up to 25 devices.

Yeah, they provide a “Flow” section where you can setup firewall-like rules to control your flow of traffic. You can configure rules that say, allow ssh to a specific server, but only from a specified devices, while allowing ssh, https and smb to another server from any device, blocking all other TCP traffic. UDP is a little weirder to control, but there’s a decent tutorial with example configs.

I hear about TailScale a lot, and I know its super popular in the self-hosting & linux communities. I haven’t used it myself though, so can’t offer a comparison vs ZeroTier. I found ZeroTier refreshjngly easy to use and install on client devices, so haven’t had reason to look elsewhere yet.

Anyway, have fun with your endeavor!

I just finished building a cloud solution leveraging an AWS EFS (elastic file system), a secure ZeroTier mesh, and a simple EC2 instance (vm) running Samba (or just sshfs/scp/sftp if multi-user file locking isn’t needed). EFS does have some pretty big limitations like the fact users can’t be in more than 16 groups (because it behaves like an NFS mount), and it lacks xattr and ACL support. Still, if you can work around these shortcomings you can build a very secure, surprisingly speedy cloud filesystem. Largest expense is the EFS, but after 30 days infrequently accessed files automatically move to slower storage, which is way cheaper. ZeroTier is an important piece of the puzzle, making your security and encryption a breeze. This allows you to run SMB over the internet without actually exposing any services. Connections are only made through your ZT mesh, which is highly secure.

I used to make clocks with the platters and give them to friends and family. Michael’s used to sell inexpensive clock mechanisms that looked really cool against the platter background. I haven’t seen them lately, but I’m sure someone sells them online.

Came here to say this^

+1 for Cloudflare.

That said, there are a number of folks rightfully concerned about the sheer mass of information Cliudflare has access to through their Content Delivery Network (their primary service). This raises potential privacy concerns, especially for self-hosters, who tend to prefer not to rely too heavily on any one large company. However, you don’t actually have to use their CDN service to make use of their minimally-priced Registrar functionality, and personally I really appreciate the services they offer. Their free tier is really impressive, and incredibly useful.