Most VPNs don’t allow port forwarding, and if they do it’s a random port that changes frequently. So you’d need a method to tell people the new port. Also, you typically want to use SSL so you’ll have to use self signed certs. Though interestingly LetsEncrypt recently started testing certs for IP addresses:

https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate

You can. I recommend making sure you have logging in place so you know what’s going on. This could include not just service logs but firewall logs as well. You might want to rate limit the connection attempts for SSH and WireGuard and consider Fail2Ban or something similar.

Yes, that’s one way to do it. Another way is to pick some amount you can afford to save and buy bitcoin every month or so. Hold it for a few years and always spend your oldest coins first. For example $20 from 2020 buys $200 worth of stuff now.