

I started out with WireGuard. As you said its a little finicky to get the config to work but after that it was great.
As long as it was just my devices this was fine and simple but as soon as you expand this service to family members or friends (including not-so-technical people) it gets too annoying to manually deal with the configs.
And that’s where Tailscale / Headscale comes in to save the day because now your workload as the admin is reduced to pointing their apps to the right server and having them enter their username and password.
There are some experimental models made specifically for use with Home Assistant, for example home-llm.
Even though they are tiny 1-3B I’ve found them to work much better than even 14B general purpose models. Obviously they suck for general purpose questions just by their size alone.
That being said they’re still LLMs. I like to keep the “prefer handling commands locally” option turned on and only use the LLM as a fallback.