I’ve wanted to go this route, but have had trouble getting Sophos to run on my hardware. Didn’t spend too much time with it as pfsense ran on install. May have to circle back to it and troubleshoot it.
On Linux, use NFS. SMB is best for Windows, FYI.
I self host Vaultwarden and when adding the QR, I add it to my free account with LastPass Authenticator app at the same time. Both back up so if my phone dies, I don’t lose the 2fa.