I have to admit before I was like: "not your metal, not your server".
I chose sovereignty over security, without any nuance.
From now on, everything public goes to the VPS (with regular backups in case it gets taken down), everything private stays at home.
The only port I want open in my house is a single UDP port for wireguard. Good luck trying to break through that!