Multiple devices with one IPv6 to the Internet?
IPv6 is designed to not do that. Trying IPv4 style NAT with IPv6 will break things. That said, I'm pretty sure you can do NAT IPv6 with Linux iptables, so it's not impossible. But I would strongly recommend not to do it.
IPv6 doesn't have a NAT standard the way IPv4 does. There is an EXPERIMENMTAL RFC for one-to-one NAT (one outside address for each inside address) on IPv6, but explicitly forbids what you want to do (I highlighted it below):
6. A Note on Port Mapping
In addition to overwriting IP addresses when datagrams are forwarded, NAPT44 devices overwrite the source port number in outbound traffic and the destination port number in inbound traffic. This mechanism is called "port mapping".
The major benefit of port mapping is that it allows multiple computers to share a single IPv4 address. A large number of internal IPv4 addresses (typically from one of the [RFC1918] private address spaces) can be mapped into a single external, globally routable IPv4 address, with the local port number used to identify which internal node should receive each inbound datagram. This address-amplification feature is not generally foreseen as a necessity at this time.
Since port mapping requires rewriting a portion of the transport layer header, it requires NAPT44 devices to be aware of all of the transport protocols that they forward, thus stifling the development of new and improved transport protocols and preventing the use of IPsec encryption. Modifying the transport layer header is incompatible with security mechanisms that encrypt the full IP payload and restricts the NAPT44 to forwarding transport layers that use weak checksum algorithms that are easily recalculated in routers.
Since there is significant detriment caused by modifying transport layer headers and very little, if any, benefit to the use of port mapping in IPv6, NPTv6 Translators that comply with this specification MUST NOT perform port mapping.
Also, you will find that NAT breaks some IPv6 features.
IPv6 has plenty of addresses so that you do not need to use NAPT the way you do with IPv4. NAPT on IPv4 breaks the IP paradigm where each host is assigned a unique address so that connections are from end-to-end, with no middle devices needing to maintain state on the connections. IPv6 restores the IP paradigm, allowing protocols other than TCP, UDP and ICMP*, and it fixes applications and application-layer protocols that are broken by NAPT.
You may misunderstand the tracking and function of Privacy Extensions. The fact is that the tracking that Privacy Extensions prevents is tracking a device as it is connected to different networks, getting a new address on each connected network, not tracking the services that the device uses on the Internet. By using only the original SLAAC, a device will always have the same IID (Interface Identifier) on the same interface, and it could be correlated, no matter the network to which the device was attached, tracking it as you move it from network to network. This does not matter if the device only exists on a single network, you have no movement to track. If you do move the device to other networks, and the device does not support Privacy Extensions, then you will be able to be tracked, but I would also argue that the device software is so old as to be riddled with security problems.
If the device only connects to a single network, then there is no tracking risk, and you could also use DHCPv6 to assign addressing, or you could manually assign an address, rather than use SLAAC that uses an identifier, such as a MAC address.
*RFC 3022, Traditional IP Network Address Translator (Traditional NAT) explains IPv4 NAT, including NAPT in Section 2.2:
Sessions other than TCP, UDP and ICMP query type are simply not permitted from local nodes, serviced by a NAPT router.