All self-hosting environments have some level of not-hosted-here. Even if you run every service in your home, you're still reliant on at least your internet service provider to provide at least your outbound internet connectivity. How much further you rely on external services depends on your level of comfort and convenience. Here's what I use in my environment.
It's Always DNS
I expose quite a few of my services to the internet, and to get to those services from outside the home, the first step is DNS. In order to make sure that setup is a little bit more secure, I use Cloudflare. This provides a modicum of Web Application Firewall protection against bot attacks, although it does mean Cloudflare gets to see all my traffic as I leave their automatic SSL certificates enabled for most traffic. All of the domains behind Cloudflare have "Full (strict)" SSL mode enabled, as Caddy is providing trusted LetsEncrypt certificates for all the hosts as well. In order to prevent infinite redirects, Edge Certificates -> Always Use HTTPS is disabled in Cloudflare. Caddy also handles the HTTP to HTTPS redirects, so I don't want Cloudflare doing it. In a future post, I'll talk more about my Caddy setup, and why I chose it as the reverse proxy.
In addition to SSL being both internal and external, I run a kind of split-horizon DNS. Cloudflare doesn't need to see the traffic when it originates inside the LAN - it adds quite significant latency, among other drawbacks. Pihole is running on the network for ad blocking, but it also quite conveniently can provide local DNS resolution to keep the self-hosted traffic inside the LAN. It's entirely manual, but since I don't add or remove services very often, it doesn't add significant maintenance overhead.
Many services I run outright rely on or are far more convenient when they can send email. Even aside from the constant amount of work it takes to maintain successful email deliverability, I spent more than enough time administering email servers early in my career, and I have no desire to manage one at home. Thankfully, SparkPost has a fantastic free tier for sending email from multiple domain names. It's very easy to integrate with everything (except Ghost, which bafflingly has an extremely-defensive hard-dependency on Mailgun, and only Mailgun) as they provide an SMTP username and password.
Inbound mail is definitely where I still have a significant reliance on a not-great cloud provider. I won't be fully de-Googled any time soon, in part because the features and convenience of Gmail is too hard for me to give up. But I still want some level of control, and I wouldn't get any value out of Google Workspace (or my legacy GSuite family accounts) on my personal domains. In order to make the inevitable future migration from my personal email domains to another service much more convenient, I have since 2015 paid $35/year for a Pobox Plus mail forwarding account. Pobox also provides authenticated SMTP outbound, so Pobox forwards my personal domain addresses to Gmail, and Gmail is configured to send from those domains from the Gmail interface.
To wrap this post up, I'll touch briefly on Plex. I've tried Jellyfin, but the clients are still, as of the release prior to this post, terrible - especially the Roku interface, which is an ecosystem I'm deep into. Roku is the main OS of one of my TVs and the main interface for the remaining dumb display TV in my house, and provides a more-stable and more-private (with Pihole blocking its incessant logging attempts) than any other TV operating system on the market. In addition to providing a better client experience and familiarity, Plex's newest feature to track and remind me about when shows I want to watch are released on the streaming services I subscribe to is really fantastic. I wish the deeplinking to the streaming apps worked in Plex's Roku app, but being able to quickly check a single place to keep track of media I'm interested in is definitely worth the trade-off of the handshake going through Plex's servers.