I run Nextcloud "locally" too. It's "local" in the sense that it sits on an laptop-turned-server by my desk [0]. Add a domain name, a simple dynamic DNS [1] and a forwarding rule on your router ; your local machine is now reachable from everywhere.
No (useless for that usecase) additional intermediary like Tailscale in the middle. It has the added benefit of allowing you to share everything that is on Nextcloud with people without requiring them to use any VPN/etc.
[0] the fact that it runs an a laptop (with its battery) rather than on a workstation provides a UPS on the cheap
I wouldnt call Tailscale "useless" in that case. If you use Tailscale there, you dont have to port forward, so you have no exposure to the general internet. No one bashing on your port, looking for vulnerabilities. You don't need a DDNS, since Tailscale gives you a fixed address for your machine that persists. So you can set a single CNAME record with your Domain hosting service and you're done. And Tailscale has clients for all platforms, including mobile, so it "just works" with all your devices. It's free for up to 20 devices.
Re: dynamic dns, I've just started self-hosting some services and piping them through cloudflare, and I use the docker container oznu/cloudflare-ddns to handle IP changes.
Bonus is that I can restrict incoming traffic on the router to cloudflare ip ranges, and use cloudflare tools to restrict traffic.
I suppose you could accomplish the same with a VPS but this is all free.
This would definitely be the ideal solution, and it is certainly how the Internet was intended to be used, but a lot of residential ISPs either frown on hosting services on a residential link, or outright forbid it. Plus, CGNAT is more or less inevitable at this point, might as well embrace it.
Like you mention, services like tailscale and cloudflare tunnels are a way around it, but that introduces complexity and additional trust in another company.
The main reason I host my stuff on a VPS is because if an attacker finds their way in, I don't want them to have unrestricted access to my home network as well. (And I'm to lazy to set up a DMZ...)
Lack of hairpin NAT makes that very challenging on my network, I mean I can access things from inside and outside the network but I have to use different domain names.
No (useless for that usecase) additional intermediary like Tailscale in the middle. It has the added benefit of allowing you to share everything that is on Nextcloud with people without requiring them to use any VPN/etc.
[0] the fact that it runs an a laptop (with its battery) rather than on a workstation provides a UPS on the cheap
[1] dynamic DNS can be achieved even using cheap providers such as OVH as long as you get your domain name there https://docs.ovh.com/ie/en/domains/hosting_dynhost/