I recently bought a mini pc too and gave the self-host shenanigans a roll. It was definitely worth it.
Using traefik + tailscale + dns challenge with CloudFlare, I was able to self-host and make my services available only through the vpn without loosing HTTPS on all the subdomains. It's lovely!
Why do you need Cloudflare if your services are only available over Tailscale?
To access them with vanity (sub)domains!
Ah you're just using it as a domain registrar?
This is partly self-hosting. You are relying on clownflare and tailscale for your services to be accessible. Do better
You can use lets encrypt with dns tests from wide variety of providers. Also you can selfhost the control server of tailscale (headscale).
Why does this feel like nagging on projects I do on my free-time for my own?
I'm willing to learn but please try to be less condescending :)