Self-Hosted Main

Some generic purpose LLM probably.

E-Mail.

And maybe unpopular opinion:

1. Any service that you use with port-forwarding, besides WireGuard.
   I would never access any self-hosted application without VPN.

2. Password manager. I want to minimize complexity with my most important data (that's why I'm using KeePass instead of Self-Hosted Bitwarden).

Aside from other stuff mentioned here about email. I always assumed I'd become a target for spam that I'd have a harder time filtering out to the point it stops being worth it to have a custom email address.

That and I can almost guarantee I would end up screwing up the backup of my inbox and losing everything rending the whole endeavour pointless.

The login page to your NAS.

Password manager. While some may cache on your client devices, by and large if your server goes down, no passwords.

Choosing a service to NOT selfhost is a subjective descision.

I host 18 Proxmox VMs and 20 Docker containers at home. I also was selfhosting a WebDAV server for synchronizing my Joplin notes between devices and Vaultwarden for managing my Bitwarden vault, but decided to push the Joplin synchronization target to Dropbox [free] and to use Bitwarden's free cloud solution for my passwords and secure notes. I did this because I will need immediate access to these two critical sources of information should my house burn down, or get blown over by a tornado. I have extremely strong passcodes for these and trust the hosts.

This was strictly a personal decision. YMMV.

I’ve seen far too many compromised Wordpress installations to ever consider installing it in my home dmz.

Personally I don't think it's worth hosting recursive dns resolvers. Most of the options with ad blocking are single points of failure and when it breaks the household acceptance factor is just too low.

If self hosting from home.. email servers

At home, your IP is likely blacklisted and/or your provider has blocked the necessary ports. Not to mention the layers of potential headaches dealing with potential spam block dbs, especially if you don't own your IP.

You can of course do custom setups allowing you to skirt these restrictions, but can sometimes be a bit complicated and typically involve non-traditional customizations.

Clearly opening RDP port on internet. NEVER.

Internet-accessible authoritative DNS nameserver(s) (unless you have a completely static public IP).

Email. I always recommend AWS SES. Use it at as an SMTP relay and any internal services gets restricted access through IAM.

I don't self host anything where it would impact me unduly if it went down while I was on holiday to the point where I'd have to break state and go fix stuff.

I don't want to have to leave my beer or beach and head off to fix things like an email server, restore a password manager db etc. so anything like that which is critical to the point where an outage would prob have me do so means I pay someone else.