Unfortunately there isn’t really an all-in-one guide. TechnoTim has info on the Pi-hole config side and wildcard certificates, but I think he uses it with traefik.
NPM is pretty straightforward. If you find a site isn’t working, try turning on Web Socket support.
I’d say just search for guides on each part individually:
- Get all the services installed and up and running
- Get SSL certificates from Cloudflare for your domain.
- Set up NPM for the services you want to reverse proxy with your Cloudflare SSL certs (they wont work until the next step is done)
- Set up pi-hole to be your local DNS (there’s also adblock lists to add) and configure it to send all service(.lan).mydomain.com to the ip of NPM.
- Set up the Cloudflare tunnel.
I can try to help if you run into any issues.
The asterism gives me big Splinter Cell vibes and I’m definitely OK with that.