It should be easier to port forward SMTP to the mailcow installation for incoming mail and only use NPM for the web interface.

If netbird has enough DNS support you might be able to setup all the mailcow recommended settings there so you have auto discovery from mail-clients on the netbird VPN.

Incoming mail is pretty easy to get working anywhere, but outgoing is restricted if your IP adress is in any way suspicious. Using sendgrid, authsmtp, or something similar is the easy way.

For the hardcore, finding a VPS with a company that blocks outgoing smtp as default but will unblock if you convince them you’re responsible can be fun and/or frustrating. You’ll have a mail relay there for outgoing email at the minimum but can also get incoming email via that server. The smallest possible server should be enough.

If PostgreSQL is also shut down and you dont start the backup before its completely stopped it should be ok. You might need to restore to the same version of PostgreSQL and make sure it is setup the same way. If you dump the data, it is safer, both that you get a known good state, and that it can be restored to any new database. Grabbing the files as you suggest should be ok at least 90 percent of the time. But why risk it?

I switched from keepass to vaultwarden years ago and for my usage I wouldn’t switch back.

I needed to be able to share some passwords with other people. I think the clients are much better. I like having a website available as a backup to access a password. All in one package that works well so I don’t need separate mechanism to synchronize between different installations. I like the easy sharing secrets through links and not having to send in cleartext with emails or texts.

And for selfhosting I like that you only need the server only for syncing newly added secrets - if vaultwarden had to be online always I’d switch back.