Yes if you want to go this way with your NAS as a central repositories storage than you have to configure all needed network access and security. Effectively building your own cloud solution. It is actually not so difficult. There is no need for VPN when you expose specific service only like e.g. sftp or S3 minio.
Using syncthing to sync repos has flaw in basic concept design. People do all sort of crazy things:) It is your data at the end.