Really cool use of the protocol and yubikey though! I didn't know yubikeys could be used like that.

Personally I'd rather not expose anything at all from my home network since it's easier to not have to think about keeping my reverse proxy up to date so I don't get pwned by a 0-day. AFAIK you can also use cloudflare's tunnels or tailscale's new funnels to access your internal network without needing to have tailscale or cloudflare's daemon installed in anything but one of your servers, but that also moved the root of trust to a third-party (unless you self-host your own tailscale infra! But that's also way more work)

Really cool project overall. I might try it out I know the future when I have a fully developed homelab

I love step-ca and have used it for a few years now. I really like being able to access my stuff without clicking through self-signed cert warnings every time, just add my CA to the system trust store and bam.

Protect it from what threats? AFAICT, nobody gives two shits about my homelab.

I still favorited this because it looks like fun quest :D