Put your external facing services behind the VPN, or at least put them in a separate VLAN that's firewalled in such a way that they can't reach the rest of the network if they become compromised.
As a start I would recommend washing your chest once a day (in the shower works well) with CeraVe SA Smoothing Cleanser and then applying CeraVe SA Smoothing Cream on dry skin. It worked well for my similar problems on my back and is cheap and should be easy to find in stores in most countries!
For the last question I welcome you to !skincareaddiction@sh.itjust.works where's there's a lot of helpful people that can help you with that! 😊
I would advise that you instead also connect the Windows machine to the VPS with WireGuard as 10.1.0.3, basically mirroring what you've done on the Ubuntu server. The routing will be a mess otherwise. Another option is running the WireGuard tunnel on your gateway with something like OPNsense.
Make sure mDNS is working properly in your network.
You probably need to enable some power saving features that Windows does by default but Linux may not. Run something like https://wiki.archlinux.org/title/TLP just to see if it helps, and then do some tuning because it might be too aggressive.
Backup your data regularly and the risk should be very small.
I'd say Vaseline sort of covers Aquaphor here. Someone correct me if I'm wrong but Aquaphor is basically Vaseline but with some added inactive ingredients.
Don't worry about it! :)
DuckDNS is great but their service went offline often enough for me to actually buy a domain.
TLDR; Store apples in the fridge
I would say there are better methods to solve this problem these days than a script. Check out Ansible or NixOS.