I have something like this with tail scale. My homeserver has a tail scale docker as well as a docker tail scale. The docker tailscale advertises itself as an exit node. The tailscale docker is gluetunned to an extern wireguard server (your mullvad for example)
Now I can connect to my home net with tailscale and toggle the exit node on and off. By adding a different tailscale container with a different wire guard exit you could just toggle the exit node like that.
Seeing as you are using mullvad you could also just pay the monthly sub to tailscale and they connect your tailnet directly to mullvad
I was in a similar boat. Wanted a simple static site generator with little to no config. I found https://github.com/rochacbruno/marmite and am happy with it
I use it for my personal projects and its perfectly usuable. If you want people to contribute you'll just have to do it the old fashioned email patch way.
You can use RSA keys but it requires a little fiddling. I've used them but needed to massage something. Now I just use ed keys.
The SSH ui is perfectly fine. Your repos are stored as bare repos on the server in the configured directory. So they are easily backed up as regular files.
It also supporta LFS.
I didn't want gps either but too many apps I rely on need it. Soooo took the path of least resistance in that case with a non logged in GPS on GrapheneOS.
Its a shame it's tradeoffs all the time with things like this
Minor nit: you don't need a Google account even with GPS. I have sandboxed GPS without an account and use aurora store for things I can't get via obtanium/F-droid.
Thank you for everyone's help and input. I have it working now, albeit not in the way I had hoped (not using docker containers for it) but it works. I followed https://thedevquill.substack.com/p/setting-up-a-tailscale-exit-node but instead of using the NordVPN image I used the plain Wireguard client image. In the wireguard compose I set network_mode: container:wireguard.
Now when I connect tailscale over the exit node, traffic is going out over the wireguard IP
Sorry to be unclear
Yes I want to be able to access my home services from outside over wireguard, but connect directly into the home network. However once connected to the home network I want all traffic to be routed outside via the remote wireguard server.
Jellyfin, navidrone, paperless, freshrss, mealie, linkwarden, and immich. All on a debian as docker compose setups on a home server. I access things via tailscale and if I need it outside of that via cloudflare tunnels.
Simple and easy.
Just switched there from Tuta. I was having a lot of issues with the mobile app being slow. So far everything is working well and they also offer storage and video chat
should've added a link https://gitlab.futo.org/videostreaming/Grayjay.Desktop