In the US, healthcare is too expensive to afford out of pocket, so most people get health insurance from their employer, as an additional benefit. This covers the employee, their spouse, and their children up to a certain age.
In this case, it looks like people employed by the military will be prevented from getting full healthcare for their children, if those children are transgender.
Using a VPN (like Tailscale or Netbird) will make setup very easy, but probably a bit slower, because they probably connect through the VPN service’s infrastructure.
My recommended approach would be to use a directly connected VPN, like OpenVPN, that just has two nodes on it – your VPS, and your home server. This will bypass the potentially slow infrastructure of a commercial VPN service. Then, use iptables rules to have the VPS forward the relevant connections (TCP port 80/443 for the web apps, TCP/UDP port 25565 for Minecraft, etc.) to the home server’s OpenVPN IP address.
My second recommended approach would be to use a program like openbsd-inetd on your VPS to forward all relevant connections to your real IP address. Then, open those ports on your home connection, but only for the VPS’s IP address. If some random person tries to portscan you, they will see closed ports.
You may not like it, but the rules say “any operating system is fine”. I don’t like Windows either, but this post is technically correct.