Not OP but I assume it's the security-related "no dependencies on external services or leaking data" requirement.
Even if you'd make an exception for Tailscale, that'd require settonv up and exposing an OIDC provider under a public domain with TLS, which comes with its own complexities.
that is correct! the less I rely on external companies and/or servers, the happier I am with my setup.
I actually greatly simplified my infrastructure in the blog... there's a LOT going on behind those network switches. it took quite a bit of effort for me to be able to say "I'm comfortable exposing my servers to the internet".
none of this stuff uses the cloud at all. if johnthenerd.com resolves, everything will work just fine. and in case I lose internet access, I even have split-horizon DNS set up. in theory, everything I host would still be functional without me even noticing I just lost internet!
Even if you'd make an exception for Tailscale, that'd require settonv up and exposing an OIDC provider under a public domain with TLS, which comes with its own complexities.