Cool! Do you like that approach? I've thought about setting up that exact thing but I wasn't sure how well it would work in practice. Are there any pitfalls you ran into early on? I might give it a shot after your "very easy to set up and operate" review!

Honestly it was very easy. Their documentation is decent, and the defaults are good.

Setting up Pangolin on the VPS, and Newt on your lan, connecting them and adding e.g. a small demo website as a resource on Pagolin will take you about half an hour (unless your domain propagation is slow, so always start by defining the name in DNS and point it to your VPS IP to start with. You can use a wildcard if you do not want to manually make a new DNS entry each time)

What is the vps for? Just the static ip?

To have a public front that is outside of the lan firewall. The idea is that you do not have to open your lan to anything. The only communication will be the encrypted wireguard tunnel between the VPS and your Newt instance.

You can run the Pangolin also on the lan, but you will need to open a few ports then on your lan firewall, and manage your ddns etc. if you do not have a fixed IP at home.

For less than 4€/month I opted for the VPS route.