The good news is that in order to exploit the new vulnerability, the attacker first has to obtain kernel level access to the system somehow - by exploiting some other vulnerabilities perhaps.

The bad news is once Sinkclose attack is performed, it can be hard to detect and mitigate: it can even survive an OS reinstall.

Cloudflare tunnel is an option, you can even scrap your own nginx

Unless you’ve used something secure for formatting or wrote data to the SD after, consider attempting data recovery.

Speaking of Cloudflare, if you’re okay with not self hosting, then there’s Cloudflare Pages which is good for hosting static websites.