Sounds good! It’s always a good idea to make sure everyone is on the same page about the risks involved in a project. I must also stress that you reach out to IT personally and make sure they know what’s going on. We’ve definitely had faculty go behind our back before, I’m sure that happens at other schools too, lol. I do have some final thoughts based on your bullet points to consider:

1) Server computer is a Mac Mini (latest model I think?). I’ve been told they would replace macOS with Linux, still I believe I should ready if they don’t (I don’t have experience with macOS at all)

I would personally avoid this, just due to the fact that the hardware might be in an insecure area and easily forgotten. Once the team is done with it, they might just leave it in place to idle forever. Or, someone might find it, not know what it is, and remove it. A VM running in the campus datacenter is a lot safer than a computer under a lab counter. This also avoids future hiccups with an exotic OS/hardware combination that you might not be thinking about right now.

*2) Server will be situated in university and provided a static IP address *

You’re going to need IT’s involvement on this, full stop. Just because an address isn’t in use right now on the campus network, doesn’t mean that it’s free for you to use. As far as public facing IPs go, those are totally managed by campus IT. You will need their permission to host services on them.

3) Team needs remote access to the server, presumably comfortable with using CLI

See number 2. You need IT’s permission to host services on the network.

4) I am unlikely to be permitted access to server myself after setup, so it should be ready to be managed by the team

You need to document everything you set up ready to hand off to whomever will be managing this server. This is unlikely to be someone on the research team, as if they can’t set it up themselves, I doubt they’ll be able to maintain it.

5) Extra hardware and/or paid software could be arranged but to a limited extent and within reason

There’s generally going to be a budget and/or grants available depending on the scope of the work the research team is doing. Going through the proper channels (IT Dept and Grant Officer) will give you access to these resources. As an example, a center involved with our school was doing watershed research and we were able to secure them a grant for tablets they could use for fieldwork.

One final, important thing to consider is what data this research team is collecting, what they’re using it for, and what’s going to happen to it once they’re done with it. If there is any PII (Personally Identifiable Information) in this dataset, there might be laws (e.g. GDPR) that you might need to comply with.

I hope that you don’t think that I’m harping on you too bad, it’s just that there’s lots to consider outside of the raw technical side of things that many homelabbers don’t really have to think about. I do admire your willingness to take on a project like this! Hopefully your IT department aren’t sticks in the mud and would be willing to help out on this. If they had any sense they would as it prevents users trying to DIY things in the first place.