The uom crate implements this for Rust.
The core functionality is based on generics but there are some macros for defining custom measurement systems.
I started out with WireGuard. As you said its a little finicky to get the config to work but after that it was great.
As long as it was just my devices this was fine and simple but as soon as you expand this service to family members or friends (including not-so-technical people) it gets too annoying to manually deal with the configs.
And that’s where Tailscale / Headscale comes in to save the day because now your workload as the admin is reduced to pointing their apps to the right server and having them enter their username and password.
Getting the configs to work with my personal devices was already a little finicky but doing that for not-so-technical family members was starting to be a bit too much work for me.
I’m hoping that Headscale will cut that down to pointing their app at the server and having them enter their username and password.
Nextcloud is just a web service. How he or anyone can access it is not determined by nextcloud but by the routers, firewalls, vpns and potentially reverse proxies that are routing the traffic to nextcloud.
With the proper configuration of all traffic handling services it will not be possible to access anything other than the intended endpoint i.e. nextcloud.
Within nextcloud any user can only access their own files plus anything that is explicitly shared to them.
Why not set up backups for the Proxmox VM and be done with it?
Also makes it easy to add offsite backups via the Proxmox Backup Server in the future.