I use Ansible+git to push changes to remote servers. And use ssh+vim sometimes too.

I personally prefer that the private key for https remain local within my network. That ensures end-to-end privacy. That's not an option when using Cloudflare.

I do use Cloudflare for public sites that don't require a login. And I have the same zero trust services running locally for accessing non-public data. My reverse proxy authenticates/authorizes each request so that I don't need to use a VPN.

Estonia (as per my research) mandates that each and every domain under its tld is linked to its owner ID number, but I doubt it that my foreign ID will be accepted.

I could be wrong, but I think this was changed a few years ago. But it doesn't stop domain registrars from still charging the fee.

I had no issues registering with zone.ee without any sort of Estonian ID.