Agreed.
Debatable. My NAS is a VM inside Proxmox. It has 2 TB allocated, out of the 14TB the host has. It’s only used for storing lots of data and not really accessed that often. Depends on what you want from your NAS. If you want to use it to run VMs on it, especially if you want HA w/o replication on multiple hosts’ internal storage, then a separate box makes a lot of sense. Otherwise, having it inside a VM is a fine alternative. And no, I don’t have passthrough enabled, it’s just a raw KVM disk image. A separate box however still makes for a single point of failure, but that shouldn’t be a too high risk.
If you have the option, run OCI containers (docker / podman / K8s / K3s) on Linux or Jails if you’re into TrueNAS / *BSD. If you want to fiddle with your configs often on Linux, try either LXC in Proxmox or LXD in VMs. I would go with LXD, just because I feel it’s better (I couldn’t find an option to live migrate LXC containers in Proxmox, LXD uses CRIU to do so - offline migration is fast, yeah, you can do it in seconds, but it’s still a reboot of the container which affects your uptime and availability, if that’s something you care for, like say for your mail server).
TBCH, I wouldn’t. I may be a purist or may be my autism kicking in, but I really don’t like a 1 size fits all service like NextCloud. Need a mail interface? Use Zimbra or SquirrelMail, or better yet, just use an email client. Need a file server? SFTP or Samba, preferably over a VPN. Need a Password Manager? KeePassXC and have it on your SFTP server or use Bitwarden_rs. I’m not a fan of bookmark syncing, so I don’t have a solution for that, I see no reason why something like SyncThing wouldn’t work (but I’d rather use rsync or scp whenever possible).
I think it would be easier to host Jellyfin in an LXD Container for that, but I won’t spoil your fun. 
And I always like seeing neoflexes.
Just what I was saying (I’m reading and replying sequentially).
I think the 2700 is just fine. You should try to migrate your VMs to containers. If you have too many, you may want to automate it, which may be an interesting project to do (in theory, should basically be just mounting disk images and copying files over, but there may be issues with data bases like mysql if you use dbs).
I’m also interested in that, but I don’t want to run anything besides Chrony or OpenNTPd. I believe it should be doable with Chrony. Never tried it though.
That’s Simple Network Time Protocol. Secure NTP is NTPsec. 
You may use one internet gateway, a la a Linode server, host a VPN (wireguard) and have your infrastructure be a “road warrior,” ie the infrastructure is always connected to the VPS VPN and answers to the public IP address of your VPS. You may have some issues, like having your mail server be down when you move to a new location, but shouldn’t be a too big deal if you plan carefully (or if you host some more critical services on the VPS and some in your LAN).
This is also what I’m interested in, but instead I want redundancy for my services (just for giggles, 99% of self-hosting at home can do without HA), so I’m thinking of building a Raspberry Pi Dramble. A PC case with 3.5" HDD trays should make for a fun “hot swapable” Pi system, with an 8 port POE switch inside. Nowadays I don’t have much use for VMs other than OpenBSD, so I could take it out of the equation and just run a bunch of LXC containers inside a LXD Cluster on the Pi Dramble. I have read stories of people mistakenly loading 100s of containers of a single Pi 3 (bugs in the load-balancing deploy scripts) and the poor Pi ran lots of them for a long while before it crashed. I don’t remember if it was Docker or LXD (I believe it was LXD), but considering how many containers you can pack in a Pi 3 without it even sweating, my project should be doable with 5 Pi 4s (4 or 8 GB variants) - or just try to get my hands on the Turing Pi 2 (for RPi CM4), which would make much more sense (but still have a risky single point of failure, the board itself). What I would need is a separate NAS box for the storage needs. Or maybe 3 or 4 and run Ceph, but then portability kinda goes out the window (even with just RAID mirror of 2 disks, it will be quite bulky or use a lot of space). I think a separate Pi CM4 running a PCI-E with 4 SATA ports and a RAID 10 of 2.5" disks (be it SSDs or HDDs) would make for better portability and maybe even fit near the POE switch (look up for Wiretrustee SATA).
With the advent of the Pi 4 and especially the Pi CM4, there are now lots of options for self-hosting folks. But if you can’t wait that long, I have an easier solution with no waiting requirements: 3x 2nd hand Intel NUCs (the cubic ones, not the chungus latest ones), a 5 port switch and maybe 1 more NUC as a router (with a USB NIC). The advantage is that you can put Proxmox on them and make a really compact cluster and even run VMs if you really need an OS other than Linux. I have done a “mini-infrastructure” using a NUC for OPNSense, one for Proxmox (which runs FTP, Samba and Ubiquiti UniFI controller) and one on standby (we just had it laying around). We didn’t need HA. That little cluster has been running for half a year now with no issues. Of course, you could just go with 2 or even just 1 NUC and an el-cheapo router that can run OpenWRT, but I would argue OPNSense / pfSense or pure Open / Free BSD make more sense if you intend to have a part of your infrastructure permanently connected to a VPN - you can do that with OpenWRT, but unless you also buy a managed switch to go along with it, you won’t be able to split your network, whereas with those, you should be able to just configure your proxmox host to be VLAN aware and the rest of your network using the native / untagged VLAN. This setup is not the most secure, I understand (for more security, you’d also need a managed switch anyway), but if you want a portable self-host setup on the cheap, it should be fine.
I didn’t intend for this post to be this long. Sorry for the wall-of-text!
