Have you used either of them before and have opinions on them vs HA?

For mobile with fastmail, I use fairemail. Works great with it, and provides a nice merged view with my non-fastmail work emails.

This site is specific to AWS, but you might find it helpful:

http://ec2instances.info

Looks like it got bought out by someone, so might be enshittified, but it’s worked nicely for me in the past.

Security is a gradient that depends on your threat model, etc, but unless you’re being targeted by a nation-state or something that should be plenty secure

I unfortunately can’t really offer much advice here. I configured Wireguard on my phone by essentially copy/pasting the configuration from my laptop and changing the values as necessary like the public key and client IP address. Turned it on, it activated VPN mode in Android and everything started working.

I guess make sure you haven’t mixed up your public/private keys, your server knows about the new device (and is restarted), and your phone is using the right IP address as basic troubleshooting steps.

Yeah, you’ll also need to configure your server to whitelist your phone, and then everything should just work. And yeah, you should be able to just use the default deb package on bullseye.

Yeah, when you configure it, you essentially say “all traffic to 1.2.3.0/24 should go through this wireguard connection”. Then, your OS automagically knows “oh, this connection to 1.2.3.4 should go through Wireguard, and I’ll handle it like so”. You don’t have to configure any applications specifically, their network connections just get routed appropriately by your OS.

Wireguard might work well here. You’ll have to set it up on each device you want to have access your server, but I’m guessing that syncing only involves a handful of devices, which wouldn’t be bad.