If we told just anyone, it wouldn’t be private!!!
Srsly any phone app is inherently insecure because the phone itself is insecure. And there’s lots of metadata leakage, like the phone broadcasting its location. There is no “go to app”. It all depends on what you are trying to do and who you are trying to communicate with.
I used proxmox and have played a little with nix and guix, but simplest is just use debian, put /home on a separate logical partition from the system partition so you can reinstall the system without clobbering user files, and as people keep saying, backup early and often.