What's the point of having a cloud instance if you're relying on an on-prem machine to stay online?
Put another way, why allow untrusted people to reach into your server via wireguard instead of just forwarding those ports?
I guess it's a setup for people who don't want to use i2p or Tor but do want to keep their IP address private.