I’ve got a very similar setup now. Only recently adopted tailscale and was previously port tunnelling over SSH to access anything on the local network. SSH is still open, and am just waiting a bit to see if theres any cases where I need it before closing that out too.
Short story: If you don’t need stuff open to the general public, just having Tailscale will probably cover you.
Photoprism, running on a Raspberry Pi 4. I’m just running it as a single user, and it’s been working well for that. A couple of notes: