I left my Hetzner VPS open to password logins for over 3 years, no security updates, no firewalls, no kernel updates, no apt upgrades; only fail2ban and I survived: https://oxal.org/blog/my-vps-security-mess/

Don't be me, but have some solace in the fact that even if you royally mess up things won't be as bad as you think.

I self host a lot of things on a VPS and have recently started self hosting on a raspberry pi 5, it's extremely liberating!