A few thoughts on this:

• Debian is, in my opinion, oversized for an OPZ2. If it absolutely has to be Linux (does it?), Alpine or Void might be worth a closer look.
• Why SFTP? Wouldn’t SCP be enough?
• Automatic updates are risky for a device that is supposed to run always. Instead, I would recommend sending update notifications and then manually applying an update from time to time. If the device no longer boots up, you often don’t even notice it.