Yes, but you agree you need to apply security patches in that case, right?
Your original comment amounted to "you don't need to apply updates if you firewall everything", to which I replied "that's not a replacement for a cloud service". Your subsequent comments then amount to "well you can just poke a hole in your firewall for WireGuard". So which is it, do you need to apply updates (e.g. to WireGuard) or not?
I suppose you can maintain secure remote access if you run a very minimal wireguard server on a low power device similar to a raspberry pi running on a updated/patched distro. You can still keep 99% of your gear running in the back without updates. This way the amount of update churn can be minimized.
Your original comment amounted to "you don't need to apply updates if you firewall everything", to which I replied "that's not a replacement for a cloud service". Your subsequent comments then amount to "well you can just poke a hole in your firewall for WireGuard". So which is it, do you need to apply updates (e.g. to WireGuard) or not?