A pretty good read. I've made many of these mistakes myself and learned from every one of them. We spend so much time hardening our home labs from the bad guys, I wonder if we should instead focus on hardening from ourselves.
Of course, the answer is both.
Similar to others, I do this but the reverse direction. I have a Pi with HDD at a friend's house. On a timer, it wakes up at 3am, boots to a VPN and initiates an rsync (pull) with it's twin Pi at my place. When the sync is done, it powers down or the timer cuts power at 9am.
Other than clock drift due to power outages, I've had no issues.
I have a directory that i can put scripts into and the remote Pi will execute anything in this directory after the sync and before the shutdown. Logs from the rsync or scripts are pushed back to a different directory on the local Pi.