I doubt that's the better way. How is self-hosting helping with the paranoia vs. using Mullvad?
I don't really see how it's more secure to run some software that you haven't audited on a VPS somewhere at a provider you haven't audited. I'd trust a company with resources to run their own hardware, investing into a more secure setup [1] and contributing to more open infrastructure [2] much more than I trust myself to run something securely which isn't my sole occupation.
Self-hosting also makes you vulnerable to the network hosting you (not only the hosting server itself, but also the internet transit provider) and of course the website you are visiting, as you are the only user from that source IP (rendering a VPN practically useless).
Can do various mixing and matching if you have more than one VPS. Again, it rearranges rather than removing the vulnerabilities, and it's pure window dressing against an organised, financed actor.
I've done this as an intellectual challenge more than anything else.
I do this, mostly for the static IP that isn't linked directly to me and my approximate location, with mullvad exit only for 'sensitive' stuff. The degree of separation is nice even if the breadcrumbs are there. Best if the VPS allows crypto or cash payments.