I use NBD for my single-user NAS. You can use FDE (full disk encryption, luks) client-side.
The system managing the physical block devices never sees unencrypted data.
Such a setup shines when you use a laptop as your main machine and wish to have a lot of secure storage. The approach I chose was to bond ethernet & wifi6e, use wireguard (w/ PSK). And wonder the house with uninterrupted access.
This sounds really interesting, as in: It's the thing I didn't know I've been looking for because I didn't know it existed.
Could you elaborate on your NBD setup? (What do you use for the server?) And what kind of latencies do you see when you're at home / not at home? How do you handle backups? (Do you back up the encrypted blob server-side or do you back up the unencrypted data client-side, at the cost of having to deal with (probably) limited bandwidth & latencies.)
I do backups with borg while connected to the NAS with ethernet.