It’s not clear to my why you absolutely don’t wan’t to expose your home port.

From a security standpoint, you are still exposing your services to the public anyway (only the TCP stack is not, which is likely the smallest attack surface).

If you had a simpler reverse-proxy VPS, it would still hide your home server IP from clients. Your ISP would still only see encrypted traffic (https). Since you use adguard already, you can target dns-over-https upstreams to hide all DNS traffic too (eventually have a firewall rule to block outgoing dns queries if you don’t trust your application).

You could host a Tor relay node (or an i2p node). These networks need crowd and bandwidth.

Agree, very lightweight, simple once-and-forget setup.