Tailscale is not completely foss.

https://tailscale.com/opensource

Mtls requires that the android client device has a certificate installed that matches the one installed on the server in order to access it.

RPI4/400 is perfectly capable as a little home server. All it needs is a good SD card.

Owntracks,photoprism,monocker,brave go m-sync,libre photos,wallabag,radicals e,Baikal,Firefox sync,Joplin web,webdav server,jellyfin,vaultwarden,wireguard