IPs are exposed to the world by default. Bots will happily sit there 24/7 scanning the entire IPv4 range, so you’re unlikely to see any impact from having a subdomain vs not. As others have said, you’re better off focusing on making sure your VPS is secure - SSH keys only, HTTPS only, reverse proxy with authentication and strong passwords, etc, maybe configuring the firewall to completely drop packets that aren’t from your home IP to non-VPN ports (and use a VPN from outside the house).
Alternatively, if it’s just you and maybe one or two others, you could look at something like Tailscale or Cloudflare Tunnel, in which case the VPS would be calling out to someone else to open a tunnel, and you wouldn’t need any ports open. That adds a dependency on someone else, though, which may not be ideal.
IPs are exposed to the world by default. Bots will happily sit there 24/7 scanning the entire IPv4 range, so you’re unlikely to see any impact from having a subdomain vs not. As others have said, you’re better off focusing on making sure your VPS is secure - SSH keys only, HTTPS only, reverse proxy with authentication and strong passwords, etc, maybe configuring the firewall to completely drop packets that aren’t from your home IP to non-VPN ports (and use a VPN from outside the house).
Alternatively, if it’s just you and maybe one or two others, you could look at something like Tailscale or Cloudflare Tunnel, in which case the VPS would be calling out to someone else to open a tunnel, and you wouldn’t need any ports open. That adds a dependency on someone else, though, which may not be ideal.