If you're going to host services as home such as your password manager, set up a WireGuard VPN, you can use a Pi and it'll be perfectly sufficient, leave only the VPN open on the internet, VPN in from your phone, laptop, whatever for anything you need access to, and you don't need to rely on Nextcloud or Bitwarden having vulnerabilities discovered in them.
I was using Nextcloud previously for password sync because my password manager needs WebDAV, it was too much to maintain so I wrote a small server in Golang using the WebDAV library and it sits behind NGINX which handles the auth. I run Minio (S3 compatible) for syncing our family photos from our phones and Folder Sync app on Android. They both run on a VM and write out to a ZFS pool.
I have a Pi 3B+ running Raspbian mounted read-only as a WireGuard VPN for remote access, and we use the official WireGuard app. VPN is always on because we have fast, symmetric fibre, and we don't need to worry about trusting public networks.
I've had my Raspberry Pis kill dozens of SD cards over the years, so read only can helas for updates, I manually remount read/write when I do maintenance and then remount read/only again when I'm done.
