Oh it is not that much, I run adguard DNS with adblocking, searxng as my search engine, vaultwarden as my password manager. All combined with Argo CD as GitOps engine, nginx ingress with cert-manager for lets encrypt certificates, longhorn as storage layer and metallb as loadbalancer solution. I am planning to completely replace my current setup (which is an old sandy bridge powered HP microserver) with a turing pi 2 clusterboard with 4 RPi4 CMs as soon as they get cheaper.
SELinux should not be an issue if you stick to common directories and use :Z flag after the mount path with docker, afaik podman uses the same mechanism. There’s even a tool for selinux container policies: https://github.com/containers/udica
Regarding firewall stuff, disable it on your machine and you are fine. Port forwarding in containers is necessary to connect to services, now way around.
Ah and read this: https://stopdisablingselinux.com/
It has a reason why it exists.