Probably it would be much easier for you to setup tailscale. Just install it on the system you host the other services, install on the other end and use the tailscale ip. It should require minimal effort to set up with the added benefit of not having ports open, and way easier maintaining.
As for wireguard, the allowed up section tells what ips should be routed through the tunnel, it’s not that difficult, but hard to wrap your head around at first. A friend of mine also used to use the Fritzbox Implementation of wireguard and I remember you need to specifically setup what clients you want the tunnel to have access to.
Have a look at tailscale.
To follow up on this: I now use a combination of caddy as reverse proxy and authelia for authentication. In my opinion caddy is the best reverse proxy, it’s super lightweight and the caddyfiles are super easy to read. Authelia is surprisingly easy to get setup. I was a bit hesitant because it looked a little overwhelming in the beginning. When you sit down for half a day and dig into it, it’s really surprisingly straightforward.
How I’d go above this is dependent on how much storage you expect to be using mid term/until you want/can buy another drive.
Must have 7TB ? Swap the 10tb for 2x4TB, then do 4TB parity 4+2+1TB as Data drives.
Is 3TB enough for the time being? Keep the 10TB and use as parity, 1+2TB as Data drives. When full, go for up to another 10TB as Data.
That second option is more upgradable in the future.
I’m guessing everyone meant Data drives by saying “pool”. In unraid, Data drives are the ones protected by parity, in the array. Pools are “out of the array”, not protected by parity.