I had authentik before but I found it to be unnecessarily complicated. Its really a nice one stop shop, doing authentication, authorization, even reverse proxing, but the setup/UI is just … Not very well designed. Or it’s so advanced that it’s very far from the no it background hobbyist user
Would be nice if each user could add their own bookmarks so they could use the dashboard as new tab default.
Probably it would be much easier for you to setup tailscale. Just install it on the system you host the other services, install on the other end and use the tailscale ip. It should require minimal effort to set up with the added benefit of not having ports open, and way easier maintaining.
As for wireguard, the allowed up section tells what ips should be routed through the tunnel, it’s not that difficult, but hard to wrap your head around at first. A friend of mine also used to use the Fritzbox Implementation of wireguard and I remember you need to specifically setup what clients you want the tunnel to have access to.
Have a look at tailscale.
I tried fenrus before, kinda liked it, but I remember it to be not so performant.