But then you can't access your data outside your local network. That may be acceptable depending on your use case, but at that point it's not a 1-to-1 alternative to cloud services.
So then you need to keep SSH or WireGuard up-to-date (at least in terms of security patches).
Also, are you going to SSH in every time you need to access a document from your phone? Again, use-cases differ, but that's not a 1-to-1 alternative to, say, Dropbox.
Yes, but you agree you need to apply security patches in that case, right?
Your original comment amounted to "you don't need to apply updates if you firewall everything", to which I replied "that's not a replacement for a cloud service". Your subsequent comments then amount to "well you can just poke a hole in your firewall for WireGuard". So which is it, do you need to apply updates (e.g. to WireGuard) or not?
I suppose you can maintain secure remote access if you run a very minimal wireguard server on a low power device similar to a raspberry pi running on a updated/patched distro. You can still keep 99% of your gear running in the back without updates. This way the amount of update churn can be minimized.
