> it is possible with some software to have everything massively cached, with the cloud doing that, with the origin server in my basement, only accessible from the allowed cache arrangement

Do you mean a setup like:

    client -> cloud(HAProxy+Varnish) -WireGuard-> basement(backend)

Or something else?