Fair, but what about names that are specific enough to give an attacker a clue to a potential attack surface, like "authelia.example.com" - now they know you've likely got an Authelia setup, and can start digging for exploitable CVEs etc. I'm in the process of removing all my individual certs and replacing with a wildcard cert served by Traefik. Is that a bad idea?

Can they dig for exploitable CVEs if they're not on the Wireguard network? It is a clue to your infrastructure, but I personally think the simplicity is worth it.

My IaC is on public GitHub. They could do a network scan to find software then fingerprint to find version anyway.

Removing attack surface is better than trying to hide it.

How many people out there have attackers doing individualized research to identify services on their home LAN so they can chain a network attack with CVEs in their self-hosted service?

Everyone, now that you can just toss the work at an LLM.

Where are you seeing this? LLMs make it easier to do bulk data analysis / scale attack patterns, but I've not seen anything to suggest they're incentivizing people to do OSINT against random individuals to fire off targeted attacks on home LANs.

The juice isn't really worth the squeeze for the token spend any more than it was worth the human energy.

Do the names resolve to publicly routeable IPs? If not, I wouldn't worry about it.